Job ID: 950622
Facility: Vidant Health
Location: Greenville, NC
Date Posted: May 19, 2021
About Vidant Medical Center
Vidant Medical Center is a 900+ bed Level-1 Trauma Center, regional referral hospital and is the flagship hospital for Vidant Health. We serve as the teaching hospital for the Brody School of Medicine at East Carolina University. Vidant Medical Center provides acute, intermediate, rehabilitation and outpatient services to more than 1.4 million people in 29 counties. But it's in our work environment that you'll find our sense of family and closeness that permeates everything we do.
The Mgr, IS Sec Ops & Engineering manages the development, execution and operations of Vidant Healths information Security Architecture and Engineering processes across the health system. The Manager reports to the Director of Information Security and assists in the development, implementation and maintenance of the information security architecture and engineering program. The manager will be responsible for an information security architecture framework and standards that governs security practices system wide, enabling risk based control decisions to protect the confidentiality, integrity and availability of electronic personal health information PHI . The manager will be responsible for key activities including key oversight of information security engineering and drive implementation of the target security architecture. This position is graded at a manager level, but the candidate is expected to be a very hands on active member of the team helping to drive objectives forward as much, or more, than their team members.
1. Strategic and Tactical IS Support. Demonstrates a commitment to supporting the business needs of Vidant Health by collaborating with business stakeholders in the selection and implementation of new technologies and adaptation of existing systems. 10 percent
a. Sets vision and direction of information security architecture and engineering at Vidant Health.
b. Manage information security architecture gap and capability assessments, refresh cycle, approval process.
c. Define and manage the information security controls and counter measures. Align third party security program needs with information security risk management process.
d. Work with peers in Vidant Health Office of Audit and Compliance and Information Systems to leverage existing compliance processes to realize efficiencies where possible.
e. Report to the Director of information security on progress, metrics and roadmap.
f. Work with Manager of Security Operations and Compliance to develop library of authoritative requirements for information security ranging from regulatory requirements to health care provider industry practices e.g. HIPAA Security rules, HITSP, CCHIT, ISO 27001 and 2, etc. . Refresh Information Security policy, compliance, and risk management capabilities based on authoritative requirements regularly.
g. Participates and consults with business operating units to identify the IS implications of their strategic and operating plans. Identify and recommend opportunities to leverage existing systems and/or new and emerging technologies where appropriate.
h. Contributes to the development of a multi year roadmap for overall Information Security Program. Specific areas of responsibility include security architecture, incident management, forensics and event monitoring.
i. Ensures utilization of Vidants IS project management methodology to improve processes to select, prioritize and implement IS enabled business initiatives so they are delivered on time, within budget and meet the stated business objectives. Contributes to the on going development of Vidants IS project management methodology.
j. Manages IS resource requirements to ensure appropriate balance between operational and project demands. Resolves resource conflicts to satisfy organizational priorities by reallocating and/or supplementing IS resources.
2. Service Delivery. Demonstrates a commitment to customer service by providing responsive and effective support, developing solid working relationships with end user customers, and delivering high quality, value added services that exceed customer expectations. 45 percent
a. Promotes the philosophical direction of Vidant IS in the adoption of IT Service Management ITSM by managing team compliance with IS governance and ITSM processes and ensuring ITSM subject matter expertise within the team.
b. Manages day to day support of Information Security with other IS Directors/Managers to consistently perform at or better than defined service level commitments. Performs root cause analysis SBAR on incidents to identify opportunities to prevent future occurrences.
c. Maintains systems to industry standards and vendor contractual requirements to minimize business disruptions associated with incidents and/or unscheduled downtime. Manage all stages of system upgrade processes including design, testing, training requirements, procedures, new support requirements, documentation, and production turnover.
d. Applies rigorous testing and quality assurance techniques to all system changes and strictly adhere to Change Control processes.
e. Conducts and/or coordinates post implementation audits to ensure that application systems and technologies are fully and appropriately utilized. In collaboration with business partners, design and implement system enhancements to meet dynamically changing business requirements and take advantage of on going vendor supplied system enhancements.
f. Develops and maintains a culture that promotes service excellence and employee empowerment to act in the best interest of IS customers who are directly caring for our patients.
g. Participates in the annual external financial audit of security and controls and annual IS risk assessment across the health system. Participates in internal audits, as appropriate, as identified in the annual audit plan. Develops and implements action plans to address any gaps identified during the audit process.
h. Participates in the development and annual testing of Vidant Healths disaster recovery plan to ensure the plans are current and effective.
