Careers with US Heart and Vascular
Director of Information Security
Nashville, TN – Full-Time
US Heart and Vascular is looking for a Director of Information Security to join our team.
The Director of Information Security (DIS) is vital in safeguarding USHV’s information assets. The DIS will establish and execute a comprehensive cybersecurity strategy, safeguard sensitive patient data, and ensure compliance with health industry regulations and standards.
Responsibilities & Duties
- Establish and drive USHV’s long-term security vision, ensuring alignment with frameworks like the NIST 800.53 CSF and HITRUST CSF.
- Craft, maintain, and revise security policies, procedures, standards, and guidelines.
- Design, maintain, and periodically test a comprehensive incident response plan, ensuring rapid containment and mitigation of security threats.
- Develop and execute a rigorous vendor risk assessment process, ensuring that external partners adhere to USHV’s security standards and contractual obligations.
- Lead security risk evaluations, identify potential vulnerabilities and strategize mitigation efforts in collaboration with the Director of Risk and Compliance.
- Manage and assess the performance of the Managed Security Service Provider (MSSP), Security Operations Center (SOC), and all other security vendors.
- Ensure all SLA requirements are consistently met and that any potential breaches are swiftly and effectively managed.
- Oversee the implementation, management, and enhancement of security technologies, ensuring they are current, robust, and can counteract the latest threat vectors.
- Lead efforts in designing and testing business continuity and disaster recovery plans, ensuring organizational resilience in the face of unexpected disruptions.
- Develop and manage the information security budget.
- Allocate resources effectively, ensuring the best ROI for security investments.
Knowledge, Skills, and Abilities
- Bachelor’s degree in information security, Computer Science, or a related discipline.
- 8+ years in the domain of information security with significant leadership stints.
- Proven record in leading and cultivating security teams.
- Prior experience in managing security incidents and conducting incident response in a healthcare setting.
- Deep knowledge of HIPAA regulations, healthcare compliance requirements, and healthcare industry best practices.
- Proficiency with NIST CSF 800.53 and HITRUST Framework.
- Certified Information Systems Security Professional (CISSP) is required.
If you’re interested in this position, please email Susan Spier at susan.spier@usheartandvascular.com.