The Director of Information Security (DIS) is vital in safeguarding USHV’s information assets. The DIS will establish and execute a comprehensive cybersecurity strategy, safeguard sensitive patient data, and ensure compliance with health industry regulations and standards.

Responsibilities & Duties

• Establish and drive USHV’s long-term security vision, ensuring alignment with frameworks like the NIST 800.53 CSF and HITRUST CSF.
• Craft, maintain, and revise security policies, procedures, standards, and guidelines.
• Design, maintain, and periodically test a comprehensive incident response plan, ensuring rapid containment and mitigation of security threats.
• Develop and execute a rigorous vendor risk assessment process, ensuring that external partners adhere to USHV’s security standards and contractual obligations.
• Lead security risk evaluations, identify potential vulnerabilities and strategize mitigation efforts in collaboration with the Director of Risk and Compliance.
• Manage and assess the performance of the Managed Security Service Provider (MSSP), Security Operations Center (SOC), and all other security vendors.
• Ensure all SLA requirements are consistently met and that any potential breaches are swiftly and effectively managed.
• Oversee the implementation, management, and enhancement of security technologies, ensuring they are current, robust, and can counteract the latest threat vectors.
• Lead efforts in designing and testing business continuity and disaster recovery plans, ensuring organizational resilience in the face of unexpected disruptions.
• Develop and manage the information security budget.
• Allocate resources effectively, ensuring the best ROI for security investments.

Knowledge, Skills, and Abilities

• Bachelor’s degree in information security, Computer Science, or a related discipline.
• 8+ years in the domain of information security with significant leadership stints.
• Proven record in leading and cultivating security teams.
• Prior experience in managing security incidents and conducting incident response in a healthcare setting.
• Deep knowledge of HIPAA regulations, healthcare compliance requirements, and healthcare industry best practices.
• Proficiency with NIST CSF 800.53 and HITRUST Framework.
• Certified Information Systems Security Professional (CISSP) is required.

If you’re interested in this position, please email Susan Spier at susan.spier@usheartandvascular.com.