Director of Information Security

　　About IHI

　　The Institute for Healthcare Improvement (IHI) is an independent not-for-profit organization based in Boston, Massachusetts, USA. For over 30 years, IHI has used improvement science to advance and sustain better outcomes in health and health systems across the world. IHI brings awareness of safety and quality to millions, catalyzes learning and the systematic improvement of care, develops solutions to previously intractable challenges, and mobilizes health systems, communities, regions, and nations to reduce harm and deaths. IHI collaborates with a growing community to spark bold, inventive ways to improve the health of individuals and populations. IHI generates optimism, harvests fresh ideas, and supports anyone, anywhere who wants to profoundly change health and health care for the better. Learn more at ihi.org.

　　Position Summary:

　　The Information Security Director will be responsible for ensuring the confidentiality, integrity, and availability of all information assets within the organization. You will lead the development and implementation of the organization's information security strategy, policies, and procedures.

　　In this role, you will also be responsible for ensuring compliance with all relevant laws, regulations, and industry standards. You will be responsible for identifying and mitigating information security risks, managing security incidents, and providing security awareness training to employees. The role requires a high level of technical expertise in information security, risk management, compliance, and governance.

　　This role will require a visionary leader who understands the global information security & risk impacts, and has a sound understanding of cybersecurity technology tools, methods and processes. This role requires a leader who works with business stakeholders, assesses needs, builds awareness and develops informed strategy and direction for information security.

　　Position Responsibilities:

　　Responsibilities include but are not limited to the following:

　　Awareness and Governance:

　　Develop and manage a targeted information security awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences.Lead cross-functional Information Security Steering Committee, infusing information security governance procedures that foster resiliency, raise awareness, govern policy and review cybersecurity related activities.Provide clear risk mitigating directives for projects with components in IT, including the mandatory application of controls.Foster a "Security Awareness Champions" program to spread the word and infuse security awareness behaviors, cybersecurity risks and policies.Perform annual risk assessment and business impact analysis.Assist in performing audits using industry standard security methods to help strengthen internal security controls, procedures and policies.Investigate security incidents, develop remediation plans, and work with appropriate stakeholders to implement resolutions.Security Operations:

　　Manage and provide additional security evaluations for existing or new vendors, partners, and systems. Leverage security tools and data sets to provide visibility into vendor security posture and risk.Work with IT and technology stakeholders to evolve new business continuity and disaster recovery plans.Support data protection and privacy initiatives in compliance with the data protection standards of both US and foreign. Align with internal compliance teams on policy updates in global data privacy standards.Work with MSSP to monitor and manage all IT security tools and platforms including Security management platforms, Anti-Malware/Ransomware, log management systems, and information security training systems.Work with IT department, MSP, legal and compliance teams to keep security polices updated, communicated and enforced.Review existing security architecture, identify design gaps, and recommend security enhancements.Stays abreast of emerging security technologies and integrates them into security architecture as needed.Ensures alignment between security architecture frameworks, IT standards and overall business strategy.Achieves security architecture compliance on industry-specific requirements as well as state and federal regulations.Leadership:

　　Lead, grow and manage the Information Security Program at IHI, with the responsibility to ensure that information assets and associated technology are all adequately protected.Partner with all business leaders while working closely with service desk, Infrastructure and Enterprise/Business Applications teams.Create a risk-based process for the assessment and mitigation of any information security risk in the IHI's ecosystem consisting of faculty, vendors, consumers and any other third parties.Responsible for identifying, evaluating, and reporting on legal and regulatory, IT and cybersecurity risk while supporting and enabling business goals.Position Knowledge, Skills and Abilities:

　　Strong Interpersonal skills and ability to translate complex issues into simple conceptsAbility to be key contributor in IT projects and new system implementation activitiesExperience leading cross-functional teamsExceptional problem-solving skills with the ability to proactively introduce solutionsAbility to manage many complex and challenging tasks and prioritize criticalityStrong documentation skillsCollaborative team player with strong interpersonal, verbal, and written communication and presentation skillsHighly motivated, driven, and willing to try new conceptsStrong work ethic with ability to maintain and safeguard confidential informationAbility to thrive in a fast-paced environment with multiple competing prioritiesAbility to learn and use new systems and technologyContinuous improvement mindsetStrong ability to plan, organize and think strategicallyCommitment to IHI ValuesCommitment to equity, anti-racism, and the improvement of societal systemsPosition Qualifications:

　　Required

　　Bachelor's degree and 7 plus years of experience in leading Information Security initiatives, incident management and security operationsOR

　　10 plus years of experience in leading Information Security initiatives, incident management and security operationsPreferred

　　Bachelor's degree in cyber security, information risk management, or a relevant IT field5+ years of experience with regulatory compliance and information security management frameworks.Experience implementing, managing, and driving all Information Security, training, policies, and review activities in accordance with applicable cybersecurity standards and privacy regulations.Experience leading cross-functional teams.Strong Interpersonal skills and ability to translate complex issues into simple concepts.Adequate knowledge of server, network, application and perimeter security, vulnerability and patch management, endpoint security, incident response, security audit, compliance and industry certifications (e.g. SOC2, ISO27000)Advanced experience managing cloud security tools such as CASB, UEM, Security Scorecards, Anti-Malware tools, IDR, MDR and Security Awareness training tools.Experience with NIST Cybersecurity framework.Knowledge of the Information Security market and information risk vendor landscape.Ability to manage many complex and challenging tasks and prioritize criticality.Strong documentation skills.Ability to be key contributor in IT projects and new system implementation activities.Exceptional problem-solving skills with the ability to proactively introduce solutions.Strong understanding of cloud security, datacenter security, application security, endpoint security and security audit practices and industry certifications.

　　At IHI, we are inspired to do our best work and be our best selves by leaning into our values and uniting in our vision to create a future in which everyone has the best care and health possible. We ensure that people feel valued and supported in meaningful ways, as demonstrated in our total rewards package that features competitive compensation, medical, dental and vision coverage, life and disability plans, FSA plans, matching 401k contributions, discounted MBTA passes, tuition reimbursement, a personal development allowance to support what matters to you, a professional development allowance to support continued learning, respect for personal commitments and flexibility to manage them, generous time off including vacation time, a paid week off between Christmas and New Year's Day, wellness and wellbeing time, and other special programs to support employee wellbeing.

　　IHI is proud to be an equal opportunity workplace and an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, religion, sex or gender, marital status, national origin or ancestry, disability, veteran status, military service, age, sexual orientation, gender identity, genetic information, crime victim status, political belief, and any other protected class under applicable law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you have a disability or special need that requires accommodation to complete our application, please let us know. Veterans encouraged to apply.

　　For more information, or to apply now, you must go to the website below. Please DO NOT email your resume to us as we only accept applications through our website.

　　https://www.applicantpro.com/j/3210878-822510