Job Description:
The Intermountain (IH) Cybersecurity Program is broken into four distinct functions: Governance Risk and Compliance, Cyber Solutions, Cyber Advisory and the Cyber Fusion Center. Cybersecurity Caregivers within Intermountain will specialize in their specific area and function.
The AVP of Cybersecurity, also referred to as the Deputy Chief Information Security Officer (DCISO), is responsible to assist and advise the CISO in the creation and maintenance of organization-wide information security strategies and helps to oversee the execution of cybersecurity plans. The DCISO is responsible for the largest part of the IH Cybersecurity Program, specifically Cyber Solutions. This function is critical to the active defense, prevention and service delivery of the highly complicated Intermountain digital ecosystem. The Deputy CISO is responsible for educating and advising Intermountain's CISO on risk and all information security matters. The Deputy CISO is responsible to oversee the strategic operations of a group of cybersecurity Directors and teams and for the planning, executing, evaluation, and implementation of enterprise cybersecurity Infrastructure Protection, Identity Protection, and Data, Endpoint and Application Security Protection. The Deputy CISO is the second in line of management of the cybersecurity organization at Intermountain and assists the CISO in all duties assigned by the CISO, CDIO or CCO. The Deputy CISO is a visionary leader with a sound knowledge of healthcare, business management and a strong knowledge of cybersecurity practices and technologies.
The Deputy CISO ensures that the directors/managers/supervisors and their teams identify and adopt best cybersecurity practice standards and that they ensure that the activities associated with the cybersecurity functions are developed and supported. This includes but is not limited to project management, technical analysis and designs, security auditing and monitoring, remediation, etc. In the absence of the CISO, this person could be designated by the CISO and becomes the acting CISO. Finally, the Deputy CISO leads strategic planning and decision-making and adopts best practice standards that are in line with global cybersecurity and business strategies.
Essential Functions
Serves as the Deputy CISO, acting as the #2 to the Chief Information Security Officer, helping to develop and recommends for approval Cybersecurity specific policies and procedures.
Leads the development of strategic plans for Infrastructure Protection, Identity Progration, and Data, Endpoint and Application Security Protection cybersecurity functions. Ensures that the plan is in line with global cybersecurity and Intermountain strategies.
Mentors and coaches' managers/supervisors and other team members and ensure that there is an adequate management succession plan in place. Builds a winning culture with a repeatable, process-based approach that recognizes the interdependence of all key stakeholders in the solutions delivery process.
Provides strategic budget oversight for multiple department/function they are responsible for and holds management team accountable for operating within the set operating and capital budget.
Anticipates business needs and plays a collaborative role in proposing information security capabilities in support of business strategic roadmaps and creating a supporting information security strategy
Leads the development, implementation, and quality of cybersecurity services across the organization and ensures the services are consistently applied across all regions, markets, and functions of the organization
Leads, collaborates, facilitates and evangelizes the cybersecurity program to the whole organization, across all regions, markets, and functions.
Continuously challenges the status quo by evaluating the current regulatory requirements, processes and practices against industry standards both inside and outside of healthcare/healthcare cybersecurity
Responsible and accountable to deliver results for the area(s) of assigned responsibility. Regularly communicates with staff and manages projects and daily operations to ensure timely delivery within budget and according to requirements. This includes goal setting, implementation and problem/issue resolution.
Oversees the definition of cybersecurity standards and best practices (processes, tools, monitoring, etc.). Ensures that manager/supervisors ensure their teams are compliant with these standards and that the processes are repeatable.
Defines and measures quality and productivity associated with the services provided within the cybersecurity function; while overseeing the management of scope, risk, issues and budgets; resolves issues escalated from directors/managers/supervisors and staff at any level. Also escalates issues when necessary.
Attracts, develops and maintains top talent to continually raise the bar on the capabilities and deliverables of the organization.
Develops and enhances an information security management framework based on industry accepted practices (e.g., ISO 27001, NIST, COBIT)
Understands and interacts with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services, including privacy, risk management, compliance, and business continuity management.
Skills
Physical Requirements:
Qualifications
Minimum Qualifications
Bachelor's degree through an accredited institution, with advanced cybersecurity certification(s), such as the CISSP, CISM, CISA or SANS 700+ Series, with strong experience in Cybersecurity Leadership.
Leadership and effective communication skills, with a strong ability to analyze and problem resolution; while also being self-motivated and results driven.
Superior ability to effectively prioritize and execute tasks in a high-pressure environment, with a strong focus on Customer/Client Services.
Demonstrated effectiveness as a leader for staff management, development, and mentorship.
Excellent written, verbal and presentation communication skills.
Preferred Qualifications
Master's degree through an accredited institution. A degree must be obtained through an accredited institution. Education is verified.
Expert working experience with Security and Privacy regulations and the cybersecurity aspects of other regulations including HIPAA/HITECH, PCI DSS, SOX (MAR FRC), FRCP, JCAHO and JCAHO Alert 42, GLBA, State Breach, FERPA, and FCRA, etc.; with a background in Cybersecurity management, project management, and execution and delivery oversight, with attention to detail around metrics, accountability, and operational excellence
ITIL certified.
Proven experience in Information Systems, Security Technologies and Systems.
Experience working in a healthcare or healthcare insurance environment.
Project Management experience, with proven negotiation and influencing skills.
Risk-based approach to implementing cybersecurity best practices and safeguards that support the mission of Intermountain Healthcare.
Additional Information
This position can be performed remotely with expectations to be in-office for key meetings, rounding with team members and internal customers, and as-needed. Candidates who live in, or are willing to relocate to, Utah, Idaho, Nevada, Colorado, Wyoming, or Montana and are within a reasonable commuting distance to an Intermountain Health care site are preferred.? Currently, we are not hiring remote workers in the following states: CA, CT, HI, IL, NY, RI, VT, and WA.
This is a
