Director of IT Security

Information Technology
in Miami Gardens
, FL
Reference: 19-01941

Job Description: 

The Director IT Security will be responsible for developing, implementing and monitoring a strategic, comprehensive enterprise information security and IT risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed.

Primary Duties and Responsibilities: 

  • Develop corporate security strategy, security architecture, and security incident response
  • Manage the company security organization, consisting of possible direct and indirect reports, to include hiring, training, staff development, performance management and annual performance review
  • Develop and manage budgets and monitor for variances
  • Work with business units to facilitate IT risk assessment and risk management processes, and work with stakeholders through the company on identifying acceptable levels of residual risk
  • Oversee and conduct periodic security risk assessments in accordance with the HIPAA security rules and policies
  • Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls
  • Educate IT and business leaders on appropriate security risk and mitigation strategies and approaches

Other Responsibilities May Include:

  • Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company’s reputation
  • Collaborate with CIO, Corporate Compliance and Legal departments as needed, and coordinate the IT component of both internal and external audits, federal and state examinations to ensure security programs are in compliance with relevant laws, regulations and policies
  • Work with business, clinical, and compliance leaders to ensure security programs are in compliance with HIPAA security rules and other relevant laws, regulations and policies to minimize or eliminate risk and audit findings
  • Develop, maintain and publish up-to-date security policies, standards and guidelines
  • Oversee training and dissemination of security policies and practices
  • Evaluate new security threats and healthcare IT trends and develop effective security controls
  • Oversee development of security awareness programs
  • Develop and oversee effective disaster recovery policies and standards to align with company business continuity management program goals
  • Coordinate development of implementation plans and procedures to ensure business critical services are recovered in the event of disasters or other incidents, and provide direction, support and in-house consulting in these areas
  • Oversee continuous monitoring and protection of information systems, facilities, data centers, and cloud services
  • Evaluate potential security breaches, coordinate response, and recommend corrective actions
  • Other duties as assigned and modified at manager’s discretion

Knowledge, Skills, and Abilities: 

  • Certified Information System Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Healthcare Privacy & Security (CHPS)
  • Current knowledge of federal and state privacy and security laws and regulations, as well as industry best practices
  • Ability to serve as a security resource to all levels including executive management, department staff, and external bodies, such as state agencies
  • Demonstrate competence in the areas of the critical thinking and problem solving, interpersonal relationships, and technical skills
  • Fluent in English

Education/ Specialized Knowledge Requirements:

  • Master’s degree in Information Systems, Business, Computer Science, or related field
  • Five (5) years management experience in information technology
  • Bachelor’s degree in Information Systems, Computer Science or related field with seven (7) years management experience in information technology
  • Directly related experience may be considered in lieu of educational requirements
  • Healthcare management experience is preferred