Practice made perfect

Join Our Talent Network

Director, IT Security Operations in Knoxville, Tennessee, US at TeamHealth

Date Posted: 3/13/2020

Job Snapshot

Job Description

JOB DESCRIPTION OVERVIEW:

The Director of Security Operations will be responsible for information security operations, delivery, and architecture. Information security operations include vulnerability and threat management, security operational support, responses to security and audit compliance activities, delivery of the security portfolio, security strategic plan development and support, and all aspects of information security related to solution delivery and infrastructure operations projects. This role will build and develop an information security architecture that encompasses vision and strategy, policies, standards and guidelines. Working collaboratively across all business units, the role serves as an expert advisor to senior management, with superior influence and impact.

Position is located in Knoxville, Tennessee at the TeamHealth National Support Center.

RESPONSIBILITIES:

  • Development, Support, and Monitoring of Information Security Infrastructure Program
  • Demonstrates an understanding of comprehensive security programs, including technologies and tools, architectures and network and application design, and policies / business aspects of risk
  • Demonstrates expertise performing operational risk and information security assessments and developing information security strategies
  • Recommends security solutions to assist with the assessment and improvement of security infrastructure as well as demonstrate a strong understanding of the information security landscape, including emerging risks and security solutions
  • Translates business needs and regulatory requirements into risk appropriate controls to successfully implement security policies, standards and guidelines
  • Develops, implements, manages, advises, surveys or audits all security controls respective to standards and control objectives
  • Contributes to the development of training and awareness program for employees, contractors and visitors to establish a culture of “shared responsibility” to reduce the risk of security incidents

ADMINISTRATIVE:

  • Responsible for hiring, assigning, developing, coordinating, influencing, leading and measuring all enterprise information security programs, personnel, contractors and consultants
  • Guides the design and development of our information security framework
  • Establishes ongoing communication with senior leadership on the status of security incidents, evolving risks and related recommendations
  • Develops metrics to measure the effectiveness and efficiency of all security programs and personnel
  • Proactively establishes and maintains relationships with appropriate government and law enforcement agencies
  • Acts as lead or technical support for major incident investigations involving security-related issues
  • Assists in developing budgets and forecasts to support business needs, goals and objectives
  • Monitors and stays current with security-related proven practices and technology
  • Ensures adherence to protocols for 24x7x365 response and notifications for alarms, emergencies, or critical incidents

LEADERSHIP:

  • Demonstrates ability to work in a collaborative environment and influence others to ensure adequacy of operational risk mitigation efforts
  • Strong critical thinking and analytical skills; demonstrates ability to identify risks associated with business processes, IT operations, information security programs, and technology projects
  • Supervises the activities of analyst(s) and engineer(s) with responsibility for repeatable quality, client satisfaction, and investigative integrity
  • Facilitates effective, comprehensive, and consistent communications, for various audiences, including oversight committees and business line senior management
  • Participates in major cross-functional projects affecting all business, product, or service leadership
  • Maintains an understanding of the current threats, vulnerabilities, response, and mitigation strategies used in information security operations
  • Represents Information Security in business projects, security operations reviews, deployment life cycle, network and infrastructure initiatives

 

Job Requirements

KNOWLEDGE / SKILLS / QUALIFICATIONS / EXPERIENCE:  

Required:

  • BS/BA or MS/MA/MBA or other graduate degree in related discipline
  • 10+ years of progressively responsible global information security program management or related experience in risk/security management
  • 3-5 years of direct leadership experience overseeing Security initiatives in a large enterprise
  • Deep understanding of security frameworks and control objectives (e.g., NIST Cybersecurity Framework, ISO 2700x)
  • Strong, broad, in-depth technical security competence and aptitude
  • Quick thinker, experienced in unconventional problem solving
  • Comfortable initiating change; consciously managing and shaping change
  • Able to handle the stress related to balancing multiple issues and perspectives
  • Excellent written and verbal communication skills and effectively interact with all levels of management from application developers to executive leadership
  • Exceptional planning and organizational skills
  • Knowledge and experience regarding related state, local and federal laws, regulations and proven practices
  • Previous hands-on experience with complex IT/Information security solutions and business applications
  • Ability to develop and maintain highly effective relationships with groups involved with information security matters such as Legal, Compliance, Privacy, Internal Audit, & Human Resources
  • Positive "can do" attitude with focus on the success of the team over individual accomplishments
  • Ability to advance own perspective on industry challenges and identifies new management techniques to apply with own team
  • Ability to identify and resolve moderately complex technical, operational and organizational problems in the function, sub-function or category
  • Raise key technical/process/risk issues and takes initiative to balance better/faster with secure ways of achieving desired outcomes
  • Obtained or demonstrates an active pursuit of one or more of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Controls (CRISC), Project Management Professional (PMP)

Preferred:

  • Cross-functional team leadership and risk mitigation experience within a corporate healthcare services environment
  • Industry Training and Certifications:
    • ISC^2:
      • Certified Information Systems Security Professional (CISSP)
      • Systems Security Certified Practitioner (SSCP)
      • Certified Cyber Forensics Professional (CCFP)
    • ISACA:
      • Certified Information Security Manager (CISM)
      • Certified in Risk and Information Systems Controls (CRISC)
    • SANS:
      • Security Certifications: Security Administration
      • Security Certifications: Forensics
      • Security Certifications: Management

PHYSICAL / ENVIRONMENTAL DEMANDS:

  • Potential rotational on-call availability four days per month.
  • Sitting for extended periods of time.
  • Occasional Travel.
  • Dexterity of hands and fingers to operate a computer keyboard, mouse, and to handle other computer components.
  • Lifting and transporting of moderately heavy objects, such as computers and peripherals.

This position may require manual dexterity and/or frequent use of the computer, telephone, 10-key, calculator, office machines (copier, scanner, fax) and/or the ability to perform repetitive motions and/or meet production standards to comply with the essential functions. Also, may require physical and/or mental stamina to work overtime, additional hours beyond a regular schedule and/or more than five days per week.

DISCLAIMER:

Cooperative, positive, courteous and professional behavior and conduct is an essential function of every position. All employees must be able to work with others beyond giving and receiving instructions. This includes getting along with co-workers, peers and management without exhibiting behavior extremes. Job functions may require personal leadership skills such as conflict resolution, negotiating, instructing, persuading, speaking with others as well as responding appropriately to job performance feedback from the supervisor. Additionally, the information contained in this job description has been designated to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this position.