Director information Security, Chief Information Security Officer (Remote)

Join Martin's Point Health Care - an innovative, not-for-profit health care organization offering care and coverage to the people of Maine and beyond.  As a joined force of "people caring for people," Martin's Point employees are on a mission to transform our health care system while creating a healthier community.  Martin's Point employees enjoy an organizational culture of trust and respect, where our values - taking care of ourselves and others, continuous learning, helping each other, and having fun - are brought to life every day.  Join us and find out for yourself why Martin's Point has been certified as a "Great Place to Work" since 2015.
 

Position Summary
 

The Director of Information Security also serves as the organization’s Chief Information Security Officer(CISO) and is responsible for the development and delivery of a comprehensive information security and privacy program for MPHC. The scope of this program is corporate-wide, and includes information in electronic, print and other formats. The purpose of this program includes: to assure that information created, acquired or maintained by MPHC and its authorized users is used in accordance with its intended purpose; to protect MPHC information and its infrastructure from external or internal threats; drive the adoption of the MPHC BCM/DR program, and to assure that MPHC complies with statutory and regulatory requirements regarding information access, security and privacy.

In compliance with MPHC’s Department of Defense government contract, any/all persons hired for this position will need to verify their US citizenship and complete the required employment eligibility verification upon hire.

Job Description

Key Outcomes:

• Coordinates the development of MPHC information security policies, standards and procedures.
• Serves as the corporate compliance officer with respect to MPHC state and federal information security policies and regulations.
• Works with key IT offices, data custodians and governance groups in the development of such policies. Ensures that corporate policies support compliance with external requirements.
• Oversees the dissemination of policies, standards and procedures to the organization.
• Coordinates the development and delivery of an education and training program on information security and privacy matters for employees, other authorized users, and student interns.  Specific topic areas to include, but are not limited to: PCI, HIPAA Privacy & Security, DoD regulations, and other CMS regulations and guidelines as they are updated by the Federal Government.
• Develops and implements Incident Reporting and Response Systems to address MPHC security incidents and/or breaches, respond to alleged policy violations, or complaints from external parties.
• Collaborates with MPHC Compliance senior leadership and staff to develop, train, and provide oversight for all information security polices and guidelines is a key requirement of the position.
• Ensures the security department has the correct technical skill set currently and in the future.
• Initiates and supports LEAN process improvements initiatives.
• Participates in the leadership of the Information Technology team.
• Keeps abreast of latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining to the MPHC and its mission.
• Responsible for MPHC BCM/DR strategy development and recovery planning with guidance from the Chief Information Officer (CIO) and the IT Management Team.
• Leads and directs the daily work of the security department.
• Manages vendors, consultants and outside contacts associated with Security.
• Builds and develops Information Security Program for all lines of business.
• Provides mentoring/coaching to members of security staff in security disciplines.
• Provides consultation to all levels of management relating to appropriate use of security at MPHC.
• Provides leadership to continuous process improvement efforts within the team.
• Manage vendors, consultants and outside contacts associated with Security.

Education/Experience:

• Bachelor Degree in related field or combination of relevant education and experience.  (Master’s Degree preferred.)
• 10+ years of relevant and applicable IT security experience required including management and leadership experience in an information technology department.
• Working knowledge of and experience in the policy and regulatory environment of information security, especially in healthcare, government or health insurance desirable.
• Experience in developing and administering information security programs required.
• Project ownership experience.
• In compliance with MPHC’s Department of Defense government contract, any/all persons hired for this position will need to verify their US citizenship and complete the required employment eligibility verification upon hire.

Required License(s) and/or Certification(s):

• Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) is highly desired

Skills/Knowledge/Competencies (Behaviors):

• Demonstrates an understanding of and alignment with Martin’s Point Values.
• Excellent written and oral communications skills.
• Ability to work collaboratively with senior leadership, peers, and individual contributors.
• A demonstrated ability to work with diverse groups of people.
• Must have strong technical management and leadership skills.
• Successful track record with management of technical teams that have delivered on time and on specification technology solutions that meet business needs.
• Ability to rapidly assess situations, develop alternatives and make sound decisions, based on the evidence at hand.
• Must communicate clearly and present accurate and factual information to all levels of MPHC personnel.
• Must be knowledgeable about best practices in healthcare security and understand company objectives.
• Must be an effective team leader and builder.
• Ability to design work processes around customer needs and expectations.
• Ability to establish and maintain accountability.
• Budgeting and contract negotiation experience required.
• Effectively communicate and demonstrate the importance of Information Security to senior and executive leadership.
• Organization's expert on healthcare information security and has the ability to lead the Information Security and IT Security in accomplishing a sought after information security program.

There are additional competencies linked to individual contributor, provider and leadership roles. Please consult with your leader to discuss additional competencies that are relevant to your position.

We are an equal opportunity/affirmative action employer.

Do you have a question about careers at Martin’s Point Health Care? Contact us at: jobinquiries@martinspoint.org