Director, Information Security – Richmond, VA

Direct Hire | Healthcare | Richmond, VA | Apply Now

The Director, Information Security will be tasked with providing strategy, direction, coordination and oversight for information / cyber security activities on behalf of this leading healthcare services provider.

KEY OBJECTIVES & RESPONSIBILITIES

  • Leading our client’s efforts to protect their information security assets in compliance with policies, procedures and applicable regulations, federal and state laws, accreditation standards and privacy practices.
  • Developing, periodically updating and overseeing information security compliance strategies, plans and programs to ensure compliance to security policies and procedures.
  • Provide medical device cybersecurity guidance/support to cross-functional hardware, software and web teams for applicable Healthcare initiatives.
  • Hands-on responsibility for cross-platform attack and penetration testing and protection.
  • Coordinating with senior leadership on marshaling the resources to plan for and implement information security strategies.
  • Managing and mentoring a team of security analysts and auditors to support the requirements of the department.

MINIMUM REQUIREMENTS & QUALIFICATIONS

  • 8+ years of progressively responsible professional work experience in technology and security, including experience with Internet, database, social media and related technology, privacy and security issues.
  • 4+ years’ experience in healthcare information security laws and standards, access control and security technologies.
  • Bachelor’s degree in Information Technology, Computer Science or closely related field from a Top 25 university. Masters preferred with specialization in Information or Cyber Security from an accredited university preferred.
  • Those with current and highly relevant security and auditing certifications, such as CISSP, CISA, CISM, CEH, CompTIA Security+, and/or GSEC, will receive preferential consideration.
  • Experience designing for relevant security standards (TCG, NIST, FIPS, PCI, ISO 28000 series). • Experience designing for crypto security (e.g. certificate handling and PKI, attestation, TPM/HSM).
  • Experience leading enterprise security risk management and operational business continuity programs.
  • Expert knowledge of Windows, Linux, and hypervisor security (especially in cloud environments).
  • Expert knowledge of common security-relevant protocols (e.g. RDP, TLS, DNS, DHCP, NTP, ICMP).
  • Shell scripting skills for automation of simple tasks using Perl, Python or Ruby.
  • Knowledge of SoapUI, JSON, XML, PHP and/or PostgreSQL.
  • Demonstrated leadership and project management and facilitation skills.
  • High-level presentation abilities, including the ability to effectively communicate technical and security-related concepts to senior management and a broad range of technical and non-technical staff.
  • Experience with disaster recovery planning, testing, auditing, risk analysis, contingency planning and vendor management.
  • Experience managing and developing staff reports.
  • Experience supervising Security Analyst staff is preferred.

Apply Now