University of Southern California IT Security and Risk Monitoring Director - IS Administration - Full Time 8 Hour Days in Los Angeles, California

IT Security and Risk Monitoring Director - IS Administration - Full Time 8 Hour DaysApplySVP for USC Health - AdministrationLos Angeles, California

Reporting to the organizations Chief Information Security Officer the Director of IT Security and Risk Monitoring is an important role in supporting the overall vision of the Security Program. The IT Security and Monitoring Director is a skilled IT professional who uses his/her deep knowledge of the IT environment and a risk based approach to monitor and enforce organization wide IT standards, policies and procedures. She/he has the primary responsibility of running day to day execution of IT Security and Monitoring priority projects and serves as ambassador to stakeholders in IT, Legal, Security, Corporate Compliance, Internal Audit and our Clinical Partners regarding IT Security and Monitoring related efforts.

The Director is accountable for managing and directing the information security program, and providing proactive IT assurance and consultative services to internal IT teams and business with the goal of delivering solutions that provide a strong defense foundation through people, process, and technology thereby reducing risk to Keck Medical Center of USC.

This position will lead the risk identification and scoping discussions with internal and external stakeholders, and will manage and oversee the execution of activities required for the development, communication and management of policies, controls and practices supporting information security objectives. In addition, the incumbent ensures the effectiveness of IT compliance and security activities; and where required, will assist in developing and executing mitigation plans for control deficiencies. Communicate with, and educate IT process owners on the importance of controls, leading practices, and effective control alternatives to achieve compliance with company policy or regulatory requirements and reduce risk. Lead action plan follow up and perform monitoring and reporting for all vulnerability issue remediation activities across the IT organization. Define and implement the IT risk management framework. Analyze and provide recommendations for streamlining existing IT controls, which will result in reduced costs and process efficiencies.

ESSENTIAL DUTIES AND RESPONSIBILITIES

  • Determine and maintain an inventory of all regulatory, commercial and organizational technology compliance requirements

  • Support the creation and modification of all technology compliance policies and procedures while working with the Chief Information Officer, Chief Information Security Officer, and Chief Technology Officer.

  • Identify the associated IT compliance control gaps and oversee the documentation, implementation and testing of the entire IT compliance control portfolio

  • Implement and maintain an IT compliance issue management tracking and resolution process that will address known issues, according to severity and potential impact to the organization

  • Coordinate audit-related tasks such as ensuring the readiness of IT managers and their organizations for audit testing and facilitating the timely resolution of any audit findings

  • Manage the overall IT compliance-related budget/financial spend in accordance with the desired IT compliance risk appetite of the organization.

  • Assist business and IT managers with the acquisition of tools and expertise to assist with IT compliance-related projects and initiatives

  • Create an IT compliance training and awareness program that periodically educates the requisite end-user community on the relevant IT compliance requirements, and certifies their adherence to the relevant IT compliance controls

  • Collaborate with decision makers to provide actionable insights and recommendations that will lead to better business decisions. Review at departmental and strategic hospital levels to provide input into the information security budget and resource planning.

  • Work with hospital operations to coordinate IT Security’s responsibilities to educate, inform and train hospital departments on IT security, cybersecurity threats and privacy security including working with operations to perform an annual internal disaster drill for a cyber-security attack.

  • Create a vulnerability management program to manage and monitor evolving threat landscape and partner with responsible IT teams helping them to understand the deficiencies and recommending mitigation or remediation activities to resolve open vulnerabilities and reduce risk.

  • Responsible for developing IT policies and standards based on best practices and work across IT to ensure policies and standards are appropriately followed, exceptions are tracked, and compliance objectives are met. This person will work with the IT directors to understand staffing, funding, and other constraints as well as define the appropriate mechanism for managing and escalating all issues and risks for the successful completion of all remediation issues.

  • Bring a deep background and broad experience in Identity and Access Management, Information Security or related business areas and expert understanding of business process, scope and risk management, and scorecard/dashboard development.

  • Implement a Data Security Governance program to ensure appropriate controls are in place to govern sensitive data sharing, conduct vendor risk assessments, onboarding and off-boarding of 3rd party vendors.

  • Elevate risk awareness and empower employees thru comprehensive security and awareness training program.

  • Drives continuous improvement in IT governance, risk, compliance and security practices based on expert knowledge in domain areas, industry best practices, business objectives and risk tolerances.

  • Primary liaison with audit and regulators (scope, control strategy, evidence gathering, issue validation, residual risk calibration) Responsible for monthly IT executive reporting on the status of open audit findings.

  • Analyze audit reports to identify classes of risk and recommend corrective actions to IT management.

  • Coordinate IT management responses to internal and external audit reports.

  • Review preliminary audit reports with internal and external auditors. Ensuring understanding and validity of findings, and providing information regarding compensating controls so that audit reports accurately reflect the risk to Keck Medical Center of USC.

  • Reviews and evaluates IT’s overall control environment using strong, pragmatic analytic and problem-solving skills.

  • Monitor, evaluate and challenge the organization’s success in managing its overall risks.

  • Consults with IT technical teams and collaborates to develop plans to drive improvement in the annual IT Maturity Assessment.

  • Prepare project status and program readiness reports.

Strong leadership skills with a high level of drive and initiative. Ability to work with minimal supervision.

Minimum Education:

Bachelor’s Degree Required, Masters in Computer Science, Healthcare, or Business Preferred

Minimum Experience/Knowledge:

7+ years of experience in an IT Director/Manager role with strong customer service background (Healthcare and/or Academic industry preferred). Experience being a Leader and managing staff. Experience building project teams and driving change within an organization.

5+ years in Information Security Management. Experience creating and enforcing corporate policies, procedures and standards.

Some Project Management experience helpful.

Required License/Certification:

Fire and Safety Certification. If no card upon hire, one must be obtained within 30 days of hire, and maintained by renewal before expiration date.

REQ20044440 Posted Date: 06/16/2017