This position is responsible for many facets of information security management including, but not limited to, developing and maintaining information security policies and standards aligned with business objectives, best practices, healthcare regulations, and PCI DSS requirements; assessing enterprise and third party compliance with enterprise IT governance and regulatory compliance requirements; working with all facets of the organization, as well as third parties to carry out cybersecurity an risk assessments; collaboration with stakeholders and subject matter experts to identify and recommend information security controls that satisfy business objectives, enterprise governance, related regulations, and industry requirements; communicating risk to the CISO, stakeholders, and the organization. This is a leadership position managing several managers and teams reporting to the Chief Information Security Officer (CISO). This position serves as a central point of contact for the information cybersecurity governance, risk management, and compliance functions.
Leads and manages information cybersecurity managers and staff in the Cybersecurity GRC department.
Evaluates, directs, and monitors overall Cybersecurity GRC effectiveness.
Oversees and directs ongoing enhancements to Cybersecurity Governance, Risk and Compliance and information security compliance activities.
Collaborates with Information Security departments and the organization to develop and update security standards, procedures, guidelines, and best practices.
Oversees and manages Capital and Operating budget activities.
Provides direction and assistance to internal personnel and external entities (subcontractors, contractors, and vendors) regarding Cybersecurity GRC requirements and capabilities.
Management and reporting of key information security performance indicators and continuous improvement planning.
Must possess strong knowledge of Cybersecurity GRC and a practicing proficiency level typically attained with ten or more years of experience in Cybersecurity Information Technology with increasing levels of responsibility in vendor management, risk, contracting, business management, financial and program management and/or the completion of a bachelor\u2019s degree in Business Administration or related field.
Depending upon assigned area of responsibility, position may require applicable certifications and/or licensures, including but not limited to: RN; MD or DO; Driver\u2019s License; Certified Healthcare Protection Administrator (CHPA); Certified Protection Professional (CPP); Chartered Property Casualty Underwriter (CPCU); Associate in Risk Management (ARM); CPA; SPHR; Registered Health Information Administrator (RHIA); Registered Health Information Technologist (RHIT); Certified Healthcare Facility Manager (CHFM); Certified Facility Manager (CFM); Certified Coding Specialist (CCS); Certified Professional Coder (CPC); JD from an American Bar Association accredited school; admission to a State Bar Association.
Deep and fundamental knowledge of cybersecurity best practices and industry standards from a business, technical and operational perspective. Expert working knowledge of managing cybersecurity risk in large-scale enterprises. Ability to be a visionary, strategic and tactical. Knowledge of current and emerging security standards, privacy regulations and security requirements are a must. Must demonstrate superb knowledge in information technology. Needs considerable proven information technology leadership experience to lead large scale project planning, reporting, Audit coordination, and financial management. Successful candidate will have skills and experience to recruit, mentor, motivate, evaluate, and retain an effective staff. Requires exceptional communication, presentation, and negotiation skills to engage technical and non-technical audiences. Requires leadership skills with ability to lead, communicate, and interact across facilities and at various levels. Must possess ten plus years of vendor and business management experience including extensive knowledge and experience in commercial and regulatory requirements, information security policies and standards, third party risk management practices, contracting language and vendor negotiation and a proven ability to lead large financial portfolios and practices.
Previous GRC, cybersecurity and/or compliance leadership experience in healthcare preferred. Advanced Degree in Information Systems, Business Administration, or a related field. Industry certifications: CISM, EAP, PMP, CRISC, CRVPM, CRCM, etc.
Additional related education and/or experience preferred.
Internal Number: 260824
About Banner Health
You want to change the health care industry – one life at a time. You belong here. You’re excited to be part of the dramatic changes happening in the health care field. In fact, you thrive on change. But you also understand that excellent, compassionate patient care is the true measure of the success of these changes. You belong at Banner Health. Our award-winning, comprehensive health system includes 23 hospitals in seven western states, primary care health centers, research centers, labs, a network of physician practices and much more. Throughout our system, skilled, compassionate professionals use the latest technology to change the way care is provided. If you’re looking to be a key contributor to a forward-looking organization, you’ll experience a wide variety of professional advantages: •Our vision for changing the future of health care gives you the opportunity to leverage your abilities to achieve something historic. •Our expansive system offers you an unmatched variety of clinical settings – from large urban trauma center to small rural hospital, ambulatory to home health. Our system also includes hospitals specializing in cancer, heart health and pediatrics. •Our many loc...ations also translate into a broad selection of exciting and rewarding lifestyle options – from the big city to the wide-open spaces. •Our commitment to healthcare innovation means you always have the latest technologies at your fingertips to help you provide the finest care possible. •The size, success and growth of our system provide you with the stability and options to pursue your desired career path. •Our competitive compensation and comprehensive benefits offer you options to complement your unique needs.