Director of Information Security

Institute for Healthcare Improvement

Director of Information Security

Full Time (Remote, USA)

About IHI 

The Institute for Healthcare Improvement (IHI) is a leading, globally recognized not-for-profit health care improvement organization that has been applying evidence-based quality improvement methods to meet current and future health care challenges for more than 30 years. IHI provides millions of people in health care with methods, tools, and resources to make care better, safer, and more equitable; convenes experts to enable knowledge sharing and peer-learning; and advises health systems and hospitals of all sizes in improving their systems and outcomes at scale. IHI's mission is to innovate and lead transformational improvement in health and health care worldwide.

Position Summary: 

Reporting to the Vice President of IT, the Director of Information Security will develop and implement information security strategy and technology solutions to address the current and emerging information security requirements of the organization.

This role will require a visionary leader who understands the global information security & risk impacts, and has a sound understanding of cybersecurity technology tools, methods, and processes. This role requires a leader who works with business stakeholders, assesses needs, builds awareness, and develops informed strategy and direction for information security. This person will lead all security initiatives for the organization.

Position Responsibilities: 

Responsibilities include but are not limited to the following: 

Awareness and Governance

• Develop and manage a targeted information security awareness training program for all employees, contractors, and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences
• Lead cross-functional Information Security Steering Committee, infusing information security governance procedures that foster resiliency, raise awareness, govern policy, and review cybersecurity related activities
• Provide clear risk mitigating directives for projects with components in IT, including the mandatory application of controls
• Foster a "Security Awareness Champions" program to spread the word and infuse security awareness behaviors, cybersecurity risks and policies
• Perform annual risk assessment and business impact analysis
• Assist in performing audits using industry standard security methods to help strengthen internal security controls, procedures, and policies
• Investigate security incidents, develop remediation plans, and work with appropriate stakeholders to implement resolutions

Security Operations

• Manage and provide additional security evaluations for existing or new vendors, partners, and systems
• Leverage security tools and data sets to provide visibility into vendor security posture and risk
• Work with IT and technology stakeholders to evolve new business continuity and disaster recovery plans
• Support data protection and privacy initiatives in compliance with the data protection standards of both US and foreign
• Align with internal compliance teams on policy updates in global data privacy standards
• Work with MSSP to monitor and manage all IT security tools and platforms including Security management platforms, Anti-Malware/Ransomware, log management systems, and information security training systems
• Work with IT department, MSP, legal and compliance teams to keep security polices updated, communicated, and enforced
• Review existing security architecture, identify design gaps, and recommend security enhancements
• Stays abreast of emerging security technologies and integrates them into security architecture as needed
• Ensures alignment between security architecture frameworks, IT standards and overall business strategy
• Achieves security architecture compliance on industry-specific requirements as well as state and federal regulations

Leadership

• Lead, grow and manage the Information Security Program at IHI, with the responsibility to ensure that information assets and associated technology are all adequately protected
• Partner with all business leaders while working closely with service desk, Infrastructure and Enterprise/Business Applications teams
• Create a risk-based process for the assessment and mitigation of any information security risk in the IHI's ecosystem consisting of faculty, vendors, consumers and any other third parties
• Responsible for identifying, evaluating, and reporting on legal and regulatory, IT and cybersecurity risk while supporting and enabling business goals

Position Knowledge, Skills and Abilities: 

• Strong Interpersonal skills and ability to translate complex issues into simple concepts
• Ability to be key contributor in IT projects and new system implementation activities
• Experience leading cross-functional teams
• Exceptional problem-solving skills with the ability to proactively introduce solutions
• Ability to manage many complex and challenging tasks and prioritize criticality
• Strong documentation skills
• Collaborative team player with strong interpersonal, verbal, and written communication and presentation skills
• Highly motivated, driven, and willing to try new concepts
• Strong work ethic with ability to maintain and safeguard confidential information
• Ability to thrive in a fast-paced environment with multiple competing priorities
• Ability to learn and use new systems and technology
• Continuous improvement mindset
• Strong ability to plan, organize and think strategically
• Commitment to IHI Values 
• Commitment to equity, anti-racism, and the improvement of societal systems 

 Position Qualifications: 

Required 

• Bachelor's degree and 7 plus years of experience in leading Information Security initiatives, incident management and security operations

OR

• 10 plus years of experience in leading Information Security initiatives, incident management and security operations

Preferred 

• Bachelor's degree in cyber security, information risk management, or a relevant IT field
• 5 plus years of experience with regulatory compliance and information security management frameworks
• Experience implementing, managing, and driving all Information Security, training, policies, and review activities in accordance with applicable cybersecurity standards and privacy regulations
• Adequate knowledge of server, network, application and perimeter security, vulnerability and patch management, endpoint security, incident response, security audit, compliance and industry certifications (e.g. SOC2, ISO27000)
• Advanced experience managing cloud security tools such as CASB, UEM, Security Scorecards, Anti-Malware tools, IDR, MDR and Security Awareness training tools
• Experience with NIST Cybersecurity framework
• Knowledge of the Information Security market and information risk vendor landscape
• Strong understanding of cloud security, datacenter security, application security, endpoint security and security audit practices and industry certifications

Physical Attributes:

• Ability to Sit for Extended Periods: Capability to work at a desk for long durations
• Manual Dexterity: Proficiency in using a computer, including typing, mouse handling, and other office equipment
• Visual Acuity: Ability to read and view a computer screen for extended periods
• Hearing and Speaking: Clear communication over phone and video calls
• Environment Setup: Access to a quiet, professional home office setup conducive to focused work and virtual meetings
• Lifting: Occasionally requires lifting up to 25 lbs as needed

Disclaimer

The above statements are intended to describe the general nature and level of work being performed by people assigned to this job. They are not intended to be an exhaustive list or comprehensive inventory of all duties, responsibilities, skills, and qualifications required.

At IHI, we are inspired to do our best work and be our best selves by leaning into our values and uniting in our vision to create a future in which everyone has the best care and health possible. We ensure that people feel valued and supported in meaningful ways, as demonstrated in our total rewards package that features competitive compensation, medical, dental and vision coverage, life and disability plans, FSA plans, matching 401k contributions, tuition reimbursement, a personal development allowance to support what matters to you, a professional development allowance to support continued learning, respect for personal commitments and flexibility to manage them, generous time off including vacation time, wellness and wellbeing time, and other special programs to support employee wellbeing.

IHI is proud to be an equal opportunity workplace and an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, religion, sex or gender, marital status, national origin or ancestry, disability, veteran status, military service, age, sexual orientation, gender identity, genetic information, crime victim status, political belief, and any other protected class under applicable law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you have a disability or special need that requires accommodation to complete our application, please let us know. Veterans are encouraged to apply.