To coordinate the management of multiple related projects and ongoing process improvement opportunities directed toward the development and optimization of an enterprise wide incident response program. Organize the processes, technologies, resources and capabilities available to CCHS that enable the detection, response and recovery of a potential cybersecurity incident. Oversee the projects in the program including monitoring budget, schedule, resources, and delivery of outcomes. Accountable to deliver the specific outcomes defined by the program.
PRINCIPAL DUTIES AND RESPONSIBILITIES :
Works closely with the information security team members, stakeholders, and IT staff to create strategy, approach, sequencing, and timeline for projects and the overall information security incident response program, focusing on process improvements.
Provides intake mechanism for organizational ideas, including information technologies, and lead the team members and stakeholders through all stages of the development and implementation of an effective incident response program.
Ensures multiple projects that comprise the program are linked in an effective manner to deliver the expected program outcomes and benefit, in an integrated fashion. Participate as systems/process analyst resource for project managers to steer the project toward the program goals.
Provides and presents organizational communication and education related to the program. Ensure communications are consistent and coordinated.
Serves as lead and point of contact for all information security related incident response related activities.
Provides direction to team members assigned to projects and operational activities associated with information security incident response.
Provides guidance and coordination for incident response efforts including triage, evaluation, coordination and executive reporting.
Leads efforts to identify incident trends and opportunities to mitigate the risk of future incidents.
Acts as the leader to own and manage longer term incident remediation, and ensure that the implementation of any new technologies are integrated effectively while following departmental approval, implementation, and change control protocol.
Provides assistance with maintaining case information, chain of custody reporting, and full documentation of issues from identification through remediation.
Contributes to the creation, update and distribution of incident response best practices to include response capabilities and recommendations to senior leadership when dealing with incidents that impact Christiana Care.
Processes vulnerability and threat data from a variety of internal and external sources to provide actionable intelligence to internal consumers in order to implement countermeasures and maintain and enhance the defenses for our information systems and resources.
Performs assigned work safely adhering to established departmental safety rules and practices. Reports to supervisor, in a timely manner, any unsafe activities, conditions, hazards or safety violations that may cause injury to oneself, other employees, patients and visitors
Performs other related duties as required
SCOPE, PURPOSE, AND FREQUENCY OF CONTACTS :
Daily contact and interaction with all levels of CCHS employees, management, executives, vendors, and IS support staff and management. Frequent contact with external resources, including other hospital management and third parties.
DIRECTION/SUPERVISION OF OTHERS :
Provides ongoing guidance to personnel working on projects within program. Provides ongoing process and leadership on elements related to the incident response program. Provides direct feedback to leaders regarding the performance of individuals within the team working on projects within the program.
DIRECTION/SUPERVISION RECEIVED :
Information Security Manager, Chief Information Security Officer (CISO) and Chief Information Officer (CIO).
EDUCATION AND EXPERIENCE REQUIREMENTS :
Bachelor's degree or commensurate experience in a discipline related to the assigned area.
10+ years of combined healthcare, project/program management, and minimum 5-7 years information security experience with an emphasis on experience with large, complex projects and/or programs.
KNOWLEDGE, SKILL, AND ABILITY REQUIREMENTS :
Ability to lead, influence and collaborate with remote team members, proven delivery, remediation and incident response background.
Ability to work with and translate complex scenarios into a simplistic manner for non-technical resources (General Counsel, Project Management, Privacy, etc.).
Operational knowledge of firewalls, routers, switches, messaging systems, various commonly used operating systems (Windows, Linux, UNIX), common attack tools, and vulnerability detection/management tools.
Solid understanding of forensic and incident response casework.
In-depth understanding of security operations concepts, vulnerability management and incident remediation within a complex healthcare organization.
Strong strategic, analytical and problem solving skills are essential to manage complex projects in a multi-task environment.
Demonstrated experience in project planning and execution, change planning and management,
Experience with the management and monitoring of enterprise security technologies, including SIEM, anti-virus, anti-malware, DLP, IDS/ IPS, vulnerability scanners, configuration management, and encryption
Experience with leading the development, implementation, and management of incident response plans and response activities
Understanding of security threat environment relative to computer network architectures, designs, topologies, applications, databases, email systems, remote access, and operating system platforms
Knowledge of structured project management methodologies.
Knowledge of healthcare environment and the use of technology within that environment.
Skill in presenting to groups of all technical, managerial and executive levels.
Skill in developing requests for information and request for proposals for hardware and software.
Skill in written and verbal communication.
Skill in telephone communications and public relations.
Ability to identify key elements of an assignment, anticipate potential problems and take steps to avoid them.
Ability to acquire a broad hospital functional knowledge and develop cross-functional vision and strategy.
Ability to handle multiple tasks simultaneously, and remain effective in high pressure situations.
Ability to absorb material from trade publications, academic and industry sources.
Ability to network with other healthcare, technology and information security individuals and organizations.
Ability to assume responsibility and to work flexible hours with minimal supervision.
Ability to take on-call assignments
SPECIAL REQUIREMENTS :
CISSP, CEH, CISM or other industry-relevant cyber-security certifications are a plus.
PHYSICAL DEMANDS :
Occasional lifting and carrying of computer equipment. Normal office requirements. Ability to travel to and work within various CCHS facilities. Ability to work under stressful situations for prolong periods of time including periods outside of regular business hours
WORKING CONDITIONS :
Pleasant, non-smoking office environment.
Relocation expenses are negotiable.
Internal Number: 48558BR
About Christiana Care Health System
Christiana Care Health System is headquartered in Wilmington, Delaware and is one of the country's largest health care providers, ranking 21st in the nation for hospital admissions. Christiana Care is proudly a Nurse Magnet recognized institution. Christiana Care Health System is also one of the largest health care providers in the mid-Atlantic region, serving all of Delaware and portions of seven counties bordering the state in Pennsylvania, Maryland and New Jersey. A not-for-profit, non-sectarian health system, Christiana Care includes two hospitals with more than 1,100 patient beds, and is a major teaching hospital with two campuses. Christiana Care is continually recognized for excellence on a regional and national level. Our role in the community is expressed in the Christiana Care Way: "We serve our neighbors as respectful, expert, caring partners in their health. We do this by creating innovative, effective, affordable systems of care that our neighbors value."Christiana Care is a great place to work because we value diversity and recognize it to be a core part of our success. Because of the diversity of our employees, affiliated health professionals and volunteers, we are... positioned to meet the unique needs of our patients and community. We acknowledge and celebrate the uniqueness and talent of each employee. Because of our talented workforce we are able to provide a quality healthcare experience to our patients and community. We strive to create an inclusive environment in which individual diversity can be leveraged and thrive. Christiana Care Health System is an equal opportunity employer, firmly committed to prohibiting discrimination, whose staff is reflective of its community and considers qualified applicants for open positions without regard to race, color, sex, religion, national origin, sexual orientation, genetic information, gender identity or expression, age, veteran status, disability, pregnancy, citizenship status, or any other characteristic protected under applicable federal, state, or local law.