Skip to content

This website uses cookies to provide features and services. By using the site you agree to the use of cookies.Cookie policy.  Close

Phoenix, AZ Full Time Posted by: America's Health Insurance Plans (AHIP) Posted: Thursday, 26 March 2020

This position is responsible for understanding and communicating the external threat paradigm to the Chief Information Security Officer (CISO) and executive leadership. The Senior Director will help establish Threat and Vulnerability Management Services, Data Protection practices, lead the strategy for Incident Management and Forensics.
Essential Functions
Plans, develops and oversees threat and vulnerability identification, verification, and management services program. Establishes leading protocols for data protection practices, leverages forensic investigations and monitors the Banner environment for potential breach scenarios.
Manages information security leaders who are assigned to stand up the Threat and Vulnerability Management Services, Incident Management, Forensics and Data Protection practices, leverage specialized business and/or technical resources as appropriate, and mitigate issues as they arise.
Collaborates with business, third party and technology stakeholders to make enterprise technology purchasing decisions identify assets and processes for routine vulnerability scanning. Oversees vulnerability scanning activities using automated tools.
Evaluates new technologies and processes that enhance security capabilities.
Develops and implements structured processes to measure the effectiveness of vulnerability assessment and threat intelligence activities.
Oversees threat intelligence and coordinate communication to business and technology stakeholders. Regularly reviews, prepares, analyzes and presents metric reports to the CISO and executive management team. Develops and prepares reports for the Banner Board and may attend Banner Board meetings if needed.
Ensures service improvement by providing leadership to managers and staff that update processes and activities in response to feedback from customers, internal reviews, and assessments and the changing threat and vulnerability environment.
Develops and oversees the department budget in conjunction with corporate goals and objectives. This position is accountable for meeting annual budgetary goals. Identifies and prioritizes security program expenditures in coordination with Information Technology, Audit, Compliance, and Legal.
Minimum Qualifications
Requires a Bachelors degree in Computer Science, Information Systems, Engineering, Business Administration or a related field.
Depending upon assigned area of responsibility, position may require applicable certifications and/or licensures, including but not limited to: RN; MD or DO; Drivers License; Certified Healthcare Protection Administrator (CHPA); Certified Protection Professional (CPP); Chartered Property Casualty Underwriter (CPCU); Associate in Risk Management (ARM); CPA; SPHR; Registered Health Information Administrator (RHIA); Registered Health Information Technologist (RHIT); Certified Healthcare Facility Manager (CHFM); Certified Facility Manager (CFM); Certified Coding Specialist (CCS); Certified Professional Coder (CPC); JD from an American Bar Association accredited school; admission to a State Bar Association.
Requires proficiency level typically attained with 10 or more years of experience in information security experience in positions of increasing responsibility including 7 or more years of threat and vulnerability and incident management and 5 years of leadership experience. Demonstrated experience in implementing and managing core TVM, forensics and Data Protection systems and processes such as Security Incident and Event Management (SIEM), vulnerability scanners, endpoint security technologies (eg, anti-virus), continuous monitoring, advanced malware identification (eg, FireEye), DLP tools and forensic toolsets. Extensive experience configuring and utilizing security detection systems, logs and other sources of information to identify and address security events. Extensive knowledge of network and host-based security tools to include penetration testing and ethical hacking products. Extensive knowledge of system security vulnerabilities and remediation techniques. Strong understanding of the cyber kill chain and threat intelligence lifecycle. Experience with various incident ticketing systems. Understanding of complex networking technology including firewalls, VPN, routing, switching, load balancers, monitoring, security and DNS. Extensive experience with authoring, implementing and maintaining incident response plans. Strong understanding of cyber tactics and procedures to counter threats. Demonstrated awareness of the latest cybersecurity trends and developments. Experience strategizing with cross-functional business partners on information security solutions. Strong understanding of risk-based decision-making (ie risk analysis, mitigation, resolution, acceptance, etc.). Demonstrated organizational and leadership skills with the ability to lead, build, and develop a team of senior IT professionals through formal and informal reporting relationships. Demonstrated communication skills with the ability to build relationship and influence others to get results. Extensive knowledge in governance frameworks including: ISO 27001, NIST, COBIT, ITIL. Extensive knowledge in regulations and/or contractual obligations including: HIPAA, PCI, Sarbanes Oxley, GLBA, SOC/SSAE16.
Preferred Qualifications
Advanced Degree in Computer Science, Information Systems, Engineering, Business Administration, or a related field.Industry certifications: CISSP, CISA, CISM, CRISC, EAP, etc.

Phoenix, AZ, United States of America
Click apply
3/26/2020 6:13:35 PM

We strongly recommend that you should never provide your bank account details to an advertiser during the job application process. Should you receive a request of this nature please contact support giving the advertiser's name and job reference.