Job Description

Reporting to the Vice President of IT, the Director of Information Security will develop and implement information security strategy and technology solutions to address the current and emerging information security requirements of the organization.
This role will require a visionary leader who understands the global information security & risk impacts, and has a sound understanding of cybersecurity technology tools, methods, and processes. This role requires a leader who works with business stakeholders, assesses needs, builds awareness, and develops informed strategy and direction for information security. This person will lead all security initiatives for the organization.

Position Responsibilities:
Responsibilities include but are not limited to the following:

Awareness and Governance
    Develop and manage a targeted information security awareness training program for all employees, contractors, and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences
    Lead cross-functional Information Security Steering Committee, infusing information security governance procedures that foster resiliency, raise awareness, govern policy, and review cybersecurity related activities
    Provide clear risk mitigating directives for projects with components in IT, including the mandatory application of controls
    Foster a Security Awareness Champions program to spread the word and infuse security awareness behaviors, cybersecurity risks and policies
    Perform annual risk assessment and business impact analysis
    Assist in performing audits using industry standard security methods to help strengthen internal security controls, procedures, and policies
    Investigate security incidents, develop remediation plans, and work with appropriate stakeholders to implement resolutions
Security Operations
    Manage and provide additional security evaluations for existing or new vendors, partners, and systems
    Leverage security tools and data sets to provide visibility into vendor security posture and risk
    Work with IT and technology stakeholders to evolve new business continuity and disaster recovery plans
    Support data protection and privacy initiatives in compliance with the data protection standards of both US and foreign
    Align with internal compliance teams on policy updates in global data privacy standards
    Work with MSSP to monitor and manage all IT security tools and platforms including Security management platforms, Anti-Malware/Ransomware, log management systems, and information security training systems
    Work with IT department, MSP, legal and compliance teams to keep security polices updated, communicated, and enforced
    Review existing security architecture, identify design gaps, and recommend security enhancements
    Stays abreast of emerging security technologies and integrates them into security architecture as needed
    Ensures alignment between security architecture frameworks, IT standards and overall business strategy
    Achieves security architecture compliance on industry-specific requirements as well as state and federal regulations
Leadership
    Lead, grow and manage the Information Security Program at IHI, with the responsibility to ensure that information assets and associated technology are all adequately protected
    Partner with all business leaders while working closely with service desk, Infrastructure and Enterprise/Business Applications teams
    Create a risk-based process for the assessment and mitigation of any information security risk in the IHIs ecosystem consisting of faculty, vendors, consumers and any other third parties
    Responsible for identifying, evaluating, and reporting on legal and regulatory, IT and cybersecurity risk while supporting and enabling business goals

Position Knowledge, Skills and Abilities:

    Strong Interpersonal skills