Information Security Principal (Incident Response)

Job Description

Description

PeaceHealth is seeking an Information Security Principal (Incident Response) for a Full Time, Day position.

JOB SUMMARY 

Responsible for developing the design, implementation, planning, and facilitation of the cyber incident response program for PeaceHealth, in collaboration with Information Security leadership. Responsible for leading incident management activities, for cyber incidents from both internal and external sources, including all phases of incident management: planning, preparation, program development, active response, threat mitigation, lessons learned, remediation, program maturation, and other post-incident activity. Manages cross-functional relationships throughout the incident lifecycle with team members and caregivers/leaders from adjacent departments, such as Information Technology (IT), Compliance, Privacy, Legal, Communications and Operations. Provides mentoring to team members in alignment with their job role and career path. Provides on-call after-hours support as assigned. 

ESSENTIAL FUNCTIONS 

1. Leads the design, implementation, planning, facilitation, operation and documentation of the cyber incident response program in collaboration with information security leadership and stakeholders across the organization. 

2. Leads the team in the proactive monitoring and/or response to known or emerging threats against the network. 

3. Builds partnerships across technical and business teams to contain identified issues and determine the best approach for improving security posture. 

4. Leads and coordinates the triage, response and resolution of high impact or critical cyber security incidents. 

5. Facilitates follow-up remediation design and review efforts related to highly complex security events. 

6. Leads the investigation and triage of a wide variety of security events across cyber security domains.

 7. Serves as a subject matter expert in performing complex data analyses to support security event management processes, including root cause analysis and reverse malware analysis. 

8. Leads the strategic direction for the development and deployment of threat detection capabilities and/or incident response plans. 

9. Leads the development and implementation of incident detection and/or handling processes which may include containment, protection, and remediation activities. 

10. Researches and shares current industry trends, emerging threats, best practices, and cutting- edge techniques required to protect the organization. Leads the implementation of cyber incident response strategies and plans to address current and emerging threats and align with best practices. 

11. Routinely interacts with caregivers and leaders (including senior management) to plan, deliver, and remediate cyber incident objectives across the organization. 

12. Analyzes and correlates data from information security technology sources, such as endpoint protection, intrusion detection, security event monitors and secure proxies, to identify potential threats and defend PeaceHealth against threats. 

13. Protects PeaceHealth’s information and information systems by analyzing public and private information sources to develop effective defensive and response techniques, policies, procedures and standards. 

14. Leads information security, technology teams and business stakeholders to respond to and remediate identified vulnerabilities and gaps in security controls, policies, procedures and standards. 

15. Leads the design and implementation of cyber incident response automation, integrating various information and information security tools to create fast, intelligent responses to common and/or critical cyber incidents. 

16. Effectively communicates technical issues and investigative findings to technical and non-technical audiences in written and verbal form. 

17. Leads information sharing and integration procedures across information security through the exchange of threat intelligence and cyber security vulnerability assessment data. 

18. Proactively identifies and develops recommendations related to information security gaps and vulnerabilities in collaboration with stakeholders across the organization. 

19. Serves as an advisor and subject matter expert on identified information security issues, projects, or any other PeaceHealth initiative that may have an cyber incident response implication. 

20. Leads and facilitates cyber incident response work groups, including project management, scheduling, coordination, follow up, status reports and report outs. 

21. Responds to security-related investigations and other information security requests across PeaceHealth. 

22. Leads the development of cyber incident response intellectual capital by making process or procedure improvements, enhancing team documentation, conducting informal team training sessions, and creating new team training documents. 

23. Leads the development and implementation of cyber incident response education and awareness policies, procedures, standards and controls in collaboration with stakeholders across the organization. 

24. Leads the development and implementation of cyber incident response reports and metrics (e.g., system/control metrics, status updates, risk assessment reports, remediation reports) to support information security measurement and reporting objectives. 

25. Provides support and assistance to caregivers across the organization related to cyber incident response technology and programs. 

26. Serves as on-call escalation point for on-call resources, including evenings, weekends, and holidays. 

QUALIFICATIONS

EDUCATION: Bachelor's Degree in Computer Science, Healthcare Information Technology, or relevant field or equivalent knowledge and skills obtained through a combination of education, training, and experience required. 

EXPERIENCE / TRAINING:

 Mininimum of twelve (12) years of experience in IT, information security, cyber risk management, compliance or a related field required; of which at least 6 years of experience in information security required. 

 Leadership experience working with project or technical teams required. 

 Experience leading significant cyber incident response efforts for a large, multi-location and multi-tiered environment, preferably in healthcare required. 

 Healthcare experience preferred. 

LICENSE / CERTIFICATION:

 Minimum of two relevant information security-related certifications preferred. Examples include: CISSP, CISA, HCISPP, CCSP, CRISC, CIPP/US, CISM, CGIH, GCFA, CompTIA CASP, GNFA, GPEN, GSEC, CEH and Epic Security Coordinator. 

 Preferred certifications for this role include: GCFE, GCFA. GNFA, GCTI, and GLEG. 

KNOWLEDGE / SKILLS / ABILITIES:

 Ability to lead/work independently and collaborate across the cyber incident response program. 

 Excellent project management, written and oral communications skills. 

 Ability to create and present information in various forms such as textual, graphical and statistical. 

 Ability to collect and analyze data to guide decision making while under potentially intense pressure to address security incidents. 

 Ability to work collaboratively with and lead a broad range of constituencies and respond to their needs and collaborate effectively towards solutions. 

 Ability to effectively communicate technical and non-technical topics to caregivers and leaders across the organization. 

 Ability to lead matters of high sensitivity and confidentiality with both professionalism and discretion. 

 Hands-on experience implementing and operating cyber incident response tools, such as security event monitors, endpoint protection, intrusion detection, secure proxies, SOAR (security orchestration, automation and response), etc. 

 Hands-on experience implementing and operating cyber incident response methodologies. 

 Ability to identify and correlate cyber threats and vulnerabilities. 

 Strong understanding of adversarial tactics and techniques and implementing technical solutions to prevent and detect them. 

 Hands-on experience with cybersecurity, ethics and privacy principles, along with related regulatory requirements and industry frameworks (e.g., NIST CSF). 

 Knowledge of Microsoft Azure cloud and security services.

About PeaceHealth

PeaceHealth, based in Vancouver, Wash., is a not-for-profit Catholic health system offering care to communities in Washington, Oregon, and Alaska. PeaceHealth has approximately 16,000 caregivers, a multi-specialty medical group practice with more than 900 providers and 10 medical centers serving both urban and rural communities throughout the Northwest. In 1890, the Sisters of St. Joseph of Peace founded what has become PeaceHealth. Today, PeaceHealth is the legacy of its founding Sisters and continues with a spirit of respect, stewardship, collaboration and social justice in fulfilling its Mission. 

We offer competitive compensation, a robust benefits package and a collaborative, Mission-driven work environment! To learn more about working at PeaceHealth and the community please visit our homepage: www.careers.peacehealth.org

Get a feeling for the Spirit of PeaceHealth through this three-minute video, and visit us on Facebook or LinkedIn!

Questions? Review our Employment FAQ or email [email protected]. Please note this email does not accept resumes or applications.

See how PeaceHealth is committed to Inclusivity, Respect for Diversity and Cultural Humility.

For full consideration of your skills and abilities, please attach a current resume with your application. EEO Affirmative Action Employer/Vets/Disabled in accordance with applicable local, state, or federal laws.