Director, Cyber Security & Risk Management
522 East 74th (between York Ave & FDR Drive) NY, NY 10021
Director, Cyber Security & Risk Management is responsible for providing managing the “ Engineering & Operations” unit within the Cyber Security & Risk Management (CSRM) department. The candidate will provide oversight, and direction to ensure corporate information protection polices, processes, and safeguards are consistently applied to protect patient, employee, and proprietary confidential data. This individual will act as a liaison and subject matter expert for the business units and management on matters regarding information security and compliance with HIPAA, Joint Commission and NIST Data Security Standards. The candidate will be responsible for hiring and maintaining top notch security talent and report directly to the Chief Information Security Officer.
Principal Duties And Responsibilities
- Support the Chief Risk & Security Officer in the development and execution of security strategy and definition, management and communication of overall business cyber risk.
- Align all activities with the HSS and department objectives, NIST Cyber Security Framework, HIPAA and organization’ s risk profile.
- Foster a working relationship with various departments within and outside IT for collaborative pursuit of security objectives
- Work collaboratively with the other Directors, CMIO, CIO, Service Line Leads, Steering Committees and other key partners to determine technical information security requirements, planned remediation, and advocate for the program to gain resources/funding to implement appropriate protection technologies and processes.
- Manage all aspects of budget, team, security projects, operations and vendors for ‘ Security Engineering and Operations’ unit within the security department including management of all current and future security technologies both on premises and in public/private cloud.
- Manage a team, various security technologies, and service providers such as Rapid7, Symantec Endpoint Protection (SEP), Data Loss Prevention, Cylance, Dell Endpoint Encryption, Cloud Security Access Brokers and Native AWS, O365, Azure security configurations
- Provide tier 2 and escalate tier 3 level support for all day to day security operations, incident response and breach management.
- Ensure efficacy of security processes namely ‘ Threat Management’ including ‘ Vulnerability/Patch Management’, ‘ Security Monitoring/Incident Response’, ‘ Security Deployment and Operations’. Assist with ‘ Risk Management’, ‘ Security Awareness’ and ‘ Security Architecture’.
- Provide status reports on a weekly, monthly and quarterly basis to business managers and other management activities that demonstrate the health of the program. Develop board level metrics and key risk indicators on overall state of security posture and demonstrate increase in the maturity of the program
- Recommend security improvements by assessing currents needs, evaluating trends, and anticipating future requirements for continuous improvement.
- Maintain up-to-date knowledge of the IT security industry and healthcare vertical including awareness of new or revised security solutions, improved security processes, and the development of new attacks or threats. Represent security within HSS and on behalf of HSS within the industry.
- Manage capital and operational budgets, including budget planning and design, 3-year forecasting, understand HSS revenue stream, capacity planning, expertise alignment, and resource optimization
- Hire and retain security talent through engagement, mentorship and by creating a positive and rewarding work culture. Develop/hire talent to secure modern technologies and platforms including cloud, mobility, DevOps and data analytics. Manage, coach, motivate, and mentor Security engineers using feedback, coaching, delegation, and one on one meetings
- Bachelor’ s in Information Systems required. Masters preferred.
- 10 years of hands on information security experience with at least 5 years as a lead/manager/department head leading a multi-disciplinary security department
- At least 3 years working in a regulated industry (healthcare preferred)
- A broad, enterprise-wide view of businesses and understanding of security strategy
- Experience with development of strategic IT security plan, goals and budgets
- Directly responsible for completion of multiple multi-year enterprise wide Network, Endpoint and Application security projects involving multiple vendors and other IT departments while maintaining/managing daily operations
- Experience using project management tools to perform functions such as tracking project status, effort reporting, resource/capacity planning and prioritization
- Experience administering tools for services such as the following: anti-virus, vulnerability assessments and remediation, intrusion prevention system (IPS), security incident event management (SIEM), log monitoring/correlation, security incident tracking, internal and external penetration testing, advanced firewall and other network protection. end-point workstation security protection, mobile device security and encryption
- Knowledgeable of cloud and mobile device security requirements, risks and mitigation strategies.
- Ability to rapidly comprehend and interpret the functions and capabilities of modern technologies.
- Thorough knowledge of SDLC, HIPAA security rule, COBIT and NIST and the ability to apply Information Security principles to business solutions.
- Strong analytical skills and the ability to resolve complex security vulnerabilities and design compensating controls
- Excellent written and verbal communication skills; interpersonal skills
- Must possess a high degree of integrity and trust along with the ability to work independently as well as motivate others
- CISSP, CISM, C-RISC, GIAC or other technical security certifications
Recruiting Director, Cyber Security, Mobile & Infrastructure
Caroline joined the Connors Group in 2004 and is focused on recruiting for Cyber Security, Mobile & Infrastructure job opportunities. A confident communicator who is strongly motivated to succeed, Caroline relates warmly with others; easily establishing relationships with everyone she interacts with.
She believes that clients value consistency in delivering a certain caliber of talent and results in filling their critical vacancies. Paying close attention to their needs and delivering solutions that match their talent expectations is how she embodies quality service for the businesses that she works with! Candidates value relationships committed to truth, understanding of their needs, knowledge of the hiring landscape, and results. She delivers that by motivating the potential in others; connecting proficiency with possibilities!
Caroline is proud that - with her help… many of her candidates land their dream job and the companies she worked with land their dream candidate! She loves her job because of the positive influence imparted onto others. The impact of a recruiter is twofold: first, you can literally change the life of an individual by placing them in their dream job, and second, you can effectively change the direction and the success of a corporation with a single great hire in a key job (i.e. recruiting a young Derek Jeter to your baseball team.)
Continue to relate easily to others, communicate with candor, and find and place “top notch” candidates; are all long-term career goals. In addition, Caroline aims to be positioned in the market as a recruiter specialized in infrastructure and security placements. Caroline is bilingual in English and Spanish. She loves running, Pilates, nutrition, The New York Yankees and spending time with her family outside of the office.