Director Information Security Assurance
The Director of Information Security Assurance (DISA) leads the Information Protection & Security (IPS) program for their assigned area of responsibility, including: driving consistency and visibility of risk management activities; working with key stakeholders to protect patients and prevent data loss; and partnering with leadership to reduce or eliminate risky workforce behaviors. Qualifications:
This role is responsible for helping business and IT leadership, as well as the colleagues, comply with IPS requirements while meeting patient care and business needs. This position oversees the assessment of information protection and security controls and works with appropriate leadership to ensure any deficiencies are addressed. They manage operational processes that monitor and respond to potential security events. They are also responsible for the planning, communication, and/or oversight of IPS initiatives, to ensure consistent program implementation and efficient resource use.
This role requires extensive focus on building and expanding relationships with key stakeholders such as business and IT leadership; workforce members; physicians; local IT teams; business owners; vendors; and other people and entities who support IPS objectives and activities. DISAs may have management responsibility for one or more staff members, who are each responsible for an assigned aspect of IPS program as defined by the DISA. The DISA must have a combination of skills including strong written and verbal communication skills, interpersonal skills, and the ability to influence, guide, and/or lead others necessary to accomplish IPS goals.
How to Apply:
- Bachelor's degree required or 7 years of experience in a relevant field or High School Graduate/Equivalent and 14 years of experience in a relevant field
- Master's degree preferred
- 3+ years of experience in management
- CISSP, CISA, HCISPP, CHC, CHPC, CHSP, CISM or other relevant certifications in information security or privacy
- Significant experience in developing and assessing technical and process-based controls, managing risk assessments/investigations, and working with organization management to integrate controls into the scope of existing business practices. Required Experience in management and/or operations in a number of healthcare business or IT functional areas.
- Experience in some combination of audit, risk management, information security, privacy, and information technology.
- Significant experience with information security regulations (HIPAA Privacy/Security, Sarbanes-Oxley IT controls, Payment Card Industry (PCI)) and applying these to identify appropriate controls necessary to maintain compliance
- Strong leadership skills, personal drive, and the ability to see projects through to execution in a matrixed environment.
- Demonstrated experience in building and maintaining positive team relationships at all levels of the organization.
- Experience in staff recruiting, development, and management.
- Ability to communicate effectively, in written and verbal forms, at an executive level.
Possesses confident leadership skills: decisiveness, assertiveness, with the ability to achieve results quickly.
- Demonstrates a high degree of initiative, dependability, and the ability to work with minimal supervision.
- Possesses a sense of responsibility and accountability – someone who takes ownership and initiative.
- Creative thinker, always looking for a “better way” to deliver value; not stopped or discouraged by adversity.
Demonstrates respect for diversity of experience, characteristics, viewpoints, and opinions.
- Maintains professional demeanor, appearance, and positive attitude. Adaptable and flexible, with the ability to handle ambiguity and sometimes changing priorities.
- This job requires up to 25% travel.
- Candidates must be willing to relocate or live in the Denver, CO area.