Manager Of IT Security
|Schedule: Full Time
||Hours: 8a - 5p
- Manages Owensboro Health's information management security function, in conjunction with other members of IT Leadership, in alignment with the overall objectives of the organization. Ensures the secure operation of IT application systems, servers, and network connections by identifying, responding to, investigating, and remediating potential breaches and issues surrounding data security.
- Provides management, leadership and strategic direction for the information management function, as well as provides direction and support for daily operational activities of his/her team.
- Works with stakeholders to define IT security requirements and helps identify, recommend, develop, implement, and support efficient and effective IT solutions and services.
- Leads activities relating to contingency planning, business continuity management and IT disaster recovery in conjunction with relevant functions and third parties.
- Manages the continuous review, evaluation, and roll out of security tools and security administration tools.
- Consults with and offers strategic direction to related functions (such as physical security/facilities, risk management, human resources, legal and compliance, etc.) and members of management throughout the organization, on information security matters such as routine security activities plus emerging security risks and control technologies. Provides motivational and promotional activities expounding the value of information security.
- Leads suitable information security awareness, training and educational activities.
- Leads the preparation and implementation of necessary information security policies, standards, procedures and guidelines.
- Leads the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies and applicable laws and regulations.
- Leads information security risk assessments and controls selection activities.
- Develops and implements departmental goals, plans and standards consistent with the administrative, legal and ethical requirements of the organization.
- Works to continually improve departmental operations, including tools and skill sets. Helps define and implement IT best practices. Manages the handling and resolution of IT security issues and complaints.
- Assists with the preparation of IT budgets and ensures that IT operates in compliance with allocated funding.
- Prioritizes tasks, assigns work, and monitors quantity and quality of work.
- Manages staff relations including performance management, staff satisfaction, orientation, continuing education and conflict management. Performs and oversees scheduling, recruitment, and payroll.
- Performs ''hands-on'' staff duties as required to meet required IT service levels.
- Adheres to all organizational policies and procedures. Executes all tasks and behaves in a manner consistent with a culture of safety and a high reliability organization; behavior supports the organization's core commitments of Integrity, Service, Respect, Teamwork, Excellence, and Innovation.
- Creates and maintains a work environment that is aligned with the organization’s goals and strategies, demonstrating a unified voice and consistent message from leadership; actively supports all organizational policies and procedures in communications and interactions with staff and peers. Communicates and implements change in a positive and effective manner.
- Bachelor's degree in Information Technology or related field required. A combination of education, training and experience may be considered in lieu of degree.
- CompTIA-Security+ required. CEH or CHFI required. CISSP or ECSA preferred.
- 4 years of experience providing network security administration services in a mission critical environment required.
- Extensive technical knowledge of network and application security tools and systems.
Strong organizational & interpersonal skills.
- Strong troubleshooting abilities to get to the source of problems and think critically regarding possible solutions.
- Proven leadership abilities including ability to share knowledge, resolve conflict and create consensus.
- Logical, clear and concise written and verbal communication skills.
- Must display initiative, ability to work independently and be able to use extensive independent judgment.
- Must display the highest level of critical thinking in order to weigh alternatives and present solutions that are consistent with the business strategy.
- Proven, logical decision-making skills.
- Ability to react quickly to a fast paced, rapidly changing environment.
- Ability to communicate and enforce policies.
- Strong understanding and working knowledge of IP Networking, web technologies, network security tools and standard practices.
- In-depth knowledge of intrusion detection/prevention, firewalls, VPN, data loss prevention, data encryption, and multi-factor authentication systems.
- Experience developing and instituting network security and incident response operational policies and procedures at an enterprise level.
- Experience with security audits and remedial action.
- Understanding of advanced security protocols and standards, including a demonstrated ability to perform complex analysis including producing metrics.
- Knowledge of information security frameworks and industry regulations (HIPAA, HITECH, PCI, NIST, ISO).
- An ability to learn new technologies and adopt new information security tools.
Skills & Attributes
- Requires critical thinking skills and decisive judgment. Works under minimal supervision. Must be able to work in a stressful environment and take appropriate action. High level of analytical and problem solving skills is required. Customer-oriented interpersonal skills required to work effectively with a wide variety of individuals are required.
- This description is intended to describe the general nature and level of work performed by employees assigned to this position. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees. Specific duties and responsibilities consistent with the general nature and level of work described may vary by department and additional related duties may be assigned as needed. Some duties listed may not apply to all areas.
Additional Position Related Details
- Training is provided relevant to the population served, based on scope of care of the service assignment.
Activity & Frequency:
- Bending/Stooping - Never
- Climbing - Never
- Keyboard Data Entry - Frequently
- Kneeling - Never
- Lifting/Moving Patients - Never
- Lifting/Carrying (Non-Patient) - 0-25 lbs - Never
- Lifting/Carrying (Non-Patient) - 25-75 lbs - Never
- Lifting/Carrying (Non-Patient) - over 75 lbs - Never
- Pushing/Pulling - 0-25 lbs - Never
- Pushing/Pulling - 25-75 lbs - Never
- Pushing/Pulling - over 75 lbs - Never
- Reaching - Never
- Repetitive Foot/Leg Movements - Never
- Repetitive Hand/Arm Movements - Frequently
- Running - Never
- Sitting - Frequently
- Squatting - Never
- Standing - Frequently
- Walking - Frequently
- Audible Speech - Frequently
- Hearing Acuity - Frequently
- Smelling Acuity - Never
- Taste Discrimination - Never
- Vision: Depth Perception - Frequently
- Vision: Distinguish Color - Frequently
- Vision: Seeing - Far - Frequently
- Vision: Seeing - Near - Frequently
- Owensboro Health is committed to providing a safe working environment including training and access to person protective equipment necessary to this position. While performing duties of this position, occupational exposure to bloodborne pathogens is present for all employees.