Systems Security Director

J  o  b    D  e  s  c  r  i  p  t  i  o  n

JOB INFORMATION

Effective Date:

5/1/2022

Entity:

Wisconsin

Job Code:

113308

Job Title:

Systems Security Director

Exemption Status:

Exempt

Management Level:

Director/Senior Director

JOB SUMMARY

The Director of Information Security is responsible for developing, implementing and monitoring a strategic, comprehensive enterprise cybersecurity and IT risk management program. The Director of Information Security provides the vision and leadership necessary to manage the enterprise-wide cybersecurity program and ensures business alignment, effective governance, system and product availability, integrity and confidentiality.

The Director of Information Security is responsible for establishing and managing the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The Director directs staff in identifying, developing, implementing, and maintaining processes and technologies across the enterprise to ensure information and information technology risks are within acceptable levels.This role is also responsible for developing and executing a cybersecurity strategy, intended to drive situational awareness, collaboration, deliver meaningful services, and create unity and consensus on what efforts are important to more effectively address cyber across the diverse complex environment.

The Director of Information Security is responsible for the direction and leadership of operational, financial, programmatic and employee related activities for enterprise cybersecurity. This includes establishing, meeting and continuously monitoring the program goals and objectives, while maintaining alignment with the strategic goals and objectives for UW Health. While the range of duties and responsibilities is broad and varied, the position's major responsibility is directing the strategy, tactics and operations of UW Health's cybersecurity program, including budgeting, financial management, and human resource management. The Director works closely with a variety of stakeholders, coordinating the activities of cybersecurity system across the enterprise.

The Director will function as a leader within the Information Systems Department, participating in strategic planning and ensuring the efficient operation of the department. The Director will participate in large scale strategic initiatives to provide a global perspective regarding IS' optimal position to assist the enterprise in successful development, implementation and support of approved initiatives. The Director will collaborate with peer Directors to assist in the delivery of consistent and reliable customer-focused, service-oriented services to support day to day operations along with longer term UW Health initiatives. The Director will assist in leading departmental and enterprise initiatives including but not limited to follow up on assignments from the yearly customer satisfaction surveys, internal and external financial and compliance audits.  The Director will also provide oversight and management in the development and delivery of a yearly IS project plan.

Internal contacts include UW Health employees and leaders, Medical School, Access Community Health Centers, Quartz, and other divisions, partners, and affiliated organizations.  External contact is primarily with software vendors, managed service providers, government agencies and industry peers.  Developing and maintaining good communication and collaboration with these contacts is essential to accomplishing the objectives of this position and the goals of the UW Health enterprise.

MAJOR RESPONSIBILITIES

•

Provides an experience and environment of patient- and family-centered care.

•

Interprets impact of broad scope organizational change for staff and develops change strategies for successful implementation.

•

Incorporates UW Health’s vision, missions and values in goals and programs within the department.

•

Develops and manages operational initiatives with measurable outcomes.

•

Formulates objectives, goals and strategies collaboratively with other stakeholders.

•

Prepares and delivers reports to operational leadership outlining progress toward meeting annual goals and objectives, to include performance related to finance, clinical activity, quality, safety, marketing, and human resources.

•

Actively seeks opportunities to improve financial outcomes, engaging staff in the process.

•

Establishes annual financial goals and actively uses benchmarking to high performing systems in similar area of expertise to set annual targets.

•

Monitors and analyzes financial data and utilizes for decisions regarding FTE’s, staffing and operational budget. 

•

Establishes an annual operating and capital budget, demonstrating fiscal responsibility through meeting budget targets.

•

Creates business plan(s), justifying variances and analyzing cost benefit of programs.

•

Directs and provides guidance to managers to effectively allocate resources based on patient volume, space availability, budget constraints, and program priorities, goals and objectives.

•

Articulates to staff the budget and the context within the organizational financials.

•

Contribute to the success of the UW Health by providing leadership, direction and coordination of operations, finances and human resources for area of responsibility.

•

Manage and direct all activities within area of responsibility.

•

Continually assesses all services, identifies problems, utilizes data to analyze and propose innovative approaches for solutions.

•

Maintain records related to operations and services that are complete, accurate, available, and in compliance with all legal, regulatory, and policy requirements.

•

Engages staff and other stakeholders in continuous improvement of systems and processes; manages resources for staff participation in improvement work activities.

•

Ensures effective facilitation of improvement teams and development of leadership skills to ensure overall effectiveness of the meetings.

•

Organizes and prioritizes time and resources to manage efficiency.  Appropriately delegates.

•

Remains current of new trends and best practices and incorporates into the department's practices and programs.

