|Job Opening at Premier, Inc - Director Information Security Compliance||7/12/2018 4:02 PM
|To apply for this position, please contact Steve Goodson
Vice President, Chief Information Security Officer, CRISC
Email: Steve _ goodson @ premierinc . com (remove spaces)
Named one of Modern Healthcare’s Best Places to Work five years in a row, industry-leader Premier, Inc. is seeking a driven and experienced high-performing Information Security Compliance expert to join its Corporate Compliance Legal Team.
The Information Security Compliance Director will be responsible for ensuring that technology architecture designed by the various development groups at Premier meets company policies and standards regarding information and its protection.
The Director will mentor staff within the department on potential solutions and the methods to teach risk mitigation and monitoring of on-going risk in the environment. The incumbent will ensure that the resultant solutions are designed to meet all the regulatory environments of our business to minimize risk and simultaneously assist in a positive regulatory posture with state and local agencies. The incumbent will engage with developers to ensure a consistent security architecture that reflects Premier’s security policies and standards. The Director will perform initial compliance and assessments (HIPAA, SOX, etc.) at design time and lead post implementation reviews/IT Risk Assessments assisted by the remaining staff.
This position will work with all other application and data architects to ensure overall security policies are known, understood and followed. Integral member of the development and leadership teams which oversee and govern Premier’s security standards for both the “as is” and “to be” state of the enterprise security architecture.
Major Accountabilities include:
• Participating in the creation and evolution of Premier’s Security Policies and Standards and the dissemination education of the same through active engagement in key development initiatives on a consulting basis. Design and disseminate a robust Security Awareness Program throughout the company both for the average user and the technical development staff.
• Collaborate with Security Operations in the development of an implementation plan for critical Corporate Security initiatives and Compliance monitoring through the interaction with the CISO, the CIO, and various technology and business leaders to ensure solutions meet regulatory and compliance requirements with the minimum risks possible, also assist in the prioritization of such initiatives amid many conflicting priorities.
• Staying current with market and industry trends – networking with technology thought leaders
• Understanding, advocating, and supporting the enterprise's compliance and regulatory requirements and appropriate risk posture in our highly regulated business. The integration of risk appetite, business direction, and monitoring of compliance in all necessary venues to drive the business to acceptable risk levels maximizing investment through efficient mitigation processes.
• Promoting the standard security practices, processes, outcomes and results to the organization, including to the enterprise's IT and business leaders
Education & Experience Required:
• Bachelor's degree (BS, BA) required.
• Areas of Study should include Computer Science, Computer Information Systems and/or equivalent pertinent experience
• 10+ Years of Experience to include:
• Experience in application architecture, technical leadership, solution design, software lifecycle project management and planning, commercial software development and deployment
• Demonstrate a solid understanding of application architectures required
• Experience with JAAS, LDAP, and securing J2EE and web applications required.
• Experience with the application of certificates and tokens including SAML preferred.
• Experience with access management and identity management tools like Tivoli preferred.
• Managing via a matrixed organization and impacting decision making with information and collaboration working with all levels of the organization from developers to E-Team members making business oriented decisions, particularly focused on risk.
• Certification - CISSP Required, ISSAP designation desired, potentially CCSP
• Leadership and Interpersonal Skills:
Project management, planning and organizational skills
Written and verbal communication skills
Security Compliance Skills:
Develops and implements information security policies, standards and procedures
Ensures that regulatory and contractual requirements are fully met across the IT Infrastructure and applications portfolio (SOX, SOC, FISMA, etc.)
Provides guidance to Infrastructure and Application teams regarding process compliance relating to cloud, mobile, desktop, network, and server-level security
Reviews and provides improvement recommendations for Enterprise Control processes, including quality assurance of all controls
Functions as point-of-contact representing Corporate Compliance in all internal and external information system and service development and adoption
Conducts studies within and outside the organization to ensure compliance with standards and currency with industry security norms
Assists in the development, maintenance, and implementation of application and information system control policies, procedures, and standards
Continually review existing standards and procedures relating to security framework (IT general controls, PCI, NIST, HIPAA) and update as necessary
Responsible for ensuring that tools or technologies are implemented to reduce the risk of system attacks.
Monitors compliance metrics to ensure accurate reporting and continuous improvement
Provides status reporting of all compliance metrics; coordinates quarterly metric reporting for the CISO, Application Management, CIO, and other executive leaders as necessary
Provides periodic IT security updates to educate the Leadership team on latest trends in technology.
Develops, aids, and/or implements tools and training to support security awareness
Supports the security exception process; consult with teams on drafting exception policy exceptions for review by CISO for approve or deny
Accountable for the ensuring awareness of the information security strategic direction of the organization for the enterprise product lines.
Liaison with ITS to both educate on the security strategic direction and to understand the direction of ITS and their product lines
Managing vendor relationships to include understanding and influencing their respective technology roadmaps to ensure Premier’s interests are being served. Staying current with trends in the industry and understanding their impact to the enterprise architecture.
|ISACA Charlotte Chapter - 2018 & 2019 Schedule||9/21/2017 10:46 AM
Please note the ISACA Charlotte Program Dates schedule for 2018-2019.
Quarter 1 Program Day - 03.13.2018
Quarter 2 Program Day - 06.05.2018
Quarter 3 Program Day - 09.11.2018
Annual ISACA/IIA Joint Meeting – 10.16.2018
Quarter 4 Program Day - 12.04.2018
Quarter 1 Program Day - 03.12.2019
Quarter 2 Program Day - 06.04.2019
Quarter 3 Program Day - 09.10.2019
Annual ISACA/IIA Joint Meeting – 10.15.2019
Quarter 4 Program Day - 12.03.2019