What We Want:
One of Kansas City’s fastest-growing companies is looking for a Director, Information Security (Officer) to join its ranks. This position provides a variety of operational, compliance, and consultative functions. This role is responsible for managing the delivery of information security systems, software and services and is responsible for the continuous development and oversight of the company’s information security plans, policies, procedures and technical systems in order to maintain the confidentiality, integrity and availability of all organizational information. This role will also work across IT and business department boundaries and fulfill a leadership role to drive cybersecurity operations initiatives such as security monitoring, vulnerability management, identity and access management, endpoint security, network security, security architecture and application security. The Director, Information Security (Officer) will hold the position of the HIPAA Security Officer under 45 CFR 164.308 (https://www.law.cornell.edu/cfr/text/45/164.308).
What You’ll Do:
- Work closely with the EVP of Technology to achieve the overall security goals of the organization. Additionally, will coordinate with the Privacy Officer, as necessary.
- The primary role of the information security manager is to manage all office Information Security activities, including the management of security staff.
- Responsible for managing the delivery of information security systems, software and services and is responsible for the continuous development and oversight of the company’s information security plans, policies, procedures and technical systems in order to maintain the confidentiality, integrity and availability of all organizational information.
- Responsible for assessing security plans for existing vulnerabilities, prioritize security strategies to best cover strategically important data, analyze reports generated by their threat monitoring systems and even run testing where they anticipate potential issues.
- Responsible for ensuring that the risk to the organization’s information posed by a variety of cyber breaches or threats are minimized; Review, analyze and recommend secure solutions that implement information security policy and standards; If cyber-attacks occur or if data is compromised or stolen, these incidents are dealt with promptly and effectively.
- Monitor the daily activities of the security department team and coordinate their training requirements; develop and facilitate both training and individual development plans, as required.
- Oversee, implement and monitor the security requirements levied by Federal and State Rules and Regulations. Accurately communicate pertinent information to relevant departments and individuals.
- Develop and direct implementation of security standards and best practices for the organization. Develop appropriate policies, standards, guidelines, and procedures for information security systems.
- Manage and configure physical security, disaster recovery and data backup systems
- Monitor, direct, and deliver the initial security training and orientation to SVG employees, volunteers, medical and professional staff, contractors, alliances, business associates, and other appropriate third parties.
- Assist in the development and implementation of quality improvement efforts. Recommend, implement, and oversee technological upgrades, improvements, and major changes to the information security environment.
- Align/realign resources to projects based on current organization priorities.
- Ensure that the security team has proper understanding of the current and relevant KPIs and measure the success and failures of projects.
- Provide engineers and analysts support with resolving challenging technical problems.
- Collaborate with management and operations to establish a mechanism for tracking access to PHI within the practice, as required by state and federal regulation, and to allow qualified individuals to review or receive a report on access activity.
- Monitor their organization’s networks for security breaches and investigate violations when they occur; Review breaches in compliance and correct deficiencies.
- Maintain a current, up-to-date, knowledge of federal and state privacy laws and accreditation standards.
- Additional responsibilities as assigned.
What You’ll Bring to the Team:
- Bachelor's degree in Computer Science, or a related technical field, or equivalent practical experience
- 8+ years of leadership experience in a program management / technical product management role
- 3+ years of information security work
- Experience with architecting, recommending, deploying and operating secure cloud solutions consistent with the obligations of a HIPAA Business Associate in a public cloud environment
- Demonstrated success working with data encryption, VPNs, traffic filtering and application security
- Knowledge of industry compliance and security standards specifically HITRUST, HIPAA, and SOC 2
- Experience with identity/access management, network security, data protection, cryptography, and pen testing
- Implemented and developed products in an Agile environment
- Change Management and control
- Current software development expertise in multiple programming languages (Python, Java, Bash/Shell scripting etc)
- Demonstrated successful project management expertise.
- Have excellent written and verbal communication skills with the ability to present complex technical information in a clear and concise manner to a variety of audiences
- Experience building software products with diverse engineering teams and stakeholders
- Track record of building high functioning teams, including recruiting and retaining diverse talent
- Proven track record of managing relationships with 3rd party vendors and providers, and procurement of new vendors
- Solid understanding of Amazon Web Services