This job has expired and you can't apply for it anymore. Start a new search.
Baylor Scott White Health logo
Company Name:
Baylor Scott White Health
Approximate Salary:
Not Specified
Temple, Texas
United States
Position type:
Experience level:
Education level:

Director of Cyber Security Risk and Operations

Director of Cyber Security Risk and Operations-(18008023)DescriptionThis Director of Cyber Security Risk and Operations will report to the Chief Information Security Officer and will lead a multidisciplinary team responsible for ongoing cyber risk management activities to protect BSWH Information and Information Systems. Specifically, the identification, protection, detection, response and recovery as it relates to cyber threats and events for BSWH. This includes, cyber security leadership & oversight related to the cyber program planning & development, projects, implementation/monitoring/reporting of key cyber controls, threat intelligence, threat monitoring, ownership of key cyber technologies, process, procedures, guidance and awareness.Primary Location: Dallas or Temple TXLimited Travel Required:Yes, 20% of the time Leader is expected to spend regular time in Temple if located in Dallas or vice-versa.ResponsibilitiesStrategic PlanningOrganizes, staffs, and manages BSWH information security capabilities based on cyber security regulations and best practices such as the NIST Cybersecurity Framework (CSF), NIST 800-53, HIPAA Security Rule, TBI Model Audit Rule and others as required. Oversees a program to protect organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, partners, and customers from a diverse set of threats and hostile cyber-attacks. In direct support of the CISO, establishes and maintains an organization-wide process that manages information security and privacy risk.Policy DevelopmentDefines, develops and implements cyber specific security policies, protocols, procedures and guidelines as they pertain to all facets of security risk management. Responsible for the creation, publication, and distribution of cyber security policies, ensuring alignment with NIST CSF framework. Assigns ownership and maps policies to key business areas and objectives. Must effectively manage the entire policy development lifecycle process including the process to handle policy exceptions.Compliance ManagementResponsible for NIST Cyber Security Framework Control Compliance Program. Responsible for owning many key cyber controls. Responsible for specific controls as it relates to the TDI Model Audit Rule Compliance.Vulnerability ManagementEffectively manages the entire vulnerability management lifecycle, from detection and reporting through remediation tracking and verification. Responsible for cataloging IT assets with a full business context to prioritize scanning and response. Proactively manages IT security risks by combining asset business context, actionable threat intelligence, vulnerability assessment results, and comprehensive workflows to remediate vulnerabilities. Develops and monitors a continuous improvement process, driven by SLA s and data, to lower vulnerability risk throughout the enterprise. Acts as a liaison with the IT organization and the business to coordinate patch management efforts with business processes.Security Operations Center / Incident ResponseMaintains a responsive and effective security operations capability that will identify, contain and resolve cybersecurity incidents by minimizing business impact and meeting compliance and reporting obligations. Oversees the Security Operations Center, managing a security incident response capability based on the best practices of NIST 800-61. Develops an incident response plan and procedures, including workflow-driven reporting for security incidents. Creates and monitors real-time dashboards and alerts for senior security staff. Effectively monitors key performance indicators, measures control efficacy and manages the overall security operations center (SOC) team.Technology SolutionsResponsible for the selection, configuration, staff training, tuning, and maintenance of all security-related and GRC technologies, to include SIEM solutions, SPLUNK Enterprise Security, vulnerability scanning, endpoint protection, advanced malware protection, Internet Hygiene systems, Email Hygiene systems, forensics and legal hold related systems. Manages product development with an established project management framework, roadmap and continuously assesses the value of security software and its ability to address cyber risk.MetricsCreates and implements a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitating appropriate resource allocation, and increasing the maturity of enterprise security. Measures and reports on the effectiveness of cybersecurity controls to ensure alignment with the cyber strategy and strategic cyber goals by focusing on operational performance and quality outcomes. Works with the business and IT organization to develop meaningful and actionable SLA s, documenting results in an executive dashboard that enables monitoring and continuous improvement.Leadership, Communication, and Stakeholder InteractionServes as a thought leader in the field of Information Security, which includes working with key partners and vendors to develop strategic direction around policies, process, and capabilities that can help change or enhance the security strategy at BSWH. Keeps informed of new technologies or application methodologies through publications, membership in professional organizations and contact with other IT organizations and institutions. Develops and mentors information security employees, creating and managing a career development and training program to enable employee growth. Works closely with all parts of the business to ensure that security efforts align with the mission and goals of BSWH, empowering the business through secure access to data and the ability to operate effectively.KNOWLEDGE, SKILLS, and ABILITIES* Experience working directly with customers to examine business needs and solve complex security matters.* Ability to communicate technical security information with all stakeholders and customers in straightforward terms, making complicated technical issues relatable for all.* Experience presenting results of assessments, findings, and other project information to customers with professional presentations skills and demeanor, facilitating meaningful discussion and feedback.* Ability to work proactively with internal and external customers, demonstrating the understanding that security must enable the business processes and tasks.* Experience with cybersecurity governance, risk and compliance functions, threat modeling, identity and access management and cybersecurity operations.* Cybersecurity experience in large complex business organizations; Business consulting experience.* Deep understanding of cybersecurity and the relationship between threat, vulnerability and information value in the context of risk management.* Demonstrated ability to build, lead, and develop effective, cohesive and collaborative management and operational teams.* Strong proficiency with common cybersecurity management frameworks and industry leading practices.* Experience leading teams and/or organizations through significant process and technology transformation. This includes the ability to improve operational efficiency, service delivery, and information management across an organization.* Expertise in budget planning, financial management, and resource management (including the ability to develop cost-effective approaches to organizational needs).* Ability to communicate effectively, in both written and verbal forms, and to articulate complex technology and operations solutions in business terms.PREFERRED CANDIDATE PROFILE* Minimum of BA/BS degree in Computer Science, Information Security and Technology, a related field or equivalent work experience, with a Master s degree preferred.* Minimum of 7 years of relevant work experience in cybersecurity policy, standards, architecture, technology and programs with experience in planning, organizing, and developing cyber and information security capabilities in large organizations, guided by information security frameworks such as NIST.* Minimum of 6 years in a key cyber incident response role for a large and compex organization.* Minimum of 5 years in a consulting or other position with experience interacting with customers in a security deliver role, specifically in the areas of requirements gathering, project communication, testing, and presentation.* Minimum 4 years experience managing, developing, and maturing Vulnerability Management technologies at scale that can regularly scan, locate, report on and help drive remediation of system vulnerabilities throughout the enterprise.* Minimum 3 years experience managing, developing, and maturing eGRC technologies such as RSA Archer or ServiceNow GRC, and their related security governance processes.* Certifications: Certified Information Systems Security Professional (CISSP)#LI-EX1Qualifications* Bachelor s Degree* 7+ years of experiencePrimary Location:US-Texas-TempleWork Locations:Main Hospital - 0 floor2401 South 31st StreetTemple76508Job:Information SecurityOrganization:CorporateShift:Day JobJob Type:StandardJob Posting:May 17, 2018, 12:25:27 PM
Associated topics: air force, defense, defense contract, department of defense, department of energy, fire support specialist, human intelligence, sco, ts clearance required, uav

More Jobs Like This