System Director IT Security
Stormont-Vail HealthCare, Topeka, KS, United States
Position Status:
Full time
Shift:
First Shift (Days - Less than 12 hours per shift) (United States of America)
Hours per week:
40
Job Information
Exemption Status: Exempt
A Brief Overview The System Director of IT Security serves as Stormont Vail Health's Chief Information Security Officer (CISO) and is responsible for the enterprise-wide cybersecurity strategy, governance, and operational security posture. This role oversees the protection of PHI and other sensitive information, ensuring the confidentiality, integrity, and availability of systems across the SVH enterprise. The position provides executive leadership for cybersecurity risk management, incident response, security architecture, vendor risk oversight, and regulatory compliance. This position will report directly to the Chief Information Officer and will be a key member of the overall technology leadership team. This role will also coordinate activities with the Chief Compliance Officer & General Counsel.
Education Qualifications
Bachelor's Degree Required Experience Qualifications
5 years Working in information systems security in a complex environment managing firewalls and other security tools. Required 2 years Experience in a management role in a complex organization. Required Skills and Abilities
Demonstrated expertise in information security infrastructure, architecture, and controls, including network security, firewalls, endpoint protection, identity and access management, logging, and threat detection technologies. (Required proficiency) Ability to independently lead and prioritize multiple complex initiatives simultaneously, balancing operational demands, strategic objectives, and risk considerations across different stages of execution (Required proficiency) Proven ability to apply critical thinking and sound judgment to translate business, clinical, and operational needs into effective security strategies and technology solutions, while appropriately managing risk and regulatory considerations. (Required proficiency) Strong financial acumen with the ability to develop, manage, and justify security budgets, evaluate return on investment, and ensure spending aligns with enterprise risk priorities and organizational goals. (Required proficiency) Ability to communicate cybersecurity risks, priorities, and incidents effectively to technical and non-technical audiences, including executive leadership Strong understanding of cybersecurity governance, risk management frameworks, and regulatory requirements applicable to healthcare environments. Licenses and Certifications
Certified Information System Security Professional - CISSP - IISSCC Required equivalent senior-level security certification (e.g., CISM) Preferred What you will do
Strategic Planning - Develop and execute a strategic approach to information security investments, ensuring the protection of PHI and other sensitive data while strengthening system resilience against phishing, malware, ransomware, and related threats. Personnel Management - Lead the IT Security Team and collaborate closely with the CIO, Director of IS, IS Engineering Manager, and Helpdesk Manager to ensure Stormont Vail staff effectively manage risk and continuously improve the organization's security posture. Risk Management & Governance - Oversee cybersecurity operations and enterprise risk management, including risk assessments, security exception management, and the development and enforcement of enterprise information security policies. Fiscal Responsibility - Provide budget guidance during the annual planning process and manage security-related CapEx and OpEx budgets. Security Operations & Monitoring - Ensure appropriate vendor relationships and tools are in place to monitor SVH security infrastructure 24x7. Incident Response Planning - Establish and maintain robust incident-response processes to ensure rapid, coordinated action during security events Develop & manage IS Quality of Service measures for IS security to provide transparency on current security risks. Develop strong partnership with IS Applications, IT Security, and all other technology teams. Responsible for 24x7x365 IS Security Team. Monitor industry data to be prepared for new security threats. Provide education to all organization levels or security risks and appropriate actions to take to prevent SVH from being impacted by the potential threats. This position will assist the Project Management team with typical PMO activities such as system security assessment Ensure that the IS Security Exception process is in place and effectively manages the security risks SVH leadership is willing to accept. Coordinate with Compliance and Legal on HIPAA/HITECH requirements Travel Requirements
5% We have a number of remote locations around NE KS that have the potential to need support. Required for All Jobs
Complies with all policies, standards, mandatory training and requirements of Stormont Vail Health Performs other duties as assigned Patient Facing Options
