Johns Hopkins Medicine
Director of IT Security and Audit
Job Location
Job Description
- Apply
- Refer a Friend
- Back
Share This Page
- Share on Facebook
- Share on Twitter
- Share on LinkedIn
- Share via Email
Job Details
Requisition #: 647757
Location: Johns Hopkins Health Plans,
Hanover,
MD 21076
Category: Information Technology
Schedule: Day Shift
Employment Type: Full Time
Job Responsibilities:
Reporting to the VP of IT & Chief Information Officer (CIO), the Director, IT Security and Audit (Chief Information Security Officer, or CISO) is the senior-most IT Security leader in the organization. This position is a key part of the IT leadership team, responsible for overseeing the IT Security and Audit function for the organization. The Director & CISO is responsible for ensuring the confidentiality, integrity, and availability of all information assets, and for implementing robust security measures to protect against cyber threats. The Director & CISO applies a deep understanding of the healthcare industry, regulatory requirements (including government-sponsored lines of business), and the evolving landscape of cybersecurity to the development, implementation, and maintenance of JHHP's comprehensive information security strategy that is aligned with business goals and regulatory requirements.
Key responsibilities include:
- Lead and manage the information security team, providing strategic direction, mentorship, and support to ensure high performance and professional growth.
- Oversee the development and enforcement of security policies, procedures, and standards to protect sensitive information and maintain regulatory compliance (e.g., HIPAA, HITRUST, CMMC, NIST-800-171, SOC 2 Type 2, etc.).
- Conduct risk assessments and vulnerability analyses to identify potential security threats and develop mitigation plans.
- Lead modern security initiatives and technologies (Security Architecture * Zero Trust Model * Cloud Security Maturity Model * Vulnerability Management Maturity Model * Security Awareness Maturity Model * Negotiation Strategies)
- Implement and manage security technologies and solutions, including firewalls, intrusion detection systems, encryption, and identity and access management systems.
- Grow IT Audit management function to ensure wider coverage.
- Implement strong vendor security oversight model for ongoing coverage.
- Monitor and respond to security incidents and breaches, conducting thorough investigations and implementing corrective actions.
- Collaborate with cross-functional teams, including IT, legal, compliance, and operations, to ensure a holistic approach to information security.
- Educate and train employees on security best practices and emerging threats to foster a culture of security awareness.
- Stay current with industry trends, emerging threats, and best practices in information security and healthcare regulations.
- Develop and maintain relationships with external partners, including law enforcement, regulatory bodies, and cybersecurity vendors.
- Report regularly to executive leadership and the board of directors on the status of the information security program and key initiatives. Chair the Cybersecurity Governance Committee.
- Collaborate with compliance and privacy organization to ensure consistent policies and enforcement.
- Collaborate with business leaders on the development and regular testing of the organization business continuity plan.
- Drive mock DR exercises to ensure organizational readiness.
Qualifications:
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field required. Master's degree preferred.
- 10+ years of experience in information security, with at least 5 years in a leadership role, preferably in the healthcare industry. Prior experience working with CMS, Defense Health Agency (DHA) is a plus. Strong security architecture background with experience building and driving a cybersecurity strategy and framework, with initiatives to secure the organization's cyber and technology assets. Proven experience in developing and implementing information security strategies and programs. Experience with incident response and crisis management.
- Professional certifications such as CISSP, CISM, CISA, or CRISC are highly desirable
- In-depth knowledge of healthcare regulations and standards (e.g., HIPAA, NIST 800-171, CMMC, HITRUST, SOC2) and their impact on information security. Understanding of security requirements for government sponsored healthcare programs is a plus. Strong understanding of risk management, threat analysis, and vulnerability assessment methodologies.
- Proficiency in security technologies and solutions, including firewalls, intrusion detection systems, encryption, and identity and access management. Excellent communication and interpersonal skills, with the ability to build relationships and influence stakeholders at all levels. Ability to negotiate and manage external relationships with contracting firms, application developers, third-party vendors.
- Requires strong analytical & problem-solving ability to assess, prioritize, & solve complex technical problems. Requires strong supervisory skills to plan & direct the work of a diverse research staff. Must be able to converse fluently in both business & technical terms.
Salary Range: Minimum $199,000 per year - Maximum $265,000 per year. Compensation will be commensurate with equity and experience for roles of similar scope and responsibility.
JHM prioritizes the health and well-being of every employee. Come be healthy at Hopkins!
Diversity and Inclusion are Johns Hopkins Medicine Core Values. We are committed to creating a welcoming and inclusive environment, where we embrace and celebrate our differences, where all employees feel valued, contribute to our mission of serving the community, and engage in equitable healthcare delivery and workforce practice.
Johns Hopkins Health System and its affiliates are drug-free workplace employers.
Many organizations talk about transforming the future of healthcare, at Johns Hopkins Health Plans, we are setting the pace for change within the healthcare industry. We develop innovative, analytics-driven health programs in collaboration with provider partners to drive improved quality and better health outcomes for our members and the communities we serve. If you are interested in improving how healthcare is delivered, and have a passion to be at the forefront of change, JHHP is the place to call home.
Please note: US citizenship is required for this position as it falls under the terms of a government contract (to ensure compliance with DODPSP).
Johns Hopkins Health System and its affiliates are an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity and expression, age, national origin, mental or physical disability, genetic information, veteran status, or any other status protected by federal, state, or local law.
ApplyLocation: Hanover, MD, US
Posted Date: 12/22/2024
Contact Information
Contact | Human Resources Johns Hopkins Medicine |
---|