This position will be responsible for the overall planning, organization and execution of processes and technology to manage data security across the enterprise. This position will also be responsible for participating in risk assessment activities across the enterprise to determine criticality of new and legacy systems, and determine level of controls necessary to protect data stored, processed, or transmitted by the same.
Collaborates with business owners and organizational stakeholders to define, implement and maintain enterprise-wide data protection strategy.
Oversees the operation of a DLP solution in accordance with enterprise data security and classification standards. Work swith vendors and third-party contractors to implement integrated DLP software solutions.
Collaborates with the IT Infrastructure team to implement technical mechanisms to encrypt sensitive and business critical data while in transit or at rest in accordance with regulatory, contractual, and business requirements. Ensures all data transmissions between applications and devices are encrypted.
Develops policies, procedures and controls designed to protect sensitive data. Develop and document processes to mask sensitive data in accordance with compliance requirements. Develops and documents processes for the recovery of data in the event of an adverse event or loss of data.
Inventories systems, applications, and databases, and determine criticality based on types of data stored, processed, or transmitted by the same.
Collaborates with the Enterprise Risk Management team to develop and maintains control profiles for various systems, applications, and databases based on criticality and sensitivity of data stored, processed, or transmitted by the same.
Identifies and implements data channel security technologies to monitor and prevent unauthorized activity.
Develops and oversees the department budget in conjunction with corporate goals and objectives. This position is accountable for meeting annual budgetary goals. Identifies and prioritizes security program expenditures in coordination with I/T, Audit, Compliance, and Legal.
Requires a Bachelors degree in Computer Science, Information Systems, Engineering, Business Administration or a related field.
Requires proficiency level typically attained with 10 or more years experience in information security experience in positions of increasing responsibility including 7 or more years of data protection and 5 years of leadership experience. Extensive knowledge of data protection controls.Strong understanding of data classification tiers (e.g., Critical, Classified, Internal Use Only, Public, etc.) and the applicability of control profiles based on the selected classification.Extensive experience designing, implementing and managing technical solutions for data security, including DLP, Digital Rights Management, eDiscovery and encryption.Demonstrated experience with developing strategies for the proper operation and management of DLP monitoring capabilities.Experience with the design and implementation of data encryption capabilities for workstations, laptops, and servers.Strong understanding of information security threats affecting the healthcare industry.Experience strategizing with cross-functional business partners on information security solutions.Strong understanding of risk-based decision-making (i.e. risk analysis, mitigation, resolution, acceptance, etc.).Demonstrated organizational and leadership skills with the ability to lead, build, and develop a team of senior IT professionals through formal and informal reporting relationships.Demonstrated communication skills with the ability to build relationship and influence others to get results.Extensive knowledge in governance frameworks including: ISO 27001, NIST, COBIT, ITIL.Extensive knowledge in regulations and/or contractual obligations including: HIPAA, PCI, Sarbanes Oxley, GLBA, SOC /SSAE16.
Advanced Degree in Computer Science, Information Systems, Engineering, Business Administration, or a related field.Industry certifications: CISSP, CISA, CISM, CRISC, EAP, etc.
Additional related education and/or experience preferred.
Internal Number: 257361
About Banner Health
You want to change the health care industry – one life at a time. You belong here. You’re excited to be part of the dramatic changes happening in the health care field. In fact, you thrive on change. But you also understand that excellent, compassionate patient care is the true measure of the success of these changes. You belong at Banner Health. Our award-winning, comprehensive health system includes 23 hospitals in seven western states, primary care health centers, research centers, labs, a network of physician practices and much more. Throughout our system, skilled, compassionate professionals use the latest technology to change the way care is provided. If you’re looking to be a key contributor to a forward-looking organization, you’ll experience a wide variety of professional advantages: •Our vision for changing the future of health care gives you the opportunity to leverage your abilities to achieve something historic. •Our expansive system offers you an unmatched variety of clinical settings – from large urban trauma center to small rural hospital, ambulatory to home health. Our system also includes hospitals specializing in cancer, heart health and pediatrics. •Our many loc...ations also translate into a broad selection of exciting and rewarding lifestyle options – from the big city to the wide-open spaces. •Our commitment to healthcare innovation means you always have the latest technologies at your fingertips to help you provide the finest care possible. •The size, success and growth of our system provide you with the stability and options to pursue your desired career path. •Our competitive compensation and comprehensive benefits offer you options to complement your unique needs.