Primarily responsible for management of the Information Security Office, including information and cybersecurity operations and assessing security risk to related to implementation of technology used for business operation. This position includes continuous improvement of an information security program and management infrastructure to ensure that information asset risks are identified and appropriately mitigated. Provide leadership to execute implementation of the Information Security Office strategic plan.
MAJOR DUTIES AND RESPONSIBILITIES:
Responsible for maintaining and managing the information and cybersecurity program (the "Program"), including technology, services, policies, standards and guidelines.
Oversee the design and implementation of security technology architecture elements to prevent and detect cyberthreats as they emerge.
Maintains ongoing cyberthreat intelligence and advises senior management of changes in healthcare industry threat landscape.
Provides management oversight of security incident response programs, including planning, forensics, testing, incident management and follow-up.
Promotes Program awareness throughout the organization via training activities.
Develops and manages information security risk analysis, remediation and alignment within the organizations risk appetite.
Advises business unit managers and technical personnel on Program implementations in their respective areas.
Performs compliance activities to ensure the successful implementation of the Program.
Responsible for consulting with IT and business units regarding changing business and technical plans to ensure that information security issues are addressed early in project plans.
Serves as a liaison with the physical security department regarding overlapping information security issues.
Serves as a liaison with human resources regarding personnel issues related to information security including background checks, terminations due to non-compliance, and hiring staff.
In conjunction with leadership, establishes standards of performance and, by review, determines that performance meets departmental standards as measured by staff evaluation. Responsible for day to day operation of the department including personnel, employment and payroll processes.
Participates fiscally sound budget management to ensure spending is held to allocated funds.
May act on behalf of ISO senior leadership in extenuating circumstances or situations as assigned.
Collaboration with information security executives at other healthcare organizations.
COMPETENCIES AND SKILLS:
Demonstrates knowledge and application of information and cybersecurity frameworks, including NIST SP800-53 and ISO 2700x.
Demonstrates knowledge and application of cybersecurity threat prevention and detection leading practices in accordance with the NIST CSF.
Demonstrates knowledge and application of security technologies and concepts, such as, DLP, CASB, SOAR, advanced endpoint protection, the use of AI and machine learning, and crowdsourcing.
Demonstrates excellent communication skills to convey concepts and instruct departments on program functions and importance.
Demonstrates ability to negotiate with business units for their assessment and subsequent compliance.
Demonstrates ability to analyze plans, assess regulations and laws and develop and implement appropriate compliance initiatives.
Demonstrated knowledge of balancing security requirements with business needs.
Demonstrated leadership and project management skills.
Security certification strongly preferred in at least one of the following: CISSP, CISM, CISA, CRISC and/or CCISO.
EDUCATION AND/OR EXPERIENCE:
Bachelor’s Degree – Required
Master’s Degree – Preferred
Minimum of 10 years Information Technology experience with a minimum of 6 of those 10 years in Information and/or Cybersecurity operations.
Minimum of 6 years of Information and Cybersecurity operations supervisory/management experience.
WORKING CONDITIONS/PHYSICAL DEMANDS:
Work is typically performed in an office environment.
Travel may be required.
Accountable for satisfying all job specific obligations and complying with all organization policies and procedures. These specific statements shown in each section of this description are not intended to be all-inclusive. They represent typical elements considered necessary to successfully perform the job.
OUR PURPOSE & VALUES: Everything we do is about caring for our patients, our members, our students, our Geisinger family and our communities. KINDNESS: We strive to treat everyone as we would hope to be treated ourselves. EXCELLENCE: We treasure colleagues who humbly strive for excellence. LEARNING: We share our knowledge with the best and brightest to better prepare the caregivers for tomorrow. INNOVATION: We constantly seek new and better ways to care for our patients, our members, our community, and the nation.
ABOUT GEISINGER: Geisinger is a physician-led health system comprised of approximately 30,000 employees, including nearly 1,600 employed physicians, 13 hospital campuses, two research centers, and a 583,000-member health plan Geisinger is nationally recognized for innovative practices and quality care. Geisinger serves more than 3 million people in central, south-central and northeast Pennsylvania and also in southern New Jersey with the addition of National Malcolm Baldridge Award recipient AtlantiCare, A member of Geisinger. In 2017, the Geisinger Commonwealth School of Medicine became the newest member of the Geisinger Family.
We offer healthcare benefits for full time and part time positions from day one, including vision, dental and domestic partners. * Perhaps just as important, from senior management on down, we encourage an atmosphere of collaboration, cooperation and collegiality. For more information, visit www.geisinger.org, or connect with us on Facebook, Instagram, LinkedIn and Twitter.
** Does not qualify for J-1 waiver. We are an Affirmative Action, Equal Opportunity Employer Women and Minorities are Encouraged to Apply. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of disability or their protected veteran status.
*Domestic partner benefits not applicable at Geisinger Holy Spirit.
At Geisinger, our innovative ideas are inspired by the communities we serve – like our Fresh Food
Farmacy, a program that delivers life-saving healthy alternatives to patients with diabetes. With additional tools like our MyCode Community Health Initiative, one of the first health system genome sequencing
programs, and our new asthma app suite that we developed in partnership with AstraZeneca, it’s no wonder we’re ranked one of the Top 5 Most Innovative Healthcare Systems by Becker's Hospital Review. We continually work towards continuous improvement in a culture where everyone has a voice and firmly believe that better begins with all of us.
Founded more than 100 years ago, Geisinger serves more than three million residents throughout central, south-central and northeastern Pennsylvania and southern New Jersey. Our physician-led system is comprised of 30,000 employees, including 1,600 employed physicians, and consists of 13 hospital campuses, the Geisinger Health Plan, Geisinger Commonwealth School of Medicine and two research centers.
What you do at Geisinger shapes the future of health and improves lives – for our patients, communities, and you.