Director, Security Governance
Department Description: This role is providing direction on the Beth Israel Lahey Health Information Technology team.
Job Location: Boston, MA
Req ID: 41034BR
Job Summary: The Director of Security Governance, Risk & Compliance, leads and manages the Governance Risk and Compliance (GRC) function and is responsible for partnering with the It Security Leader in managing an organization-wide, information risk management program, security compliance program and security awareness campaign. The Director partners with administrative, and executive leadership to establish and manage a shared vision for information security and develop a compliance program to assess cybersecurity and information risks. Responsibilities include strategy, architecture, solutions design, program coordination and execution, awareness, outreach, policy and standard development as well as reporting on information security program effectiveness.
- Leads IT Security Governance, Risk and Compliance program.
- Collaborates with IT Security Leader on building a culture focused on proactive risk management and security best practices.
- Leads IT Security Steering Committee, infusing information security governance procedures that foster resiliency, raise awareness, govern policy and review security related activities.
- Provides clear risk mitigating directives for projects with IT components.
- Responsible for the development, implementation, and execution of BILH-wide information security training and awareness programs. Provides professional and technical training and direction for internal team members as well as external staff.
- Facilitates and participates in annual internal/external audits using industry standard security methods to help strengthen internal security controls, procedures and policies.
- Investigates security incidents, develop remediation plans, and work with appropriate stakeholders to implement resolutions.
- Serves as a lead advisor on security matters to ensure appropriate levels of security are integrated in process designs and architecture; demonstrates ability to be a respected information security advisor to senior management, as well as to IT Shared Service team.
- Works with IT Security team in the development and acceptance of IT policies and procedures; ensures program standards follow applicable State and Federal regulatory requirements.
- Stays current with all relevant IT security and compliance issues, technologies, and requirements, as well as with emerging best practices in IT program management, planning and governance; Maintains professional and technical knowledge by attending industry workshops, conferences, and participating in personal and professional networks.
- Has the authority to direct and support employees daily work activities. Has the direct responsibility to undertake the following employment actions: hiring, termination, corrective action and performance reviews. Direct Reports: 2-3 Indirect Reports: None
- Bachelor's degree required. Master's degree in Law degree preferred.
- More than 10 years related work experience required and 3-5 years supervisory/management experience required
- At least 10 years of varied information technology management experience is required, five years of which must be directly related to IT program management and planning as well as computer, information, and network security assessment, administration, and management.
- Experience in the health care industry is essential along with knowledge about program management, information security technology, medical records, patient privacy and confidentiality.
- Other key requirements include project planning and project management experience;
- Advanced technical computer skills as required for technical support specific to functional area and related systems.
- Decision Making: Ability to make decisions with significant, broad implications for the management and operations of a major department or multiple departments. Participates in decisions on overall strategy and direction of the organization.
- Problem Solving: Ability to address problems that are broad, complex and abstract, often involving Medical Center-wide issues and requiring substantial creativity, resourcefulness, staff engagement, Lean diagnostic techniques, negotiation and diplomacy to develop solutions.
- Independence of Action: Ability to set direction and vision for major departments or multiple departments. Establishes priorities, develops policies and allocates resources.
- Written Communications: Ability to communicate complex information in English effectively in writing to all levels of staff, management and external customers across functional areas.
- Oral Communications: Ability to verbally communicate complex concepts in English and address sensitive situations, resolve conflicts, negotiate, motivate and persuade others.
- Knowledge: Ability to demonstrate broad and comprehensive knowledge of theories, concepts, practices and policies with the ability to use them in complex and/or unprecedented situations across multiple functional areas.
- Team Work: Ability to lead collaborative teams for larger projects or groups both internal and external to the Medical Center and across functional areas. Results have implications for the management and operations of multiple areas of the organization.
- Customer Service: Ability to lead operational initiatives to meet or exceed customer service standards and expectations in assigned unit(s) and/or across multiple areas in a timely and respectful manner.
Physical Nature of the Job:
Sedentary work: Exerting up to 10 pounds of force occasionally in carrying, lifting, pushing, pulling objects. Sitting most of the time, with walking and standing required only occasionally
BIDMC is EOE M/F/VET/DISABILITY/GENDER IDENTITY/SEXUAL ORIENTATIONVaccines
As a health care organization, we have a responsibility to do everything in our power to care for and protect our patients, our colleagues and our communities. BILH requires that all staff be vaccinated against influenza (flu) and COVID-19 as a condition of employment. Learn more about this requirement