Position is Not Patient Facing Remote Work Guidelines
Workspace is a quiet and distraction-free allowing the ability to comply with all security and privacy standards. Stable access to electricity and a minimum of 25mb upload and internet speed. Dedicate full attention to the job duties and communication with others during working hours. Adhere to break and attendance schedules agreed upon with supervisor. Abide by Stormont Vail's Remote Worker Policy and will review and acknowledge the Remote Work Agreement annually. Remote Work Capability
Hybrid Scope
Has Supervisory Responsibility Has Budget Responsibility
Physical Demands
Balancing: Occasionally 1-3 Hours Carrying: Occasionally 1-3 Hours Climbing (Ladders): Occasionally 1-3 Hours Climbing (Stairs): Occasionally 1-3 Hours Crouching: Rarely less than 1 hour Driving (Automatic): Occasionally 1-3 Hours Feeling: Rarely less than 1 hour Grasping (Fine Motor): Occasionally 1-3 Hours Grasping (Gross Hand): Occasionally 1-3 Hours Handling: Frequently 3-5 Hours Hearing: Frequently 3-5 Hours Kneeling: Rarely less than 1 hour Lifting: Occasionally 1-3 Hours up to 10 lbs Reaching (Forward): Rarely less than 1 hour up to 10 lbs Reaching (Overhead): Rarely less than 1 hour up to 10 lbs Repetitive Motions: Rarely less than 1 hour Sitting: Continuously greater than 5 hours Standing: Occasionally 1-3 Hours Stooping: Rarely less than 1 hour Talking: Frequently 3-5 Hours Walking: Frequently 3-5 Hours Working Conditions
Dusts: Rarely less than 1 hour Noise/Sounds: Rarely less than 1 hour Other Atmospheric Conditions: Rarely less than 1 hour Poor Ventilation, Fumes and/or Gases: Rarely less than 1 hour Risk of Exposure to Blood and Body Fluids: Rarely less than 1 hour Risk of Exposure to Hazardous Drugs: Rarely less than 1 hour
Stormont Vail is an equal opportunity employer and adheres to the philosophy and practice of providing equal opportunities for all employees and prospective employees, without regard to the following classifications: race, color, ethnicity, sex, sexual orientation, gender identity and expression, religion, national origin, citizenship, age, marital status, uniformed service, disability or genetic information. This applies to all aspects of employment practices including hiring, firing, pay, benefits, promotions, lateral movements, job training, and any other terms or conditions of employment.
Retaliation is prohibited against any person who files a claim of discrimination, participates in a discrimination investigation, or otherwise opposes an unlawful employment act based upon the above classifications.
A Brief Overview The System Director of IT Security serves as Stormont Vail Health's Chief Information Security Officer (CISO) and is responsible for the enterprise-wide cybersecurity strategy, governance, and operational security posture. This role oversees the protection of PHI and other sensitive information, ensuring the confidentiality, integrity, and availability of systems across the SVH enterprise. The position provides executive leadership for cybersecurity risk management, incident response, security architecture, vendor risk oversight, and regulatory compliance. This position will report directly to the Chief Information Officer and will be a key member of the overall technology leadership team. This role will also coordinate activities with the Chief Compliance Officer & General Counsel.
Education Qualifications
Bachelor's Degree Required Experience Qualifications
5 years Working in information systems security in a complex environment managing firewalls and other security tools. Required 2 years Experience in a management role in a complex organization. Required Skills and Abilities
Demonstrated expertise in information security infrastructure, architecture, and controls, including network security, firewalls, endpoint protection, identity and access management, logging, and threat detection technologies. (Required proficiency) Ability to independently lead and prioritize multiple complex initiatives simultaneously, balancing operational demands, strategic objectives, and risk considerations across different stages of execution (Required proficiency) Proven ability to apply critical thinking and sound judgment to translate business, clinical, and operational needs into effective security strategies and technology solutions, while appropriately managing risk and regulatory considerations. (Required proficiency) Strong financial acumen with the ability to develop, manage, and justify security budgets, evaluate return on investment, and ensure spending aligns with enterprise risk priorities and organizational goals. (Required proficiency) Ability to communicate cybersecurity risks, priorities, and incidents effectively to technical and non-technical audiences, including executive leadership Strong understanding of cybersecurity governance, risk management frameworks, and regulatory requirements applicable to healthcare environments. Licenses and Certifications
