Job title: Director, Information Security
Job description: Description:
The Director, Information Security is responsible for establishing and maintaining an enterprise- wide information security management program to ensure that information assets are adequately protected. The Manager will provide the vision and leadership necessary to manage the risk to the organization and will ensure business alignment, effective governance, system and product availability, integrity and confidentiality.
This position will act as the HIPAA Privacy and Security Officer and is responsible for identifying, evaluating, and reporting information on information security risks in a manner that meets compliance and regulatory requirements. Additionally, the incumbent will play a pivotal role in assessment and integration of new acquisitions while continuing to drive a security first culture, support corporate engagement, and drive process improvement. Requirements:
Duties & Responsibilities
- Governance, Risk, & Compliance (GRC)
- Manage Med-Metrix compliance with HIPAA Security and Privacy Rules, Information Security and technology standards and requirements, Customer Requirements, and other relevant frameworks
- Drive the technical development, specifications, deployment, and application of a governance, risk, and compliance (GRC) platform.
- Responsible for preparing and conducting Risk Assessments and Audits, including but not limited to HIPAA, SOC2, and HITRUST and follow through on analysis, mitigation, and remediation
- Implement, monitor, and continuously improve the Security Awareness Program
- Oversee the Change Management program to mitigate risk to the environment
- Maintain vendor management process to ensure all Vendors are vetted and approved, onboarded according to defined policy/process, and properly monitored to ensure compliance.
- Strategic Planning and Growth
- Develop a comprehensive vision and strategy of how active defense services can and will be used to accomplish objectives of protecting our systems and data.
- Create and manage an internal team to support the roadmap and strategic vision
- Enterprise Security
- Maintain and improve on architecture and processes to protect and mitigate risk as it pertains to our proprietary assets and systems, extending from On Prem to the Cloud
- Work with the Information Technology team to deliver business critical preventive and detective control sets including, threat intelligence, security monitoring, escalation, and triage, and incident response and recovery.
- Ensure effective risk management controls for the entire infrastructure, including but not limited to endpoints, mobile devices, servers, cloud services and tools, etc.
- Incident Response and Business Continuity
- Oversee Security Operations including configuration, monitoring, and response to alerts
- Maintain the company’s Disaster Recovery & Business Continuity plan, which includes conducting appropriate training and testing
- Coordinate Strategic Response Training and conduct Incident Response tabletop exercises
- Investigate, document, and remediate Security Incidents
- Customer Management
- Support the Sales process, including addressing customer security questionnaires and interfacing with client security teams
- Address ongoing Customer Security Assessments and requirements
- Work with Customers as needed to investigate potential incidents
- Ensure compliance with Customer Requirements
- • 7+ years of progressive experience in Risk Management, Compliance, and/or Security Operations roles
- • Current CISSP certification required
- • Additionally, HCISSP, CISM, or CISA certifications preferred
- • Expert knowledge of HIPAA
- • Experience with HITRUST and SOC audits Personal Attributes • Deep understanding of security standards, controls, and the collection of control effectiveness indicators, elements or performance, or other evidence • Strong, clear, and concise verbal and written communication skills across all mediums and across all levels of the organization • Ability to adapt, re-prioritize project work, and help drive focus as priorities shift or requirements change • Right balance of being collaborative, open, and approachable while still being firm in facilitating progress and compromise • Must be well organized, motivated, and detail-oriented • Ability to multi-task, prioritize, and meet deadlines
- Deep understanding of security standards, controls, and the collection of control effectiveness indicators, elements or performance, or other evidence
- Strong, clear, and concise verbal and written communication skills across all mediums and across all levels of the organization
- Ability to adapt, re-prioritize project work, and help drive focus as priorities shift or requirements change
- Right balance of being collaborative, open, and approachable while still being firm in facilitating progress and compromise
- Must be well organized, motivated, and detail-oriented • Ability to multi-task, prioritize, and meet deadlines
- Ability to serve as a 24/7 escalation point as needed to pro-actively address Zero Day threats or Security Incidents
- Physical Demands: While performing the duties of this job, the employee is occasionally required to move around the work area; Sit; perform manual tasks; operate tools and other office equipment such as computer, computer peripherals and telephones; extend arms; kneel; talk and hear.
- Mental Demands: The employee must be able to follow directions, collaborate with others, and handle stress.
- Work Environment: The noise level in the work environment is usually minimal.
Med-Metrix will not discriminate against any employee or applicant for employment because of race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), parental status, national origin, age, disability, genetic information (including family medical
Location: Parsippany, NJ
Job date: Sun, 19 Jun 2022 07:18:34 GMT
Apply for the job now!