Security Director jobs in Philadelphia, PA

SHIFT:

Seeking Breakthrough Makers

Children's Hospital of Philadelphia (CHOP) offers countless ways to change lives. Our diverse community of more than 20,000 Breakthrough Makers will inspire you to pursue passions, develop expertise, and drive innovation.

At CHOP, your experience is valued; your voice is heard; and your contributions make a difference for patients and families. Join us as we build on our promise to advance pediatric care-and your career.

CHOP's Commitment to Diversity, Equity, and Inclusion

CHOP is committed to building an inclusive culture where employees feel a sense of belonging, connection, and community within their workplace. We are a team dedicated to fostering an environment that allows for all to be their authentic selves. We are focused on attracting, cultivating, and retaining diverse talent who can help us deliver on our mission to be a world leader in the advancement of healthcare for children.

We strongly encourage all candidates of diverse backgrounds and lived experiences to apply.


A Brief Overview

What you will do

• Operational Oversight: Security Operations Center

  * Direct the day-to-day responsibilities for the information security and operations teams.

  * Direct security program and operations center planning, implementation, and ongoing metric analysis.

  * Ensure appropriate work management of design and engineering offerings.

  * Develop security standards and materials as needed.

  * Verify/enforce security standards and best practices are maintained across the organization.

  * Verify/enforce security problems are resolved in a timely and cost-effective manner.

  * Utilize metrics to measure efficiency, service levels, and other key areas.

  - Oversight of other security related services as needed (account administration, engineering, etc...)

  Budget Management & Optimization

  * Responsible for the budget of the security team, as well as key vendor relationship management crossing various areas within the security portfolio:

  - Establishing budget(s).

  * Defining services.

  * Managing costs.

  * Establishing productivity targets.

  * Managing to targets.

  *

  Resource Management

  * Establish a high-performing team and security operations center.

  * Coach, develop, and mentor team members within and outside the organization.

  * Recruit and develop staff.

  * Prioritize and align resources.

  * Responsible for managing a portfolio of key vendors and contracts for the Technology Services organization.

  *

  Strategic Planning

  * Provide strategic and tactical direction for security program.

  * Develop and maintain service catalog for the Security Operations Center, incident response, and vulnerability management.

  * Partner with the other Directors to plan lifecycle of security tools and processes.

  * Understand industry direction and position CHOP optimally.

  * Keep abreast of advances and changes in the field and when appropriate, adopt innovations that lead to improvement and increased efficiency of CHOP's operations.

  * Plan jointly to deliver the security program and SOC (within IS, includes Core Infrastructure, Security, Business Operations, Project Management Office, Support Services, Business Applications, and Clinical Applications).

  Process Participation/Ownership

  * Develop process, procedures, and framework for the Security Operations Center, incident response, and vulnerability management.

  * Establish requirements, document process, and manager user relationship in development process.

  * Adhere to Digital and Technology Services policies and procedures (including incident, problem, and change management).

  * Contribute to work plans involving Technology Services.

  * Contribute to communication strategies for the department.

  Standards Management

  * Establish standards with security and operations.

  * Enforce established standards.

  * Establish metrics and performance indicators to measure service levels of both technology and processes.

  * Measure service levels.

  * Manage key service providers to service levels and performance on delivered services.

  * Meet or exceed SLAs.

  * Maintain ISSC Committee format, attendees, agenda, and meetings. Including input and output.

Education Qualifications

• Bachelor's Degree Required
• Master's Degree Preferred

Experience Qualifications

• At least ten (10) years experience in a combination of Information Security, Risk Management, or Information Technology, or industry focusing on control environment Required and
• At least five (5) years in a leadership role. Required and
• Experience in managing security, operations and technology teams. Required
• Security operations center development and management Preferred and
• Healthcare environment, changes and emerging trends in Healthcare industry, and understanding of Healthcare applications, systems and processes a plus. Preferred

Skills and Abilities

• Demonstrated security operations, standards, and technology life cycle knowledge and experience.
• Knowledge and high proficiency in relevant legal and regulatory requirements, including but not limited to, Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH) Act, Payment Card Industry Data Security Standards (PCI DSS), Federal Information Security Management(FISMA).
• Knowledge and high proficiency with various security frameworks.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
• Information Security Requirements:
• Understand and comply with all enterprise and IS departmental information security policies, procedures and standards.
• Support the integration of information security in the development, design, and implementation of Hospital Technology Resources that process, transmit, or store CHOP information.
• Support all compliance activities related to state, federal regulatory requirements, healthcare accreditation standards, and all other applicable regulations that govern the use and disclosure of patient, financial, or other confidential information.

Licenses and Certifications

• Certified Information Systems Security Professional (CISSP) - (ISC) - upon hire - Required or
• Certified Information Security Manager (CISM) - Information Systems Audit and Control Association (ISACA) - upon hire - Required or
• Certified in Risk and Information Systems Control (CRISC) - Information Systems Audit and Control Association (ISACA) - upon hire - Required or
• HealthCare Information Security and Privacy Practitioner (HCISPP) - (ISC) - upon hire - Required

To carry out its mission, CHOP is committed to supporting the health of our patients, families, workforce, and global community. As a condition of employment, CHOP employees who work in patient care buildings or who have patient facing responsibilities must be fully vaccinated against COVID-19 and receive an annual influenza vaccine.

Employees may request exemptions for valid religious and medical reasons. Start dates may be delayed until candidates are immunized or exemption requests are reviewed.

|