Skip to main content

Director Cybersecurity | Sharp HealthCare | Onsite | Relocation Assistance Eligible | Sign on Bonus Eligible for external candidates

Job ID JR124885 Date Posted 07/07/2022
San Diego, California
  • Ruffin Road
  • Day
  • Regular
Apply now
Responsibilities

Hours

Shift Start Time:

Variable

Shift End Time:

Variable

Additional Shift Information:

8 hours - exempt

Weekend Requirements:

As Needed

On-Call Required:

No

What You Will Do

Direct the work to (1) defend Sharp Healthcare's data and computing assets against cyber-attack and insider threat, (2) efficiently and effectively respond to incidents as they occur, (3) ensure compliance with relevant regulations and company policies, and (4) provide leadership to a team of cyber security experts as well as to various other parts of the organization.

Required Qualifications

  • Bachelor's Degree
  • 7 years Experience in information systems.
  • 5 years Management experience with direct responsibility for Information Security technologies.
  • Experience in developing and administering an information security operations team and risk management program.


Preferred Qualifications

  • Master's Degree In Information Security or Information Technology other related field.
  • Previous experience in health care.


Other Qualification Requirements

  • IT Security Certification (e.g. CISSP, GIAC or similar) strongly preferred.


Essential Functions

  • Architect and implement the organization's cyber defense strategy:
    Stay current on the latest threats and adjust the strategy based on new intelligence.
    Evaluate security technologies and third-party services that provide the most value and are best suited for the organization.
    Develop and maintain a documented architecture plan and roadmap, and partner with the VP, CISO to integrate with the broader security strategy.
    Facilitate implementation of both administrative and technical measures for Data Loss Prevention (DLP).
    Ensure relevant regulatory and compliance requirements are met.
    Security Incident Prevention:
    Performance is based on the number, size and scale of incidents that occur within the general control of this role, taking into consideration the budget allocated.
    KPIs to be jointly defined with the VP/CISO such as number of incidents, severity of incidents (reportable), vulnerability management/patching metrics, etc.
  • Assess security capabilities of company technology:
    In partnership with other IT groups, perform security assessments on priority technologies, both new and existing.
    Advise on technical standards for the company to follow when acquiring and operating applications and supporting infrastructure.
    Using scanning technologies and/or third parties, identify vulnerabilities on priority applications and supporting infrastructure. In partnership with other IT groups, facilitate remediation.
    Ensure relevant regulatory and compliance requirements are met.
  • Manage and report security incidents:
    Monitor for and identify both insider and outsider threats and suspicious activities.
    Manage, contain and report security incidents. Maintain a strong relationship with Compliance and Privacy to ensure breach reporting requirements are met.
    As needed/requested, perform forensic analysis on computer assets to ensure the appropriate level of evidence is preserved.
    Develop, maintain and periodically test a formal cyber incident response plan. Coordinate with organization business continuity planning, disaster preparedness management and emergency management functions.
    Partner with Training and Awareness to ensure the right topics are adequately delivered to the end-user community based on incident data and user behavior.
  • Security Incident Management:
    Performance is based on the efficiency and effectiveness of the team in identifying and responding to incidents when they occur, taking into consideration the budget allocated.
    KPIs to be jointly defined with the VP/CISO such as Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), false positive rate, etc.
  • Monitor and report on security operational performance. Take action:
    Define and regularly report out on Key Performance Indicators (KPIs) related to cyber defense, incident management and compliance.
    Incorporate recommendations for improvement based on historical performance. Liaise with cyber defense vendors to ensure optimal performance.
    Compliance:
    Performance is based on the level of compliance to relevant regulations and company policies as applicable to the scope of this role and supporting, team, taking into consideration the budget allocated.
    Results of KPIs to be jointly defined with the VP/CISO such as number/severity of audit findings and/or compliance violations.
  • Be a leader:
    Teach and inspire a team of architects and analysts, and ensure they are adequately challenged, developed and utilized in a way that most benefits the organization. Ensure and approve proper employee training.
    Interview, hire and discharge personnel as appropriate. Assess employee performance and ensure the right people are in the right roles. Provide meaningful and real-time feedback. Approve vacations and other time off review and approve time cards.
    Maintain a strong relationship and tight integration with the organization's Managed Security Services Provider (MSSP).
    Provide consultative advice and expertise to all areas of the organization as needed.
    Build strong business cases (with ROI) for technologies and/or services needed.
    Leadership and Collaboration:
    Performance is based on employee satisfaction and morale, partner collaboration to achieve common objectives, initiatives demonstrating leadership outside of the defined role, etc.
    Results of KPIs to be jointly defined with the VP/CISO such as employee surveys / upward feedback reviews, peer review feedback.
  • Safety:
    Provides mandatory training for staff. Maintains safe work environment and addresses deficiencies, Reviews safety policies and procedures. Adheres to ergonomic principles. In conjunction with Buildings/Facility Services, directs, monitors and participates in safety and fire in-services/inspections. Assures employee attendance at required in-services, maintaining documentation, Ensures follow through and compliance with safety regulations as it relates to outside inspections.

Knowledge, Skills, and Abilities

  • The position requires operational knowledge of: Information security technologies, markets and vendors including firewall, intrusion detection, assessment tools, encryption, certificate authority, web, and application development, Information systems industry and best practices in network, application and hardware platform security, Audit and assessment methodologies, procedures and best practices that relate to information networks, systems, and applications, Application security, database technologies used to store enterprise information, Identity and access management, security program policies, processes, standards, requirements and procedures and various supporting security technologies.
  • Ability to effectively direct a diverse staff of professionals; to work effectively with physicians, all levels of management and staff, auditors and investigators, consultants and vendors; to communicate clearly, concisely and accurately, verbally and in writing; to exercise good leadership skills; to achieve organizational results with and through people, Has strong skills in implementing and supporting information technologies and tools; experience in information technology risk management; analytical and critical thinking; problem solving; prioritizing risks based on impact to the business and likelihood of occurrence; balancing strategic, tactical and technical requirements; program or project management.
  • Must be able to calmly and professionally respond to frequent deadlines for reports and related tasks, and to prepare work and presentations on short notice.
  • Must be able to respond calmly and professionally to telephone or face-to-face contact from angry or frustrated users/clients.

Sharp HealthCare is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender, gender identity, sexual orientation, age, status as a protected veteran, among other things, or status as a qualified individual with disability or any other protected class

#EC

Master's Degree; Bachelor's Degree
Apply now

Want to know when new jobs are posted? Sign up for job alerts.

Set your parameters to automatically receive alerts when we post new jobs that fit your skills, interests and experience.

Sign up for job alerts

Select your area of interest from the categories below and click “Add” to receive email alerts about our latest openings. Or you can refine your job alerts by selecting a specific facility.

Interested In

Glassdoor rating Glassdoor rating

"After nearly 10 years of working here, it's still one of the hardest jobs I've ever loved. If you find a niche here, you'll be working with some of the smartest in the industry. This is where they'll respect you for thinking outside the box and kindness matters. They expect consistency and hard work, but pay you well to do it."

We are Sharp

Stay connected and join the career interest community

Want to stay informed about career opportunities and life at Sharp? Join our career interest community and receive information that matters to you.

Join the community