Senior Director Information Security Operations
The Childrens Hospital of Philadelphia
Reference #: 1009260
SHIFT:Day (United States of America)
Seeking Breakthrough Makers
Childrens Hospital of Philadelphia (CHOP) offers countless ways to change lives. Our diverse community of more than 20,000 Breakthrough Makers will inspire you to pursue passions, develop expertise, and drive innovation.
At CHOP, your experience is valued; your voice is heard; and your contributions make a difference for patients and families. Join us as we build on our promise to advance pediatric care-and your career.
CHOPs Commitment to Diversity, Equity, and Inclusion
CHOP is committed to building an inclusive culture where employees feel a sense of belonging, connection, and community within their workplace. We are a team dedicated to fostering an environment that allows for all to be their authentic selves. We are focused on attracting, cultivating, and retaining diverse talent who can help us deliver on our mission to be a world leader in the advancement of healthcare for children.
We strongly encourage all candidates of diverse backgrounds and lived experiences to apply.
A Brief Overview
The Sr. Director Security Operations is a critical leadership position and reportsdirectly to the Chief Information Security Officer. This positionhasoperationaland strategic responsibilitesfor the Information Security program andoversees the managementofsecurity operations servicesincluding (but not limited to): incidentresponse, vulnerabilitymanagement, threathunting, and overallprogramdevelopment in the CHOP enterprise. A critical responsibility is thecontinuous evaluation of evolving threats and staying abreast of security technologies.
In conjunctionwiththe CDIO, CISO and Deputy CISO, the Sr.Directorof Security Operations actsas a security liaisonbetweentechnology, business, research, and clinicalverticals to advance security culture and achievealignmentforstrategy and security posture.
Thispositionmaintains and evolvestheHospitals Information Security Operations Centerand alsosupports Hospital and Research operations, includingcompliancewithallapplicablelaws, regulations,and accreditationstandards.
Thispositionmaintains and continuously evolvestheprogram to supporttheprotectionofinformationassets and identifies, evaluates, and reportson IT relatedrisksin a mannerthatmeetscompliance and regulatoryrequirements, and alignswith and supportsthe IT riskpostureofthe Hospital. Additionally, thisposition is required to evaluatetheprogram andoperations centerservices regularly and adjustasneededforcontinuousimprovement and securityprotections.
What you will do
OperationalOversight: Security Operations Center
Direct theday-to-dayresponsibilitiesfortheinformationsecurityand operationsteams.
Direct securityprogram and operations centerplanning, implementation, and ongoingmetricanalysis.
Ensureappropriateworkmanagementofdesign and engineeringofferings.
Developsecuritystandards and materialsasneeded.
Verify/enforcesecuritystandards and bestpracticesaremaintainedacrosstheorganization.
Verify/enforcesecurityproblemsareresolvedin a timely and cost-effectivemanner.
Utilize metrics to measure efficiency, service levels, and other key areas.
– Oversight of other security related services as needed (account administration, engineering, etc…)
Budget Management & Optimization
Responsibleforthebudgetofthesecurityteam, as wellaskeyvendorrelationshipmanagementcrossingvariousareaswithinthesecurityportfolio:
– Establishingbudget(s).
Definingservices.
Managingcosts.
Establishingproductivitytargets.
Managing to targets.
Resource Management
Establish a high-performingteam and security operations center.
Coach, develop, and mentorteammemberswithin and outsidetheorganization.
Recruit and developstaff.
Prioritize and alignresources.
Responsibleformanaging a portfolioofkeyvendors and contractsforthe Technology Services organization.
Strategic P anning
Providestrategic and tacticaldirectionforsecurityprogram.
Develop and maintainservicecatalogforthe SecurityOperationsCenter, incidentresponse, and vulnerabilitymanagement.
Partner withtheotherDirectors to planlifecycleofsecuritytools and processes.
Understandindustrydirection and position CHOP optimally.
Keepabreastofadvances and changesinthefield and whenappropriate, adoptinnovationsthatlead to improvement and increasedefficiencyofCHOPs operations.
Plan jointly to deliverthesecurityprogram and SOC (within IS, includes Core Infrastructure, Security, Business Operations, Project Management Office, Support Services, Business Applications, and Clinical Applications).
Process Participation/Ownership
Developprocess, procedures, and frameworkforthe SecurityOperationsCenter, incidentresponse, and vulnerabilitymanagement.
Establishrequirements, documentprocess, and manageruserrelationshipindevelopmentprocess.
Adhere to Digital and Technology Servicespolicies and procedures (includingincident, problem, and changemanagement).
Contribute to workplansinvolving Technology Services.
Contribute to communicationstrategiesforthedepartment.
Standards Management
Establishstandardswithsecurity and operations.
Enforceestablishedstandards.
Establishmetrics and performanceindicators to measureservicelevelsofbothtechnology and processes.
Measureservicelevels.
Managekeyserviceproviders to servicelevels and performanceondeliveredservices.
MeetorexceedSLAs.
Maintain ISSC Committeeformat, attendees, agenda, andmeetings. Includinginput and output.
This department works approximately 80% remotely, 20% on site in our Philadelphia offices on an as-needed basis.
Education Qualifications
Bachelors Degree Required
Masters Degree Preferred
Experience Qualifications
At least ten (10) years experience in a combination of Information Security, Risk Management, or Information Technology, or industry focusing on control environment Required and
At least five (5) years in a leadership role. Required and
Experience in managing security, operations and technology teams. Required
Security operations center development and management Preferred and
Healthcare environment, changes and emerging trends in Healthcare industry, and understanding of Healthcare applications, systems and processes a plus. Preferred
Skills and Abilities
Demonstrated security operations, standards, and technology life cycle knowledge and experience.
Knowledge and high proficiency in relevant legal and regulatory requirements, including but not limited to, Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH) Act, Payment Card Industry Data Security Standards (PCI DSS), Federal Information Security Management(FISMA).
Knowledge and high proficiency with various security frameworks.
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
Information Security Requirements:
Understand and comply with all enterprise and IS departmental information security policies, procedures and standards.
Support the integration of information security in the development, design, and implementation of Hospital Technology Resources that process, transmit