All the benefits and perks you need for you and your family:
Benefits from Day One
Paid Days Off from Day One
Student Loan Repayment Program
Whole Person Wellbeing Resources
Mental Health Resources and Support
Our promise to you:
Joining AdventHealth is about being part of something bigger. It’s about belonging to a community that believes in the wholeness of each person, and serves to uplift others in body, mind and spirit. AdventHealth is a place where you can thrive professionally, and grow spiritually, by Extending the Healing Ministry of Christ. Where you will be valued for who you are and the unique experiences you bring to our purpose-minded team. All while understanding that together we are even better.
In this role, the Executive Director, Associate Chief Information Security Officer will collaborate with the CISO and the Information Security Directors in the development and implementation of the Enterprise-Wide Information Security and Compliance Program. They will assist the CISO in identifying, implementing, and maintaining all the required controls that are needed to ensure that the organization is compliant with all relevant laws and regulations, reduce IT risk to known and acceptable levels and ensure that AdventHealth can achieve and maintain certification for HITRUST and other frameworks deemed necessary for the organization.
They must communicate effectively with others to offer accurate and timely information and service reporting. Under minimal supervision of the CISO, the Executive Director, Associate Chief Information Security Office coaches, mentors and leads Information Security teams. This position will also provide strategic direction to technical security services including Security Architecture, Security Engineering, Vulnerability Management, and Information Protection to ensure these services are in alignment with the overall Information Security program.
This position demands an individual that excels in delivering high-quality results on a timely basis, good communication with project stakeholders, developing team members, and outstanding customer service that fosters positive relationships throughout the organization.
This individual must have a good understanding of Healthcare in the US including all applicable laws, regulations, and business needs, especially as they relate to a large provider organization like AdventHealth with IT operations in a hybrid of cloud and on-premises services.
The value you’ll bring to the team:
Using industry standard frameworks such as FISMA, COBIT, ISO27001, HITRUST, NIST Cybersecurity, PCI etc. assist the CISO in developing and maintaining an Enterprise Information Security Program
Provide strategic direction for Security Architecture, Security Engineering, Vulnerability Response and Information Protection teams
Mentor, coach, and train members of the information security team, the broader information technology services team, and other technologists throughout AdventHealth
Lead the team in the development and evolution of security roadmaps, execution of strategic plans, understanding controls and process gaps, providing architectural vision, and enabling the larger cyber security team
Engage with and manage strategic vendor relationships related to Information Security products and services
Ensure security and compliance needs are accounted for and appropriately prioritized as part of the acquisition process
Manage large complex departmental budgets that are in excess of $20 million annually
Analyze financials for providing direction and support, making recommendations, maximizing use of funds, and/or ensuring overall operations are within budget
Evaluate the risk appetite of the organization and key stakeholders to ensure alignment with the Information Security program
Help the CISO communicate and manage expectations across all levels of the organization.
Collaborate with the various stakeholders, to develop relevant and comprehensive metrics including key performance indicators (KPIs) and key risk indicators (KRIs) that inform on organizational risk and progress towards goals
Establish and/or maintain an information security strategy in alignment with organizational goals and objectives to guide the establishment and/or ongoing management of the Information Security Program
Serve as subject matter expert in Information Security and brief highest levels of organization effectively
Delivers a leadership role in providing network and system security advice and risk analysis to business units
KNOWLEDGE AND SKILLS REQUIRED:
Extensive knowledge of Information Security Frameworks and applicable regulations i.e., HIPAA, HITECH, The HIPAA Omnibus Rule, HITRUST (Health Information Trust Alliance) and PCI (Payment Card Data Security Standard)
Ability to translate control framework (e.g., HITRUST, PCI) requirements into understandable and actionable tasks
Demonstrated ability to define and communicate the appropriate scope for PCI in a highly complex distributed healthcare environment
Working knowledge of healthcare business objectives and strategies, including knowledge of federal and state regulatory requirements, legal issues, privacy, and compliance
Possess strong technical understanding of enterprise security platforms including Security Information and Event Management (SIEM), Vulnerability Management, Data Loss Prevention (DLP) and Privileged Access Management (PAM), Endpoint Detection & Response (EDR) solutions
Demonstrated knowledge of complex IT and Security operations in a hybrid cloud environment
Ability to implement and assess configuration and hardening standards that can be applied in heterogenous environments.
Experience providing strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls that mitigate identified risks
Demonstrated ability to create and deliver presentations
Demonstrated ability to design and implement metrics and reporting that demonstrate progress toward organizational goals
Pragmatic understanding of security problems as a mix of technology and process issues with the ability to pursue solutions at both layers within the organization
Project management skills
Budget planning and management skills
Demonstrated time management, communications, decision making and organization skills
Demonstrated leadership skills and a proven team builder
Must be a team-oriented, self-motivated professional
Strong interpersonal skills with a positive and enthusiastic attitude
The candidate must live in or around the Orlando area or must be willing to relocate to the Orlando area.
KNOWLEDGE AND SKILLS PREFERRED:
Ability to influence management, key decision-makers, and highly technical resources
Ability to interface effectively and collaborate with peers and management to develop solutions and ensure stakeholder buy-in
Drive and capacity to continually expand knowledge base and apply findings to organizational mission
Must communicate effectively with audiences having varied levels of technical knowledge and corporate position
EDUCATION AND EXPERIENCE REQUIRED:
Bachelor of Science degree
20 years of Information Technology experience
15 years’ experience in a cyber security related role
10 years’ experience with a large complex healthcare organization i.e. in excess of $4 billion in annual revenues.
5-7 years of experience applying the PCI Data Security Standard in a highly complex distributed healthcare provider organization.
5 years of direct experience leading information security programs including Data Loss Prevention, Vulnerability Management and Privileged Access Management
5 Years of experience working as a Deputy CISO or as a CISO for a healthcare provider organization with revenues in excess of $4 billion.
Demonstrated experience planning coordinating and facilitating remediation of findings from penetration tests and ethical hacking activities
Experience leading high visibility/impact functions, including the development and implementation of enterprise programs and services
Proven experience in assisting large healthcare organizations in developing HITRUST Information Security programs, in conducting HITRUST assessments and obtaining HITRUST certifications
EDUCATION AND EXPERIENCE PREFERRED:
Master’s Degree in Cyber Security or Information Technology related field
Experience with change management lifecycle, development and regular preparation of management status and key metrics reports
LICENSURE, CERTIFICATION OR REGISTRATION REQUIRED:
CISSP - Certified Information System Security Professional
CCSFP (HITRUST) - Certified Common Security Framework Professional – Active or Previous
At AdventHealth, Extending the Healing Ministry of Christ is our mission. It calls us to be His hands and feet in helping people feel whole. Our story is one of hope — one that strives to heal and restore the body, mind and spirit. Our more than 80,000 skilled and compassionate caregivers in hospitals, physician practices, outpatient clinics, urgent care centers, skilled nursing facilities, home health agencies and hospice centers are committed to providing individualized, wholistic care.