Director, Information Security, OhioHealthy

We are more than a health system. We are a belief system. We believe wellness and sickness are both part of a lifelong partnership, and that everyone could use an expert guide.

We work hard, care deeply and reach further to help people uncover their own power to be healthy. We inspire hope. We learn, grow, and achieve more - in our careers and in our communities.

Job Description Summary :

OhioHealthy Medical Plans is a provider-based health plan based in Columbus, Ohio. The plan currently serves a commercial market in the Central Ohio area.

This position is responsible for establishing and maintaining a comprehensive, system-wide information security program to ensure that information assets are adequately protected.

This includes aspects of physical security, administrative functions, risk management, and technical security. Comprehensively addresses compliance with corporate, regulatory, and / or accrediting bodies or standards for maintaining confidentiality, integrity, and availability of electronic protected health information (PHI), personally identifiable information (PII), payment card information (PCI) and health care business information (HCBI).

Identifies, evaluates, reports on, and mitigates information security risks in a manner that meets compliance and regulatory requirements and aligns with and supports the risk posture of the system.

Advises OhioHealthy's president and Board of Directors regarding acceptable levels of risk for the system. Recommends proactive solutions to mitigate security risks and maintains objectivity in order to balance risks with the system's ability to deliver on its objectives.

Designs, measures, coaches, and advocates for the security management process, while overseeing the access management process.

Minimum Qualifications :

Master's Degree : Computer and Information ScienceCISSP - Certified Information Systems Security Professional - International Information System Security Consortium

MINIMUM QUALIFICATIONS

• Industry certification in CISSP, CISM, or CISA.
• Master's degree in information security, Computer Science, or a related field or associated experience.
• Proven experience as a CISO or in a senior cybersecurity leadership role within the health insurance industry.
• Strong knowledge of healthcare and health insurance information systems and electronic health records (EHR).
• Excellent communication and leadership skills.
• Ability to collaborate with cross-functional teams and influence security-related decisions at all levels.

SPECIALIZED KNOWLEDGE

• CISSP - Certified Information Systems Security Professional.
• Bachelors / Masters with Field of Study : Computer Information Systems, Management Information Systems, Business Administration.

DESIRED ATTRIBUTES

• Excellent interpersonal skills in areas such as teamwork, facilitation, and negotiation.
• Ability to effectively communicate security issues to peers and direct management.
• Proven ability to establish and maintain effective, respectful, and trusting relationships with individuals at all levels of the organization, external colleagues and vendors representing varying needs, personalities, and styles.

RESPONSIBILITIES AND DUTIES

30% Cybersecurity Strategy and Planning :

• Develop and execute a comprehensive cybersecurity strategy aligned with business goals and regulatory requirements.
• Establish and maintain an information security governance framework.
• Ensure continuous improvement of the cyber security program.

15% Security Infrastructure :

• Oversee the design, implementation, and management of security infrastructure, including firewalls, intrusion detection / prevention systems, encryption mechanisms, vulnerability, and patch management.
• Document security policies, standards, and procedures.
• Consult on technology initiatives.
• Ensure protection and configuration standards for all technology assets.

15% Incident Response :

• Develop and maintain an incident response plan to effectively manage and respond to security incidents.
• Lead and coordinate the response to cybersecurity incidents, ensuring timely resolution and reporting, and forensic analysis.

10% Compliance and Regulatory Compliance :

• Classify all data assets.
• Ensure compliance with relevant data protection laws, industry standards, and regulatory requirements in the health insurance sector.
• Continuously adjust detective controls based on evolving cybersecurity threats and regulatory changes.

10% Security Awareness and Training :

• Develop and implement security awareness programs for employees to enhance their understanding of cybersecurity best practices.
• Conduct regular training sessions to keep the workforce informed about emerging threats.
• Ensure phishing campaigns are effective and followed up with Human Resource support.

10% Vendor Management :

• Evaluate and monitor security controls of third-party vendors and partners.
• Monitor third party interfaces.
• Ensure compliance with security requirements in vendor contracts.

10% Security Metrics and Reporting :

• Establish key performance indicators (KPIs) and metrics to measure the effectiveness of the cybersecurity program.
• Provide regular reports to executive leadership on the state of cybersecurity.

Work Shift :

Scheduled Weekly Hours :

Department

Administration

Join us!

• if your passion is to work in a caring environment
• if you believe that learning is a life-long process
• if you strive for excellence and want to be among the best in the healthcare industry

Equal Employment Opportunity

OhioHealth is an equal opportunity employer and fully supports and maintains compliance with all state, federal, and local regulations.

OhioHealth does not discriminate against associates or applicants because of race, color, genetic information, religion, sex, sexual orientation, gender identity or expression, age, ancestry, national origin, veteran status, military status, pregnancy, disability, marital status, familial status, or other characteristics protected by law.

Equal employment is extended to all person in all aspects of the associate-employer relationship including recruitment, hiring, training, promotion, transfer, compensation, discipline, reduction in staff, termination, assignment of benefits, and any other term or condition of employment