POSITION PURPOSE: The Security Governance Director manages the personnel, technology components, vendors, and programs necessary to achieve the objectives of OHCA’s Information Security Program as it relates to the systems that comprise the Medicaid Enterprise. The Director is responsible for the development and implementation of the vision, strategies, and management processes that effectively governs information security.
PRINCIPLE ACTIVITIES: *Provide oversight, leadership, and direction for the Medicaid Enterprise information security program and incorporate security governance into all OHCA information management activities. *Develop, document, maintain and lead the enforcement of information security guidelines, policy, procedures, and standards. *Provide and manage an information security awareness training program to ensure personnel within the organization receive training on current security threats and regulations. *Chair the Security Governance Steering Committee. *Serve as central contact for organizational audits relating to information security, review information security reports as required by contract from contracted vendors, and maintain an internal audit process to monitor security processes such as system access, account inactivity, etc. *Lead annual compliance assessments, annual documentation reviews, perform risk assessments, and work with outside consultants as appropriate for independent security assessments to meet regulatory compliance requirements. *Coordinate and participate in activities with the disaster recovery team to ensure security objectives are met; advise team and management on any threats or deficiencies identified within the current plan. *Develop and manage processes to remediate findings from assessments, audits, penetration tests, security bulletins, patch management reports, vulnerabilities scans, etc. *Conduct reviews of security practices within business operations; actively monitor external trends and best practices in security management and recommend changes to BE Directors, business owners, the BE Chief, and OHCA Executive Staff as needed. *Collaborate and communicate effectively with all partners including business owners, OHCA Executive Staff, OMES, HPES and other OHCA vendors, and relevant state and federal agencies as it relates to information security threats, incidents, vulnerabilities, etc. *In conjunction with other BE Directors and system area SMEs, ensure that security standards and reviews are incorporated into the system development and modification processes. *Manage third-party risk from customers and vendors, suggests effective ways to manage this risk while still achieving business objectives, and develop programs to manage third-party access control to data and entry points to the system's network. *Oversee incident response planning as well as the investigation and response to security incidents. *Stay current with different information security regulations such as MARS-e, HIPAA, HITECH, etc. and work with legal, privacy, and contract staff to help ensure that OHCA is compliant with applicable security laws and regulations.
TRAVEL: This position may require travel on an as-needed basis.
SUPERVISORY RESPONSIBILITIES: This position has supervisory responsibilities. The annual completion of a minimum of 12 hours of annual supervisory training is required.
EDUCATION AND/OR EXPERIENCE: *Bachelor’s degree in Information Technology or closely related field with 24 hours of IS course study (transcript required) AND *Seven (7) years of related experience in information security, including previous supervisory experience; OR *An equivalent combination of education and experience totaling 11 years.
PREFERENCE MAY BE GIVEN TO CANDIDATES WITH: The following certifications: CISSP - Certified Information Systems Security Professional, HCISPP - HealthCare Information Security and Privacy Practitioner, CCSP - Certified Cloud Security Professional, Certified Information Systems Auditor (CISA).