Director of IT Operations & Information Security Officer
General Summary / Overview Statement:
The Director of IT Operations & Information Security Officer is an exempt, non-clinical position primarily responsible for leading an IT system support & engineers' team with the goal of providing ongoing improvements towards engagement & technical operational processes across the organization, including introducing efficiencies into existing processes. This person will also be responsible for maintaining a dynamic knowledge base of technical solutions for IT service teams. In addition, provides the vision and strategies necessary to ensure the confidentiality, integrity, and availability of electronic information by communicating risk, creating and maintaining enforceable policies and supporting processes, and ensuring compliance with regulatory requirements.
Principal Duties and Responsibilities:
Customer focused, who builds and grows end-user client relationships
Overseeing technical projects in alignment with organizational goals
Supervising a team of workers, while working closely with management, external vendors and advisors
Directs an ongoing, proactive risk assessment program for all new and existing systems and remains familiar with Compass's goals and business processes so effective controls can be put in place for those areas presenting the greatest information security risk
Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program
Work directly with the business units to facilitate risk assessment and risk management processes.
Develop and enhance an information security management framework
Manage strategic relationships between I.T. resources and external vendors
Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services
Acts proactively to prevent potential disaster situations by ensuring that proper protections are in place, such as intrusion detection and prevention systems, firewalls, and effective physical safeguards, and provides for the availability of computer resources by ensuring a business continuity/disaster recovery plan is in place to offset the effects caused by intentional and unintentional acts.
Provide leadership to the enterprise's information security organization
Work in a collaborative manner to build and manage strong relationships both within and outside the H.I.T department, and/or external vendors, to ensure that end user problems are fully resolved, and documented
Help create and improve IT business processes with special focus on process improvements, service delivery, risk management, communication skills & accountability
Drives Successful Engagements by building cohesive teams and following core principles of IT service management & project management
Directing the effective delivery of networks, development, and disaster recovery systems and processes
Drives synergies between IT investments and Business objectives to facilitate strategic goals. Presents regular updates and key reporting metrics to the organizational leadership
Assists in the development of quality improvement projects for the company as it relates to IT services
Assist in the development of cost/benefit analyses for business use cases related to IT related initiatives
Other duties as assigned
BA/BS/MS in IT field or Organization Development or similar preferred
5+ years of management or leadership experience required
Minimum of 5 years of experience in a combination of risk management, information security and IT jobs
Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST
Professional security management certification
Experience working in healthcare provider environment preferred
Project Management experience preferred
Knowledge of HIPAA, Hi-Trust Knowledge of Windows 10 & Microsoft Enterprise Solutions Office 365, SQL etc.
Knowledge of Active Directory
Knowledge of Desktop Virtualization solutions required such as Citrix,VMware
Good understanding of routers, firewalls, traffic managers
Good understanding of TCP/IP network concepts and network trouble-shooting
Basic understanding of group policy objects, print servers, & access control lists.
Skills and Abilities:
Ability to manage multiple high-priority initiatives in a fast-paced, highly technical environment.
Ability to listen and exercise patience to resolve IT matters, particularly with non-technical users
Ability to maintain composure and professionalism during difficult customer encounters and/or crisis situations
Excellent communication skills, with ability to express verbally and in writing technical knowledge, procedures, and processes in clear, orderly and easily understood presentation
Excellent time management and organizational skills
Desire to solve problems and create an environment where that knowledge is shared amongst the team.
Ability to process information in a logical manner (aid in troubleshooting and diagnosing computer-related problems/issues)
Ability and desire to learn new skills and the flexibility to adapt to changes in technology and the work environment
Ability to work both independently and cohesively within the team environment
Ability to work within a flexible schedule, including occasional evening and weekend shifts and multiple locations
Ability to manage and motivate staff to work as a cohesive team
Ability to manage tasks and processes to successful completion, especially when working with resources that aren't subordinates