Job Description
Directs, plans, organizes, and evaluates the staff and activities of the Information Security function. Protects the organizations digital assets from unauthorized access. Secures systems which protect both online and on-premise infrastructures, responds to alerts, mitigates risks before breaches occur and supports efforts to contain, triage and recover from cyber incidents when they occur.
Job Responsibility
1.Plans, organizes, and directs the staff and activities for applicable information security design, engineering and operational support activities. 2.Develops and articulates a short and long-term strategic vision for areas of responsibility. 3.Leads the Information Security Team in the development, documentation and maintenance of security policies, guidelines, standards and baselines and procedures. 4.Interprets legislation or pending legislation related to the storage, retrieval, and protection of information assets or technology systems, and develops strategies for ensuring organizational compliance with regulations. 5.Oversees performance of IT risk assessments, reviews security architectures, identifies vulnerabilities, and oversees remediation activities. 6.Plans, organizes, and directs the staff and activities for applicable information security design within all health system computing environments. 7.Ensures compliance with HIPAA and other applicable regulatory and standards-based requirements. 8.Develops and oversees Information Security Programs (e.g. Emergency Patch Management, Incident Response, Vulnerability Management, Security Operations Center, Disaster Recovery). 9.Prepares recommendations for security enhancements and upgrades to Information Security tools, technologies and services portfolio. 10.Selects, develops, manages, and evaluates direct reports and oversees the development, selection, and evaluation of indirect reports. 11.Ensures performance appraisals are completed in a timely fashion. 12.Develops and enforces security protocols for application and infrastructure configurations. 13.Provides oversight to prioritizing risk remediation activities. 14.Assists company units to determine critical business processes, identify acceptable recovery time periods and establish resources required for the successful resumption of business operations in the event of a disaster. 15.Plans and coordinates the testing of recovery support and business resumption procedures in different functional areas; ensures that recovery procedures are effective for the restoration of key corporate resources and for the resumption of critical business processes. Performs related duties as required. All responsibilities noted here are considered essential functions of the job under the Americans with Disabilities Act. Duties not mentioned here, but considered related are not essential functions.
Job Qualification
∙Bachelor’s degree in Computer Science, Cyber Security or related field, required.
∙8-12 years of relevant experience and 7+ years of leadership / management experience, required.
Highly PReferred:
- Deep healthcare industry knowledge: Understanding HIPAA, HITECH, and other relevant regulations, as well as the unique operational challenges and data sensitivities within healthcare.
- Disaster Recovery expertise: Proven experience designing, implementing, and testing disaster recovery plans, including RTO/RPO/MTD definition and achievement. Familiarity with various recovery strategies (active/active, active/passive, warm/cold sites) and technologies.
- Business Continuity Planning: Integrating disaster recovery within a broader business continuity framework, ensuring organizational resilience and minimizing service disruptions.
- Information Security acumen: Strong understanding of information security principles, risk management, and cybersecurity best practices within a healthcare context.
- Leadership and Communication: Ability to lead and influence cross-functional teams, communicate effectively with technical and non-technical stakeholders, including C-level executives, and build consensus.
- Project Management: Experience managing complex projects, including budget management, resource allocation, and vendor management.
- Technical proficiency: Familiarity with relevant technologies, including cloud computing, virtualization, backup/recovery solutions, and networking.
- Problem-solving and analytical skills: Ability to analyze complex situations, identify risks, and develop effective solutions.
- Regulatory compliance: Knowledge of relevant regulations (HIPAA, HITECH, etc.) and experience ensuring compliance.
- Vendor management: Experience negotiating and managing contracts with third-party vendors.
- Certifications: Relevant certifications such as CBCP, MBCI, CISSP, CISA, CRISC are highly valued.
- Experience: 8-10 years directing an enterprise Disaster Recovery team
- It’s also beneficial to have experience with specific healthcare IT systems (EHR, EMR, PACS) and emerging technologies like AI and machine learning for disaster recovery automation and optimization.
*Additional Salary Detail
The salary range and/or hourly rate listed is a good faith determination of potential base compensation that may be offered to a successful applicant for this position at the time of this job advertisement and may be modified in the future.When determining a team member’s base salary and/or rate, several factors may be considered as applicable (e.g., location, specialty, service line, years of relevant experience, education, credentials, negotiated contracts, budget and internal equity).
The salary range for this position is $152,000-$266,000/year
Salary ranges shown on third-party job sites may not accurately reflect ranges provided by Northwell Health. Candidates should check Northwell Health Careers for accurate information and discuss salary/hourly details and our comprehensive benefits with a recruiter, if selected for an interview.
