logo

View all jobs

Director, Enterprise Security

New York, NY
JPC Partners is looking for a Director of Enterprise Security that will work closely with senior leadership, security leaders, and other key stakeholders and be responsible for the development and delivery of a comprehensive information security strategy and program to optimize the security of the company. This role will lead the development, implementation and operation of an enterprise-wide security program that leverages collaborations and resources, facilitates information security governance, advises senior leadership on security issues, and designs appropriate policies to appropriately monitor and manage information security risk. The complexity of this position requires a leadership approach that is engaging, imaginative, and collaborative, with a sophisticated ability to work with other leaders in an enterprise environment.
Primary Responsibilities:
  • Develops an Enterprise Security plan aligned with the NIST Cybersecurity Framework
  • Collaborates with leadership team and directs the implementation of the Enterprise Security Strategy and Roadmap
  • Monitors compliance of the Enterprise with Federal and NYS Information Security Standards
  • Develops security metrics and KPIs to establish Enterprise security posture baseline
  • Drafts and submits reports and contract deliverables that include analyses, recommendations, observations and conclusions on specific aspects of the Security Program, aggregated across all entities where applicable
  • Manages and facilitates the Enterprise Security training and education plan
  • Provides support and guidance to multiple entities on their security operations to reduce risk and vulnerabilities to the Enterprise
  • Monitors and tracks entities’ compliance and remediation efforts with respect to corrective action plans and remediation plans
  • Consistent with applicable policies and procedures, leads and manages entities’ response to information system security incidents impacting the Enterprise
  • Monitors and ensures timely completion and implementation of remediation activities resulting from all required security risk assessments and tests, whether performed by our client or third-party assessors, including but not limited to HIPAA Security Risk Assessments and Business Continuity, Incident Response and Disaster Recovery plan testing
  • Maintains up-to-date detailed knowledge of the IT security industry including awareness of security solutions, improved security processes and the threat landscape
  • Research additional security solutions or enhancements to existing security solutions to improve overall Enterprise security
  • Analyzes and researches best practices in information security governance including organizational policies, procedures, standards, baselines and guidelines for the use and operation of information systems
  • Serves as liaison between multiple entities for information security
Experience and Skills:
  • At least 8 years of progressive experience in health information security management, health information management, information systems and/or health risk management. At least 3 years of experience leading initiatives and strategy
  • Information security certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Security+, Certified Information Systems Auditor (CISA) or other similar credentials required
  • Knowledge of and experience with various health care privacy, security and associated laws, rules, standards and regulations including direct prior experience with the NIST 800-53 and Cybersecurity Framework (CSF) including associated guidance documents
  • Demonstrated experience with legal and regulatory requirements such as HITECH, HIPAA Privacy & Security and other NYS and CMS regulations and guidelines
  • Experienced in cloud native security solutions for cloud environments such as AWS, Azure and Snowflake
  • Experience with the HITRUST Common Security Framework and the MARS-E Security and Privacy controls preferred
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
  • Proven analytical and problem-solving abilities to identify and recommend solutions for security risks
  • Bachelor’s degree in Information Security, Computer Science, Management of Information Systems, or related field required. Master’s Degree in Information Systems OR Information Technology preferred
We consider a wide range of factors when determining compensation, which may cause compensation to vary depending on your skills, experience, qualifications, and home office location (Manhattan, NY vs. Albany, NY). The annual base salary range for this role for an Albany, NY based candidate is $125,000 - $145,000. The annual base salary range for this role for a Manhattan, NY based candidate is $150,000 - $170,000. The salary offer will not be based on a candidate’s salary history at other jobs, and by law, company will not seek information about salary history, and candidates should not share such information with company. All compensation questions and comments should be directed to the HR Department representative during your application, interview, and hiring process.

We are an Equal Opportunity Employer and do not discriminate against candidates based on race, color, gender, sexual orientation gender identity or expression, age, religion, disability, national origin, protected veteran status, or any other status protected by applicable federal or local law. We are dedicated to building a diverse, inclusive, and authentic workplace.

Share This Job

Powered by