Reference #: 1009260 SHIFT:Day (United States of America)

Seeking Breakthrough Makers

Children's Hospital of Philadelphia (CHOP) offers countless ways to change lives. Our diverse community of more than 20,000 Breakthrough Makers will inspire you to pursue passions, develop expertise, and drive innovation.

At CHOP, your experience is valued; your voice is heard; and your contributions make a difference for patients and families. Join us as we build on our promise to advance pediatric care-and your career.

CHOP's Commitment to Diversity, Equity, and Inclusion

CHOP is committed to building an inclusive culture where employees feel a sense of belonging, connection, and community within their workplace. We are a team dedicated to fostering an environment that allows for all to be their authentic selves. We are focused on attracting, cultivating, and retaining diverse talent who can help us deliver on our mission to be a world leader in the advancement of healthcare for children.

We strongly encourage all candidates of diverse backgrounds and lived experiences to apply.

A Brief Overview

The Sr. Director Security Operations is a critical leadership position and reportsdirectly to the Chief Information Security Officer. This positionhasoperationaland strategic responsibilitesfor the Information Security program andoversees the managementofsecurity operations servicesincluding (but not limited to): incidentresponse, vulnerabilitymanagement, threathunting, and overallprogramdevelopment in the CHOP enterprise. A critical responsibility is thecontinuous evaluation of evolving threats and staying abreast of security technologies.

In conjunctionwiththe CDIO, CISO and Deputy CISO, the Sr.Directorof Security Operations actsas a security liaisonbetweentechnology, business, research, and clinicalverticals to advance security culture and achievealignmentforstrategy and security posture.

Thispositionmaintains and evolvestheHospital's Information Security Operations Centerand alsosupports Hospital and Research operations, includingcompliancewithallapplicablelaws, regulations,and accreditationstandards.

Thispositionmaintains and continuously evolvestheprogram to supporttheprotectionofinformationassets and identifies, evaluates, and reportson IT relatedrisksin a mannerthatmeetscompliance and regulatoryrequirements, and alignswith and supportsthe IT riskpostureofthe Hospital. Additionally, thisposition is required to evaluatetheprogram andoperations centerservices regularly and adjustasneededforcontinuousimprovement and securityprotections.

What you will do

OperationalOversight: Security Operations Center

*Direct theday-to-dayresponsibilitiesfortheinformationsecurityand operationsteams.

*Direct securityprogram and operations centerplanning, implementation, and ongoingmetricanalysis.

*Ensureappropriateworkmanagementofdesign and engineeringofferings.

*Developsecuritystandards and materialsasneeded.

*Verify/enforcesecuritystandards and bestpracticesaremaintainedacrosstheorganization.

*Verify/enforcesecurityproblemsareresolvedin a timely and cost-effectivemanner.

*Utilize metrics to measure efficiency, service levels, and other key areas.

• Oversight of other security related services as needed (account administration, engineering, etc...)

Budget Management & Optimization

*Responsibleforthebudgetofthesecurityteam, as wellaskeyvendorrelationshipmanagementcrossingvariousareaswithinthesecurityportfolio:

• Establishingbudget(s).

*Definingservices.

*Managingcosts.

*Establishingproductivitytargets.

*Managing to targets.

*

Resource Management

*Establish a high-performingteam and security operations center.

*Coach, develop, and mentorteammemberswithin and outsidetheorganization.

*Recruit and developstaff.

*Prioritize and alignresources.

*Responsibleformanaging a portfolioofkeyvendors and contractsforthe Technology Services organization.

*

Strategic P anning

*Providestrategic and tacticaldirectionforsecurityprogram.

*Develop and maintainservicecatalogforthe SecurityOperationsCenter, incidentresponse, and vulnerabilitymanagement.

*Partner withtheotherDirectors to planlifecycleofsecuritytools and processes.

*Understandindustrydirection and position CHOP optimally.

*Keepabreastofadvances and changesinthefield and whenappropriate, adoptinnovationsthatlead to improvement and increasedefficiencyofCHOP's operations.

*Plan jointly to deliverthesecurityprogram and SOC (within IS, includes Core Infrastructure, Security, Business Operations, Project Management Office, Support Services, Business Applications, and Clinical Applications).

Process Participation/Ownership

*Developprocess, procedures, and frameworkforthe SecurityOperationsCenter, incidentresponse, and vulnerabilitymanagement.

*Establishrequirements, documentprocess, and manageruserrelationshipindevelopmentprocess.

*Adhere to Digital and Technology Servicespolicies and procedures (includingincident, problem, and changemanagement).

*Contribute to workplansinvolving Technology Services.

*Contribute to communicationstrategiesforthedepartment.

Standards Management

*Establishstandardswithsecurity and operations.

*Enforceestablishedstandards.

*Establishmetrics and performanceindicators to measureservicelevelsofbothtechnology and processes.

*Measureservicelevels.

*Managekeyserviceproviders to servicelevels and performanceondeliveredservices.

*MeetorexceedSLAs.

*Maintain ISSC Committeeformat, attendees, agenda, andmeetings. Includinginput and output.

Education Qualifications Bachelor's Degree Required Master's Degree Preferred

Experience Qualifications At least ten (10) years experience in a combination of Information Security, Risk Management, or Information Technology, or industry focusing on control environment Required and At least five (5) years in a leadership role. Required and Experience in managing security, operations and technology teams. Required Security operations center development and management Preferred and Healthcare environment, changes and emerging trends in Healthcare industry, and understanding of Healthcare applications, systems and processes a plus. Preferred Skills and Abilities Demonstrated security operations, standards, and technology life cycle knowledge and experience. Knowledge and high proficiency in relevant legal and regulatory requirements, including but not limited to, Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH) Act, Payment Card Industry Data Security Standards (PCI DSS), Federal Information Security Management(FISMA). Knowledge and high proficiency with various security frameworks. Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.

Information Security Requirements: Understand and comply with all enterprise and IS departmental information security policies, procedures and standards. Support the integration of information security in the development, design, and implementation of Hospital Technology Resources that process, transmit, or store CHOP information. Support all compliance activities related to state, federal regulatory requirements, he