Type: Full Time Employee
# of Openings: 1
SCA, a leader in the outpatient surgery industry, strategically partners with health plans, medical groups and health systems across the country to develop and optimize surgical facilities. SCA operates more than 210 surgical facilities, including ambulatory surgery centers and surgical hospitals, in partnership with approximately 7,500 physicians. For more information on SCA, visit www.scasurgery.com.
Accountabilities / Responsibilities
We are seeking a Director of IT Security to lead our IT Security group. The Director should have exceptional executive presence, strategic foresight, experience managing complex teams, and problem- solving skills. The Director will be responsible for developing, implementing, and monitoring a strategic, comprehensive enterprise cybersecurity and IT risk management program. The role provides the vision and leadership necessary to manage the risk to the organization and will ensure business alignment, effective governance, system and product availability, integrity, and confidentiality. Additionally, the role is responsible for developing teammates, coordinating between IT groups, and providing Compliance and Risk minded judgments for new initiatives. The Director will need to solve complex problems through innovative and strategic thinking to align projects with the greater goals of Information Technology and SCA.
Primary position responsibilities:
- Monitoring and advising on information security issues related to internal systems and workflow to ensure that security controls for the company are appropriate and operating as intended.
- Managing, documenting, and communicating compliance requirements, timelines, and roadmaps to supporting teams and leadership
- Establish annual and long-range security and compliance goals, defines security strategies, metrics, reporting mechanisms and program services; and creates maturity models and roadmaps for continual program improvements.
- Coordinating and executing IT security projects as directed.
- Assisting business units in identifying security requirements, using risk based and business impact assessments.
- Assessing security controls, reporting on overall effectiveness, and recommending remedial actions where needed.
- Establishing system controls by developing and adhering to established frameworks.
- Communicating with internal and external partners to enhance security awareness.
- Coordinating response to information security incidents and escalate, as necessary.
- Developing, publishing, and reviewing Information Security policies, procedures, standards, and guidelines based on knowledge of best practices and compliance requirements.
- Conducting data classification assessments, security audits, and managing remediation plans.
- Collaborating with internal partners to manage security vulnerabilities.
- Creating, managing, and maintaining user security awareness programs.
- Conducting security research in keeping abreast of latest security issues and facilitating professional development.
- Driving project activities to ensure requirements and schedules are met while managing risks and identifying appropriate solutions.
Secondary position responsibilities:
- Manage day-to-day support operations.
- Adhering to company values at all times.
- Performing other related duties as assigned.
This position is primarily responsible for, or having knowledge of:
- Common Information Security management/compliance frameworks, such as SOX, PCI, HIPAA, ISO 17799/27001, and NIST frameworks.
- Assessing and/or managing assessment of compliance and security gaps, providing remediation recommendations based on cost and other pertinent factors.
- Leading cross functional Computer Security Incident Response Team (CSIRT) in the resolution of security related incidents.
- Security-related systems and applications, especially mainstream OS's (e.g. Microsoft Windows and Linux), network security appliances, identity, and access management (IAM) systems, anti-malware solutions, automated policy compliance and desktop security tools.
- Network infrastructure, including routers, switches, firewalls and associated network protocols and concepts.
- Strong verbal and written communication skills
- Facilitating cross-functional teams
- Translating business requirements into control objectives
- Information risk concepts and principles, as a means of relating business needs to security controls.
- Firewalls, SIEM, DLP, VPN, DMZ, IAM, MFA, Intrusion Detection/Prevention, Encryption, Anti-Malware, MDM, MAM, asset management, VMS and other IT Security solutions is highly preferred.
- Maintaining SOX controls and compliance audits
Education and experience equivalent to:
- Bachelor's degree in information technology or related field; supplemented with seven (7) years of related experience.
- Certified Information Systems Security Professional (CISSP, Certified Information Systems Auditor (CISA) and/or Certified Information Security Manager (CISM) certification or similar certification preferred.
- Proactive, decisive, action-oriented individual
- Strong written and verbal communication skills, including with Executive audiences
- Excellent interpersonal, leadership, collaboration, facilitation, and negotiation skills
- Able to clearly explain technical issues in a way that nontechnical people can understand
- Ability to be broadly focused and manage multiple efforts concurrently
- Ability to work effectively with all levels of the organization, including staff, business stakeholders, and all levels of management
Please click HERE to apply.
We value Diversity, Inclusion, and Belonging at Surgical Care Affiliates: SCA is an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), age, national origin, disability and genetic information, or any other characteristic protected by law.
UnitedHealth Group is a drug - free workplace. Candidates are required to pass a drug test before beginning employment.
Surgical Care Affiliates