Director of Information Security
$135,000 - $175,000/Yr
Viecure - Denver, CO
posted 2 months ago
Full-time - Senior
Denver, CO
About the position
The Director of Information Security at VieCure is responsible for leading the transformation of cancer care through the establishment and maintenance of a comprehensive information risk management program. This role focuses on protecting sensitive information assets, ensuring compliance with regulatory requirements, and collaborating with various business units to implement best practices in information security. The position aims to enhance the confidentiality, integrity, and availability of healthcare data and systems.
Responsibilities
- Develop, implement, and monitor a strategic enterprise information security and IT risk management program to protect sensitive information and maintain system integrity.
- Lead information security governance efforts, including the creation of an Information Security Steering Committee.
- Maintain and communicate up-to-date security policies, standards, and guidelines.
- Oversee security training for all employees and system users.
- Implement a risk-based vendor management process to assess and mitigate risks from partners, consultants, and service providers.
- Develop and manage the information security budget, ensuring alignment with corporate goals.
- Create and manage security awareness programs to educate employees, contractors, and approved users about potential security threats.
- Collaborate with business units to conduct IT risk assessments and manage acceptable levels of risk.
- Enhance and maintain the information security management framework, focusing on HIPAA, HITECH compliance.
- Provide strategic risk guidance for IT projects, including evaluating and recommending technical controls.
- Ensure compliance with relevant laws and regulations to minimize audit findings and reduce risk.
- Act as a liaison between the information security team and legal, audit, compliance, and HR teams when necessary.
- Manage security incidents to protect IT assets, including intellectual property and sensitive data.
- Develop and maintain disaster recovery policies that align with business continuity objectives.
- Coordinate plans to ensure business-critical services are restored in the event of a security breach or incident.
- Create metrics and reporting frameworks to evaluate the effectiveness of the security program and support resource allocation.
- Oversee the security organization, including direct and indirect reports.
- Implement security controls to mitigate threats using appropriate software and hardware solutions.
- Perform annual risk assessments and address any findings with actionable mitigations.
Requirements
- Proven experience in information security leadership roles.
- Strong understanding of regulatory requirements such as HIPAA and HITECH.
- Experience in developing and managing information security programs.
- Ability to conduct IT risk assessments and manage risk levels effectively.
- Excellent communication and collaboration skills to work with various business units.
- Experience in managing security incidents and disaster recovery planning.
Nice-to-haves
- Certifications such as CISSP, CISM, or equivalent.
- Experience in the healthcare industry.
- Familiarity with security frameworks and standards.
Benefits
- Competitive salary range of $135,000 - $175,000 per year.
- Opportunities for professional development and training.
- Collaborative work environment focused on innovation in cancer care.