3. Talent Management. Demonstrates a commitment to employee professional development by providing opportunities for assuming new and varied responsibilities, training and development, and coaching and mentoring by management and staff. 35 percent
a. Recruits and develops IS leaders and staff to create a high performing organization capable of supporting current systems while developing new skills needed to transform the IS organization and leverage next generation technologies.
b. Provides promotional and career development opportunities for IS employees within a system that includes career paths, succession planning, and on the job training opportunities.
c. Conducts regular performance appraisals and recommends appropriate personnel actions.
d. Provides effective on boarding and on going coaching, mentoring, and feedback to improve performance, foster personal growth, and let employees know they are valued.
e. Creates a team oriented, professional work environment providing the requisite challenges to retain talented IS professionals.
f. Contributes to the design of recognition systems that reward employees for their contributions.
g. Demonstrates a commitment to personal development by maintaining professional knowledge of current trends and developments in the information technology and health care industries through related seminars, independent study, professional associations, and conferences.
4. Financial Management. Demonstrates a commitment to the effective utilization of IS human and financial resources by developing and monitoring capital and operating budgets and a multi year financial plan to support the IS Strategic Plan. 10 percent
a. Identifies opportunities to leverage economies of scale and drive efficiencies to manage overall operating costs balancing business requirements with Vidant Health financial targets.
b. Develops a total cost of ownership TCO for all new and replacement systems securing business commitment to the one time and on going costs and identifying budgetary implications in the current and future fiscal years.
5. Universal Criteria.
a. Demonstrates commitment by promoting and adhering to the Vidant Health Code of Conduct, which includes the objectives of Vidant Healths compliance program, policies and procedures and ethical business practices. Promotes open, effective, and ongoing communication and the sharing of information among employees, and sets the expectation that matters of concern get reported immediately.
b. Performs other duties as assigned by appropriate personnel.
6. Leadership Core Competencies
a. Innovation: The ability to identify and implement new and creative solutions to address complex issues and challenges, and to encourage others to do the same.
b. Strategic Agility: The ability to apply flexible, practical and long range perspectives in formulating effective organizational strategy.
c. Systems Thinking: The ability to understand and apply knowledge of the interrelationships of various components of the organization; ability to anticipate both direct and indirect consequences of actions; capacity to understand how these components function as a whole; and the ability to assess the impact of decisions.
d. Quality Leadership: The ability to design and assess the quality of a product or service, to develop and test improvements of that product or service, and to spread and sustain positive change. Is dedicated to providing quality products and services which meet the needs and requirements of internal and external customers; is open to suggestions and experimentation; creates a learning environment leading to the most efficient and effective work processes; exhibits good judgment about which creative ideas and suggestions will work.
e. Leveraging Diversity: Values and is a champion for differences of perspective, life experience, and cultural backgrounds to enrich the organization; applies these benefits in attaining department and organizational goals.
f. Inspirational/Visionary Leadership: The ability to create a sense of shared commitment to the future and support for Vidant Healths mission and strategies to fulfill our mission. Helps individuals realize the importance of their work in contributing to the mission and executing strategic imperatives.
g. Developing People: Commitment to ensuring that others reach their full potential, including design and implementation of effective development strategies.
h. Demonstrating Integrity: Having the courage to do the right thing for the organization at all times and in all circumstances regardless of what the consequences might be.
i. Leading Change: The ability to introduce and sustain significant organizational change. Commitment to an organizational environment that supports individuals to do their very best work by making it safe to take risks and speak out on unpopular issues. The ability to successfully execute ideas.
j. Organizational Savvy: The ability to understand the influence of networks and culture, both internal and external to Vidant Health.
Bachelor's degree in healthcare, computer technology, information management or related field preferred. Master's degree desirable.
Certifications such as:
SANS GIAC Security Expert Certification
Certified Information System Security Professional (CISSP)
Cisco Certified Networking Professional- Security (CCNP Security)
Certified in the Governance of Enterprise IT (CGEIT)
Certified Information Security Manager (CISM)
2 years experience working within the Healthcare Industry preferred.
2 years experience with regulatory controls such as HITECH Act and HIPAA Laws
Three to five years of console level experience with technologies such as; firewalls, IPS, WAF, endpoint security, vulnerability assessment and management, etc. Should have a strong operational background and proven track record of accomplishments in
Information Services within a large, complex, multi-location organization.
Health care experience and deep understanding of health care IT operations and challenges preferred.