•

Articulates and enforces standards for quality/safe patient care

•

Develops and implements innovative systems and processes that improve staff and patient quality and safety

•

Demonstrates achievable and measurable results and develop action plans for improvement

•

Initiates, monitors and enforces regulatory requirements

•

Holds self and others accountable to policy, standards and commitments and provides timely follow through on questions and concerns.

•

Ensures development of department initiatives to improve patient satisfaction and family centered care.

•

Develops and implements clinical outcome measures for quality improvement, cost and complication reduction, and the implementation of evidence-based medicine.

•

Incorporates the use of evidence based practice and appreciative enquiry into program development and improvement activities

•

Actively listens to staff ideas and concerns, assesses others communication styles and adapts to them.

•

Effectively facilitates meetings at the department and organizational level.

•

Creates bi-directional systems that effectively communicate information and data, utilizing multiple methods.

•

Articulates and presents data, information and ideas in a clear and concise manner.

•

Communicates opinions and ideas in a nonthreatening and nonjudgmental manner to staff, peers and others.

•

Communicates with physicians, academic department leaders, and senior administrators to maintain coordination with other UW Health programs.

•

Demonstrates empathy and concern while ensuring department goals are met. 

•

Manages the complex interdepartmental and interdisciplinary relationships to assure collaboration and effective/efficient operations within the department.

•

Creates an environment that encourages diverse opinion, recognizes differences and incorporates into process and services.

•

Exhibits awareness of personal attitudes and beliefs, recognizing its effect on response to others.

•

Creates a culture and systems for recognizing and rewarding staff.

•

Creates and maintains a satisfying workplace that fosters professional growth and job satisfaction for all members of the healthcare team.

•

Interviews to select top talent, matching department needs with appropriate skill sets.

•

Develops and implements recruitment and retention strategies that support a culture of leadership.

•

Identifies and addresses own professional growth needs.

•

Assesses manager and staff development needs, identifies goals and provides resources.

•

Identifies lack of competency in performance and establishes a plan which includes goals, interventions and measures.

•

Maintains membership in professional organization(s) to develop knowledge and resources through networking, continuing education, and participation in national, regional, and/or local activities.

•

Ensures integration of ethical standards and core values into everyday work activities.

•

Provides opportunities to aspiring clinicians and leaders to develop skills to meet career goals.

•

Contributes to a learning environment by providing educational and research experiences to students, residents, fellows, and faculty.

•

Leads and/or serves on a variety of appropriate internal and external committees to represent the department.

•

Serves as a representative of the department to UW Health in order to facilitate the shared interests and relationship between the parties.

ALL DUTIES AND REQUIREMENTS MUST BE PERFORMED CONSISTENT WITH THE UW HEALTH PERFORMANCE STANDARDS.

X

Non-Clinical

JOB REQUIREMENTS

Bachelor's Degree

in Healthcare, Computer Science, Information Systems, Engineering, Business, Healthcare Administration or related field

Required

Master's Degree

in IS Security, Business Administration, or Healthcare Administration

Preferred

Demonstrated success working across the systems development or operational life cycle.

Required

Demonstrated success operational levels within Information Security programs, including IT Security Strategy, IT Security Operations, Security Training and Awareness, IT General Controls Compliance & Audit Management, Cyber security programs, and Identity and Access Management.

Required

Demonstrated success managing security infrastructure — e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology.

Required

Demonstrated success designing and securing applications and infrastructures in cloud environments.

Required

Demonstrated success leading Governance, Risk and Compliance initiatives.

Required

Demonstrated success leading incident response activities.

Required

10+ years

extensive project and leadership experience resulting in greater levels of responsibility and leadership based upon proven success.

Preferred

Previous work experience with federal and state privacy and security laws, regulations, and accreditation standards for maintaining information security and confidentiality

Preferred

7 years

direct patient care delivery and operational management experience

Preferred

Proven experience in collaboration and development of successful partnerships between IT and operations.

Preferred

Significant prior experience leading IT Systems support staff.

Preferred

Experience supporting systems and/or operations in a 24x7 hospital setting.

Preferred

Certified Information System Security Professional (CISSP), Certified Information Systems Manager (CISM), or Certified Information Systems Auditor (CISA)

Upon Hire

Required

CPHIMS, PMP, ITIL

Preferred

Various Vendor Certifications as relevant for the position, such as Certified Cloud Security Professional (CCSP), Healthcare Information Security and Privacy Professional (HCISPP), Certified in Risk and Information Systems Controls (CRISC)

Preferred

•

Advanced competency in the following areas:

•

Leadership including leads with integrity, maintains strategic orientation, demonstrates business & financial acumen, champions innovation, manages execution, leads & develops people

•

Technical leadership of applicable products or platforms

•

Communication

•

Effective team member

•

Critical thinking

•

Mentoring and teaching

•

Leading highly empowered, self-directed teams including cross-functional teams

•

Applying lean management tools

•

Applying agile methodologies

•

•

Information Systems Security Knowledge, Skills & Abilities

•

Comprehensive knowledge in information security systems, methodologies, policies, standards and guidelines.

