Careers with US Heart and Vascular

Director of Information Security

Nashville, TN – Full-Time

US Heart and Vascular is looking for a Director of Information Security to join our team.

The Director of Information Security (DIS) is vital in safeguarding USHV’s information assets. The DIS will establish and execute a comprehensive cybersecurity strategy, safeguard sensitive patient data, and ensure compliance with health industry regulations and standards.

Responsibilities & Duties

  • Establish and drive USHV’s long-term security vision, ensuring alignment with frameworks like the NIST 800.53 CSF and HITRUST CSF.
  • Craft, maintain, and revise security policies, procedures, standards, and guidelines.
  • Design, maintain, and periodically test a comprehensive incident response plan, ensuring rapid containment and mitigation of security threats.
  • Develop and execute a rigorous vendor risk assessment process, ensuring that external partners adhere to USHV’s security standards and contractual obligations.
  • Lead security risk evaluations, identify potential vulnerabilities and strategize mitigation efforts in collaboration with the Director of Risk and Compliance.
  • Manage and assess the performance of the Managed Security Service Provider (MSSP), Security Operations Center (SOC), and all other security vendors.
  • Ensure all SLA requirements are consistently met and that any potential breaches are swiftly and effectively managed.
  • Oversee the implementation, management, and enhancement of security technologies, ensuring they are current, robust, and can counteract the latest threat vectors.
  • Lead efforts in designing and testing business continuity and disaster recovery plans, ensuring organizational resilience in the face of unexpected disruptions.
  • Develop and manage the information security budget.
  • Allocate resources effectively, ensuring the best ROI for security investments.

Knowledge, Skills, and Abilities

  • Bachelor’s degree in information security, Computer Science, or a related discipline.
  • 8+ years in the domain of information security with significant leadership stints.
  • Proven record in leading and cultivating security teams.
  • Prior experience in managing security incidents and conducting incident response in a healthcare setting.
  • Deep knowledge of HIPAA regulations, healthcare compliance requirements, and healthcare industry best practices.
  • Proficiency with NIST CSF 800.53 and HITRUST Framework.
  • Certified Information Systems Security Professional (CISSP) is required.

If you’re interested in this position, please email Susan Spier at

Apply Now

Complete the form below and a recruiter will contact you promptly.

Contact Us