Director, Cyber Security Data Protection (Remote)

Community Health Systems Remote
director cyber security security data remote security data management cybersecurity dp operations director information systems
March 18, 2023
Community Health Systems
Franklin, Tennessee

The Cyber Solutions Engineering (CSE) department within the Cybersecurity Risk Management (CSRM) organization ensures successful delivery and operations of critical security controls across the CSH Enterprise. The Director, Data Protection leads all facets of the data security and protection program. The role has responsibility for the overall strategic direction of the DP program, including the people, processes and technologies involved. The role includes oversight of planning, build, implementation, and operation of the underlying technology platforms and processes across the DP spectrum, including: Data at Rest, Data in Motion and Data in Use protections, across on premise devices as well as cloud solutions and platforms.

The Director, Data Protection role reports directly to the VP, Deputy CISO and is a member of the cybersecurity leadership team. The Director leads a team of individuals across the multitude of DP solutions. The Director is responsible for leading, managing, and developing this team of cybersecurity professionals to ensure the success of numerous critical areas. This role will develop an enterprise program, defining the vision and strategy for the organization, help drive the data protection sub-committee that defines policies, responses and sanctions. In addition, this individual will help shape an overall governance function, encompassing cross-departmental processes, in addition to oversight of the underlying tools and technology.

Essential Duties and Responsibilities:

  • Manages the planning, engineering, development, implementation and administration of data protection systems through the use of controls, procedures, measurements and strategies to prevent data loss, modification, disclosure, misuse, manipulation, or destruction of systems, networks, applications and data.
  • Build and develop the Data Protection practice by leveraging existing resources and capabilities in CSRM and lead efforts in evaluating and acquiring new platforms
  • Develop and maintain a deep understanding of complex CHS business operations, the associated cybersecurity implications and the required CSRM capabilities.
  • Recruit, retain, and develop a diverse and high performing team of DP security professionals, creating an environment of continuous learning and growth development.
  • Work closely with key stakeholders across the business, IT, legal and compliance and other necessary organizations to drive the overall DP enterprise strategy and roadmap for delivery.
  • Remain current on evolving security technologies related to Data Security/Protection, including the identification of changes and trends in cybersecurity with the ability to inform senior management of both impact and recommendation of these changes.
  • Responsible for dispensing technical advice, guidance, direction and authorization to carry out information risk management projects, plans and procedures.
  • Position is director-level and has direct responsibility for people management. In addition to project deployment, responsibilities include career development, performance management, and pay determination and communication. Responsible for the management of associates including: performance management, salary planning and administration, training and development, workflow planning, hiring and placement, and disciplinary actions
  • Must be willing to travel occasionally and be able to respond to security issues related to DP in an on-call escalation role.
  • Performs other duties as assigned

Education :

  • Bachelor degree in Cybersecurity, Computer Science, Information Systems, or other related field required.
  • Graduate studies in technical or business discipline preferred.

Experience:

  • 8+ years of experience in the information security field
  • 4+ years of security leadership experience with planning and managing security projects and operations.
  • Three to five years of Security Project execution experience preferred, including project and program management experience
  • Proven track record in managing complex Data Protection programs, preferably in a health care provider environment.
  • Ability to translate business requirements and risks into technology and cybersecurity solutions
  • Ability to collaborate across IT groups and associated business areas to provide optimal security controls while balancing efficient and effective user interactions and business operations
  • Must have the ability to manage a staff responsible for Data Loss Prevention security engineering and operations functions.
  • Must have the ability to develop and implement strategies and make risk recommendations to senior management.
  • Must possess strong managerial skills as well as project leadership capabilities.
  • Must be able to interpret information risk issues and present formal recommendations to senior management.
  • Must have project and process management skills.
  • Must have excellent verbal and written communication skills to interact with all levels of staff, management, and external sources.
  • Experience in managing multiple vendor relationships.
  • Must be strong in people management as well as negotiation and presentation skills.
  • Experience with leading Data Security/Protection vendor solutions.
  • Experience in Security Architecture
  • Working knowledge of information security industry and regulatory frameworks (SOX, HIPAA, HITRUST, NIST, etc)
  • Excellent oral and written communication skills including ability to present technical information in business centric language for executives and business partners.

Preferred License, Registration, Certification:

  • Certified Information Systems Security Professional® (CISSP)
  • Certified Information Systems Auditor® (CISA)
  • Certified Information Systems Security Professional® (CISSP)
  • Certified Information Systems Auditor® (CISA)
  • GSEC GIAC Security Essentials Certified

Required Computer Skills:

  • Office/G-Suite and other Cyber Security tools and technologies, as necessary.

Physical Demands:

In order to successfully perform this job, with or without a reasonable accommodation, the following are outlined below:

  • The Employee is required to read, review, prepare and analyze written data and figures, using a PC or similar, and should possess visual acuity.
  • The Employee may be required to occasionally climb, push, stand, walk, reach, grasp, kneel, stoop, and/or perform repetitive motions.
  • The Employee is not substantially exposed to adverse environmental conditions and; therefore, job functions are typically performed under conditions such as those found within general office or administrative work.

Report this job

Similar jobs near me

Related articles