Advertised Director of Cyber Security, IT Cyber Security

Director Of Cyber Security, It Cyber Security

Full-Time, Day Shift, 80 Hours Per Pay Period

Covenant Health Overview:

Covenant Health is the region's top-performing healthcare network with 10 hospitals, outpatient and specialty services, and Covenant Medical Group, our area's fastest-growing physician practice division. Headquartered in Knoxville, Covenant Health is a community-owned integrated healthcare delivery system and the area's largest employer. Our more than 11,000 employees, volunteers, and 1,500 affiliated physicians are dedicated to improving the quality of life for the more than two million patients and families we serve every year. Covenant Health is the only healthcare system in East Tennessee to be named a Forbes "Best Employer" seven times.

Position Summary:

The Director of Cybersecurity reports to the Chief Information Security Officer (CISO) and is responsible for overseeing cybersecurity operations and strategy within Covenant Health. This role ensures Confidentiality, Integrity, and Availability of information assets, particularly sensitive data (PHI). This role also involves setting the vision and direction for cybersecurity services, implementing standards and security policies that are maintained, and managing technical implementation projects. The Director of Cybersecurity has financial and budgetary responsibilities, manages a wide range of vendors and external partners, and personnel management within the cybersecurity area. This position leads and ensures performance management and career development for an extended team of cybersecurity professionals. The role also involves developing strategic cybersecurity roadmaps and collaborating with other IT and clinical technology teams within the health system to secure sensitive data and ensure compliance with HIPAA regulations.

Responsibilities

Leadership & Team Management

• Leadership: Direct and provide leadership to all cybersecurity staff
• Change Agent: Support and lead the efforts to change team cultures, dynamics, processes, and technologies
• Team Management: Lead cybersecurity management team to ensure performance management and career development
• Staff Development: Provide leadership, development, coaching, and guidance to ensure the appropriate departmental developmental goals are set and achieved
• Ongoing Continuous Development: Champion innovative efforts and stay abreast of leading-edge solutions for recruitment, development, and retention of the cybersecurity workforce

Cybersecurity Operations

• Operations Oversight: Oversee the day-to-day operations of cybersecurity measures
• Incident Response: Lead the incident response team in managing and resolving security breaches and incidents
• Compliance: Ensure compliance with HIPAA and other relevant regulations and standards
• Technical Implementation: Lead technical implementation projects related to cybersecurity
• Continuous Improvement: Stay informed about emerging technologies and industry trends, making recommendations for improvement

Strategic Planning & Implementation

• Strategic Planning: Develop and maintain strategic cybersecurity roadmaps
• Resource Planning: Conduct proactive resource planning based on anticipated demand
• Milestone Establishment: Establish deliverables and projected milestones for solution delivery
• Technical Roadmap: Lead the development of cybersecurity strategies and technical roadmap

Vendor & Budget Management

• Vendor Management: Manage relationships with cybersecurity vendors
• Budget Management: Develop annual operating budgets and long-term capital budgets for cybersecurity projects

Operational Efficiency

• Performance Monitoring: Monitor network and systems performance
• Service Management: Oversee operational and service management processes

Collaboration & Relationship Building

• Collaboration: Collaborate with other IT teams and clinical IT teams
• Relationship Building: Develop relationships with key business leaders

Security Awareness and Training Programs

• Training Programs: Develop and implement security awareness and training programs

Third-Party Risk Management

• Risk Management: Oversee the assessment and management of cybersecurity risks associated with third-party vendors

Policy Development and Enforcement

• Policy Development: Develop, implement, and enforce cybersecurity policies

Security Architecture and Design

• Architecture and Design: Lead the design and implementation of secure network architectures

Incident Management and Forensics

• Incident Management: Oversee incident management and forensic investigations

Regulatory Compliance

• Regulatory Compliance: Ensure compliance with relevant regulations

Business Continuity and Disaster Recovery

• Continuity and Recovery: Develop and maintain business continuity and disaster recovery plans

Other Responsibilities

• Local Travel: Required for the role
• Other Duties: Perform other related duties as assigned

Qualifications

Education:

• Bachelor's degree or equivalent experience in cybersecurity, information technology, or a related field is required
• Master's degree, graduate certificate, or certifications such as CISSP, CISM, or CISA are strongly preferred

Experience:

• Minimum of 7 years of leadership experience in cybersecurity within an enterprise-sized IT organization is required
• Experience in healthcare technology and healthcare/hospital clinical information systems preferred