Direct Hire | Healthcare | Richmond, VA | Apply Now –
The Director, Information Security will be tasked with providing strategy, direction, coordination and oversight for information / cyber security activities on behalf of this leading healthcare services provider.
KEY OBJECTIVES & RESPONSIBILITIES
- Leading our client’s efforts to protect their information security assets in compliance with policies, procedures and applicable regulations, federal and state laws, accreditation standards and privacy practices.
- Developing, periodically updating and overseeing information security compliance strategies, plans and programs to ensure compliance to security policies and procedures.
- Provide medical device cybersecurity guidance/support to cross-functional hardware, software and web teams for applicable Healthcare initiatives.
- Hands-on responsibility for cross-platform attack and penetration testing and protection.
- Coordinating with senior leadership on marshaling the resources to plan for and implement information security strategies.
- Managing and mentoring a team of security analysts and auditors to support the requirements of the department.
MINIMUM REQUIREMENTS & QUALIFICATIONS
- 8+ years of progressively responsible professional work experience in technology and security, including experience with Internet, database, social media and related technology, privacy and security issues.
- 4+ years’ experience in healthcare information security laws and standards, access control and security technologies.
- Bachelor’s degree in Information Technology, Computer Science or closely related field from a Top 25 university. Masters preferred with specialization in Information or Cyber Security from an accredited university preferred.
- Those with current and highly relevant security and auditing certifications, such as CISSP, CISA, CISM, CEH, CompTIA Security+, and/or GSEC, will receive preferential consideration.
- Experience designing for relevant security standards (TCG, NIST, FIPS, PCI, ISO 28000 series). • Experience designing for crypto security (e.g. certificate handling and PKI, attestation, TPM/HSM).
- Experience leading enterprise security risk management and operational business continuity programs.
- Expert knowledge of Windows, Linux, and hypervisor security (especially in cloud environments).
- Expert knowledge of common security-relevant protocols (e.g. RDP, TLS, DNS, DHCP, NTP, ICMP).
- Shell scripting skills for automation of simple tasks using Perl, Python or Ruby.
- Knowledge of SoapUI, JSON, XML, PHP and/or PostgreSQL.
- Demonstrated leadership and project management and facilitation skills.
- High-level presentation abilities, including the ability to effectively communicate technical and security-related concepts to senior management and a broad range of technical and non-technical staff.
- Experience with disaster recovery planning, testing, auditing, risk analysis, contingency planning and vendor management.
- Experience managing and developing staff reports.
- Experience supervising Security Analyst staff is preferred.