•

In-depth knowledge of cybersecurity frameworks including but not limited to NIST CSF, NIST 800-53, HITRUST CSF, and ISO 27001.

•

Strong knowledge of laws and regulations including but not limited to PCI-DSS, and HIPAA-HITECH.

•

Knowledge of a variety of database and technology infrastructures

•

Strong working knowledge of vulnerability management practices and tools.

•

Strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.

•

Strong working knowledge of IT service management – ITIL related services – Change Management, Configuration Management, Asset Management, and Incident Management.

•

Knowledge of data encryption technologies such as Public Key Infrastructure.

•

Knowledge of application security standards including OWASP TOP 10 and SANS TOP 25.

•

•

Other Knowledge, Skills & Abilities

•

Excellent communication and interpersonal skills to include the ability to negotiate and resolve conflicts and build teams.

•

Demonstrated creativity and flexibility.

•

Ability to operate in high-pressure situations.

•

Excellent organizational skills.

•

Demonstrated innovative approach to problem resolution.

•

Ability to work collaboratively across UW Health entities and disciplines. Demonstrated commitment to patient- and family centered care.

•

Broad knowledge of modern health care administration practices and principles within a managed care environment and/or an academic medical center.

•

Effective analytical ability in order to develop and analyze options, recommend solutions to and solve complex problems and issues.

•

Demonstrated effective managerial and administrative leadership of clinical operations

•

Knowledge of principles and techniques used in negotiation as applied to service contracts and equipment purchasing.

•

Effective organizational, planning and project management abilities.

•

Experience in financial and programmatic presentations.

•

Ability to function independently and deal with multiple, simultaneous projects.

•

Ability to recognize personal strengths and weaknesses and develop goals for professional growth and achievement.

•

Ability to demonstrate a commitment to quality and excellence.

•

Effective leadership abilities:

•

o Ability to implement change in a positive, sensitive and forward- thinking manner

•

o Planning and problem solving

•

o Developing goals and objectives, and establishing priorities

•

o Inspires confidence, appropriate risk taking and achievement of high standards

•

o Self-starter with a willingness to try new ideas

•

o Positive, can-do attitude coupled with a sense of urgency

•

o Good judgment and ability to act decisively at the right time

•

o Ability to persuade others and develop consensus

•

o Effective communication skills both in written and verbal presentation with a communication style that is open and foster trust, credibility and understanding.

•

o Ability to effect collaborative and promote teamwork

•

o Ability to ensure a high level of customer satisfaction including employees, patients, visitors, faculty, referring physicians and external stakeholders

•

o Ability to create win/win solutions and relationships

PHYSICAL REQUIREMENTS/WORKING CONDITIONS

☒

Sedentary: Ability to lift up to 10 pounds maximum and occasionally lifting and/or carrying such articles as dockets, ledgers and small tools. Although a sedentary job is defined as one, which involves sitting, a certain amount of walking and standing is often necessary in carrying out job duties. Jobs are sedentary if walking and standing are required only occasionally and other sedentary criteria are met.

Up to 10#

Negligible

Negligible

☐

Light: Ability to lift up to 20 pounds maximum with frequent lifting and/or carrying of objects weighing up to 10 pounds. Even though the weight lifted may only be negligible amount, a job is in this category when it requires walking or standing to a significant degree.

up to 20#

Up to 10# or requires significant walking or standing or requires pushing/pulling of arm/leg controls.

Negligible or constant push/pull of items of negligible weight

☐

Medium: Ability to lift up to 50 pounds maximum with frequent lifting and/or carrying objects weighing up to 25 pounds.

20-50#

10-25#

Negligible-10#

☐

Heavy: Ability to lift up to 100 pounds maximum with frequent lifting and/or carrying objects weighing up to 50 pounds.

50-100#

25-50#

10-20#

☐

Very Heavy: Ability to lift over 100 pounds with frequent lifting and/or carrying objects weighing over 50 pounds.

Over 100#

Over 50#

Over 20#

Other - list any other physical requirements or bona fide occupational qualifications not indicated above:

Note: The purpose of this document is to describe the general nature and level of work performed by personnel so classified; it is not intended to serve as an inclusive list of all responsibilities associated with this position.