VP Chief Information Security Officer - Harris Health System

Harris Health System is the public healthcare safety-net provider established in 1966 to serve the residents of Harris County, Texas. As an essential healthcare system, Harris Health champions better health for the entire community, with a focus on low-income uninsured and underinsured patients, through acute and primary care, wellness, disease management and population health services. Ben Taub Hospital (Level 1 Trauma Center) and Lyndon B. Johnson Hospital (Level 3 Trauma Center) anchor Harris Healths robust network of 39 clinics, health centers, specialty locations and virtual (telemedicine) technology. Harris Health is among an elite list of health systems in the U.S. achieving Magnet nursing excellence designation for its hospitals, the prestigious National Committee for Quality Assurance designation for its patient-centered clinics and health centers and its strong partnership with nationally recognized physician faculty, residents and researchers from Baylor College of Medicine; McGovern Medical School at The University of Texas Health Science Center at Houston (UTHealth); The University of Texas MD Anderson Cancer Center; and the Tilman J. Fertitta Family College of Medicine at the University of Houston.

JOB SUMMARY:

This position reports directly to the Chief Information Officer. In addition, this position has a dotted-line reporting relationship to the Executive Vice President, Chief Compliance and Risk Officer (CCRO) for the purpose of ensuring that conflicts that may arise between the interests of the CCISO and CIO can be appropriately managed. This position reports on a regular and as-needed basis to Harris Health's Chief Executive Officer and Board of Trustees regarding relevant Information Security matters to include Information security training and breaches for the organization. This executive-level position encompasses the development and enforcement of policies and strategies to protect against ever-evolving cyber threats, ensuring compliance with strict healthcare regulations such as HIPAA/HITECH. The CISO directs the overall planning and execution of enterprise security systems, using operational and tactical expertise to direct security management reports, who oversee analysts, engineers and architects. As a business enabler, the CISO ensures business decisions are not hampered by security but adhere to corporate security policies and are implemented with security in mind. The CISO champions a flexible, highly adaptable and secure operating business environment.

The CISO must have a strong technical background and fully understand threats, risk mitigation and technical controls to lead a team of security professionals through corporate obligations and defenses. The CISO assumes accountability for the daily tactical operations and overall strategic execution of the team under his or her leadership. The CISO reports to the chief information officer (CIO) or chief executive officer (CEO)/chief operating officer (COO), depending on the business.

MINIMUM QUALIFICATIONS:

Degree:
- Bachelor's Degree in Computer Science, Information Security, or related field
- Master's Degree in Computer Science, Information Security, or related field

License & Certifications:
- Certified Information Systems Security Professional (CISSP) highly preferred
AND
- Certified Information Security Manager (CISM) OR Certified Chief Information Security Officer (CCISO)

Work Experience:
Fifteen (15) years professional experience in areas of expertise: Cyber/Information Security, designing and implementing enterprise Cyber/Information Security solutions.

Management Experience:
Ten (10) years progressive management experience in areas of expertise: HIPAA Security Regulation; and practical experience working with Cyber/Information Privacy and Security laws (such as FISMA, PCI-DSS, GLBA, FIPS, NIST-CSF and data breach reporting laws), generally accepted Cyber/Information Security principles, and accepted industry practice. Healthcare and/or Federal government experience cybersecurity experience is a plus progressive management experience.

SPECIAL REQUIREMENTS:

Communication Skills: Above Average Verbal (Heavy Public Contact), Writing/ Correspondence, Writing/Reports

Knowledge/ Skills/ Abilities:
- Other:
-Executive Presence
-Disaster Recovery Planning
-Backup Strategy Understanding
- Cybersecurity
-Ownership & Accountability
-Planning & Organization
-Critical Thinking

Work Schedule: Eligible for Telecommute

Other Requirements:
-Expert technical knowledge of Cyber/Information Security, infrastructure, network, server, workstation, and security related technologies both software and hardware.
-Expert working knowledge of best practice security design associated with the above technology. Strong demonstrated knowledge of technologies including network, server, desktop, storage, medical security and how Cyber/Information Security relates to the overall business of the organization.