Certified Information System Security Professional - CISSP - IISSCC Required equivalent senior-level security certification (e.g., CISM) Preferred What you will do
Strategic Planning - Develop and execute a strategic approach to information security investments, ensuring the protection of PHI and other sensitive data while strengthening system resilience against phishing, malware, ransomware, and related threats. Personnel Management - Lead the IT Security Team and collaborate closely with the CIO, Director of IS, IS Engineering Manager, and Helpdesk Manager to ensure Stormont Vail staff effectively manage risk and continuously improve the organization's security posture. Risk Management & Governance - Oversee cybersecurity operations and enterprise risk management, including risk assessments, security exception management, and the development and enforcement of enterprise information security policies. Fiscal Responsibility - Provide budget guidance during the annual planning process and manage security-related CapEx and OpEx budgets. Security Operations & Monitoring - Ensure appropriate vendor relationships and tools are in place to monitor SVH security infrastructure 24x7. Incident Response Planning - Establish and maintain robust incident-response processes to ensure rapid, coordinated action during security events Develop & manage IS Quality of Service measures for IS security to provide transparency on current security risks. Develop strong partnership with IS Applications, IT Security, and all other technology teams. Responsible for 24x7x365 IS Security Team. Monitor industry data to be prepared for new security threats. Provide education to all organization levels or security risks and appropriate actions to take to prevent SVH from being impacted by the potential threats. This position will assist the Project Management team with typical PMO activities such as system security assessment Ensure that the IS Security Exception process is in place and effectively manages the security risks SVH leadership is willing to accept. Coordinate with Compliance and Legal on HIPAA/HITECH requirements Travel Requirements
5% We have a number of remote locations around NE KS that have the potential to need support. Required for All Jobs
Complies with all policies, standards, mandatory training and requirements of Stormont Vail Health Performs other duties as assigned Patient Facing Options
Position is Not Patient Facing Remote Work Guidelines
Workspace is a quiet and distraction-free allowing the ability to comply with all security and privacy standards. Stable access to electricity and a minimum of 25mb upload and internet speed. Dedicate full attention to the job duties and communication with others during working hours. Adhere to break and attendance schedules agreed upon with supervisor. Abide by Stormont Vail's Remote Worker Policy and will review and acknowledge the Remote Work Agreement annually. Remote Work Capability
Hybrid Scope
Has Supervisory Responsibility Has Budget Responsibility
Physical Demands
Balancing: Occasionally 1-3 Hours Carrying: Occasionally 1-3 Hours Climbing (Ladders): Occasionally 1-3 Hours Climbing (Stairs): Occasionally 1-3 Hours Crouching: Rarely less than 1 hour Driving (Automatic): Occasionally 1-3 Hours Feeling: Rarely less than 1 hour Grasping (Fine Motor): Occasionally 1-3 Hours Grasping (Gross Hand): Occasionally 1-3 Hours Handling: Frequently 3-5 Hours Hearing: Frequently 3-5 Hours Kneeling: Rarely less than 1 hour Lifting: Occasionally 1-3 Hours up to 10 lbs Reaching (Forward): Rarely less than 1 hour up to 10 lbs Reaching (Overhead): Rarely less than 1 hour up to 10 lbs Repetitive Motions: Rarely less than 1 hour Sitting: Continuously greater than 5 hours Standing: Occasionally 1-3 Hours Stooping: Rarely less than 1 hour Talking: Frequently 3-5 Hours Walking: Frequently 3-5 Hours Working Conditions
Dusts: Rarely less than 1 hour Noise/Sounds: Rarely less than 1 hour Other Atmospheric Conditions: Rarely less than 1 hour Poor Ventilation, Fumes and/or Gases: Rarely less than 1 hour Risk of Exposure to Blood and Body Fluids: Rarely less than 1 hour Risk of Exposure to Hazardous Drugs: Rarely less than 1 hour
Stormont Vail is an equal opportunity employer and adheres to the philosophy and practice of providing equal opportunities for all employees and prospective employees, without regard to the following classifications: race, color, ethnicity, sex, sexual orientation, gender identity and expression, religion, national origin, citizenship, age, marital status, uniformed service, disability or genetic information. This applies to all aspects of employment practices including hiring, firing, pay, benefits, promotions, lateral movements, job training, and any other terms or conditions of employment.
Retaliation is prohibited against any person who files a claim of discrimination, participates in a discrimination investigation, or otherwise opposes an unlawful employment act based upon the above classifications.