How You'll Help Transform Healthcare:

The Chief Information Security Officer (CISO) has overall responsibility for a comprehensive information technology security program across the enterprise and is a key member of the SVP/CIO's leadership team. The position is responsible for developing long-term information security strategies including, but not limited to, network security, computer and device security as well as application and data security. The CISO leads the response to IT security incidents, serving as primary IT contact point for information security matters and require coordination within the central IT organization as well as the enterprise. The CISO will oversee the coordination of IT security matters in collaboration with Carilion Clinic's legal counsel, internal audit, compliance/risk management and other departments as appropriate. The position will also provide specialized IT security consulting, materials, programs and analysis related to information security and IT policy. Additional duties include proactive involvement with IT risk assessments, IT security policy and research, evaluating and overseeing implementation of procedural and technical IT security measures for Carilion's network, applications, computing systems and environments as well as mobile and clinical engineering assets.

Performs specific job responsibilities:

• Lead governance processes for IT security strategies.
• Lead strategic security planning to achieve organizational goals by prioritizing defense initiatives and coordinating the evaluation, deployment, and management of current and future security technologies using a risk-based assessment methodology.
• Develop and communicate security strategies and plans to executive team, staff, partners, and stakeholders.
• Assist with the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements.
• Develop, implement, maintain, and oversee enforcement of policies, procedures, and associated plans for system security administration and user system access based on industry-standard best practices.
• Define and communicate corporate plans, procedures, policies, and standards for the organization for acquiring, implementing, and operating new security systems, equipment, software, and other technologies.
• Work closely with TSG teams on organizational technology development to fully secure information, computer, network, and processing systems.
• Establish standards for the administration of all computer security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and related software.
• Develop, track, and control the security services annual operating and capital budgets for purchasing, staffing, and operations.
• In collaboration with compliance/risk management, recommend and implement changes in security policies and practices in accordance with changes in local or federal law and/or healthcare regulations.
• Assess and communicate IT security risks associated with purchases or practices performed by the company.
• Collaborate with IT leadership, privacy office, compliance, legal, and human resources to establish and maintain a system for ensuring that IT security and privacy policies are met.
• Promote and oversee strategic security relationships between internal resources and external entities, including government, vendors, and partner organizations.
• Remain informed on trends and issues in the security industry, including current and emerging technologies and prices. Advise, counsel, and educate executive and management teams on their relative importance and financial impact.

What We Require:

Education: Master's degree required.

Experience: 8-10 years of dedicated IT security related experience, total of 10 to 15 years in a combination of technical/clinical/financial leadership, consulting or system vendor experiences.

Licensure, Certification, and/or Registration: CISSP or CISSM certification Required, CISSM, CompTIA Security+, CEH: Certified Ethical Hacker, GSEC SANS GIAC preferred.

Other Minimum Qualifications: Expert technical understanding of IT security protocols, technologies and issues.

About Carilion

This is Carilion Clinic ...

An organization where innovation happens, collaboration is expected and ideas are valued. A not-for-profit, mission-driven health system built on progress and partnerships. A courageous team that is always learning, never discouraged and forever curious.

Headquartered in Roanoke, Va., you will find a robust system of award winning hospitals, Level 1 and 3 trauma centers, Level 3 NICU, Institute of Orthopedics and Neurosciences, multi-specialty physician practices, and The Virginia Tech Carilion School of Medicine and Research Institute.

Carilion is where you can make your own path, make new discoveries and, most importantly, make a difference. Here, in a place where the air is clean, people are kind and life is good. Make your tomorrow with us.

Requisition Number: 149573
Employment Status: Full time
Location: Technology Services Group
Shift: Day/Evening
Shift Details: Business Hours
Recruiter: MARK A MISKOVIC
Recruiter Phone:
Recruiter Email: mamiskovic@carilionclinic.org
For more information, contact the HR Service Center at 1-800-599-2537.

Equal Opportunity Employer

Minorities/Females/Protected Veterans/Individuals with Disabilities/Sexual Orientation/Gender Identity

Carilion Clinic is a drug-free workplace.

PI255465277