PeaceHealth is seeking an Information Security Principal - Engineering and Architecture
**Candidate will live in Oregon, Washington, or Alaska by start date. Relocation assistance is available.
Must be fully vaccinated for COVID-19 including 2 doses of a 2-dose series or 1 dose of a 1-dose series plus 14 days beyond the final dose prior to start date.
Responsible for developing and managing the design, planning, facilitation, evaluation, and implementation of information security-related policies, procedures, standards, controls, and technologies in collaboration with Information Security leadership. Provides leadership, expertise and technical direction in collaboration with peers, team members and caregivers from adjacent departments, such as Information Technology (IT), Compliance, Privacy, Legal, Communications and Operations. Responsible for the successful management of outcomes related to significant cross-functional program areas, engaging stakeholders and managing technology systems. Prepares and presents detailed and high-level reports to internal and external stakeholders at multiple levels (up to Vice President). Provides mentoring to team members in alignment with their job role and career path. Provides on-call after-hours support as assigned.
- Independently leads the design, engineering, implementation and operation of significant cross-functional program areas and technology systems.
- Researches and shares current industry trends, emerging threats, best practices, and cutting- edge techniques required to protect the organization. Leads the implementation of strategies and plans to address current and emerging threats and align with best practices.
- Routinely interacts with caregivers and leaders (including senior management) to plan, deliver, and remediate information security objectives across the organization.
- Leads the design, engineering, implementation and operation of information security processes, policies, procedures, standards, systems and controls based on business and technical requirements. Leads the design and implementation of security response automation, integrating various information and information security tools to create fast, intelligent responses to common and/or critical cyber incidents.
- Analyzes and correlates data from information security technology sources, such as endpoint protection, intrusion detection, security event monitors and secure proxies, to identify potential threats and defend PeaceHealth against threats.
- Protects PeaceHealth’s information and information systems by analyzing public and private information sources to develop effective defensive techniques, policies, procedures and standards. Leads information security, technology teams and business stakeholders to respond to and remediate identified vulnerabilities and gaps in security controls, policies, procedures and standards.
- Effectively communicates technical issues and investigative findings to technical and non-technical audiences in written and verbal form. Leads information sharing and integration procedures across information security through the exchange of threat intelligence and cyber security vulnerability assessment data.
- Leads information security assessment activities in collaboration with technical and non-technical teams across the organization. Proactively identifies and develops recommendations related to information security gaps and vulnerabilities in collaboration with stakeholders across the organization.
- Serves as an advisor and subject matter expert on identified information security issues, projects, or any other PeaceHealth initiative that may have an information security implication.
- Leads and facilitates information security work groups, including project management, scheduling, coordination, follow up, status reports and report outs. Leads and responds to security-related investigations and other information security requests across PeaceHealth.
- Leads the development of information security intellectual capital by making process or procedure improvements, enhancing team documentation, conducting informal team training sessions, and creating new team training documents.
- Leads the development and implementation of information security education and awareness policies, procedures, standards and controls in collaboration with stakeholders across the organization. Provides support and assistance to caregivers across the organization related to information security related technology and programs.
- Leads the development and implementation of reports and metrics (e.g., system/control metrics, status updates, risk assessment reports, remediation reports) to support information security measurement and reporting objectives.
- Provides on-call after-hours support on a rotational basis as assigned, including evenings, weekends, and holidays.
- Bachelor's Degree in Computer Science, Healthcare Information Technology, or relevant field or equivalent knowledge and skills obtained through a combination of education, training and experience required.
- Minimum of twelve (12) years of experience in IT, information security, cyber risk management, compliance or a related field required; of which at least 6 years of experience in information security required.
- Leadership experience working with project or technical teams required.
- Healthcare experience preferred.
- Minimum of two relevant information security-related certifications preferred. Examples include: CISSP, CISA, HCISPP, CCSP, CRISC, CIPP/US, CISM, CGIH, GCFA, GNFA, GPEN, GSEC, CEH and Epic Security Coordinator.
- Prior PCI QSA or PCI ISA certification preferred.
- Ability to lead/work independently and collaborate across large program areas/technologies.
- Excellent project management, written and oral communications skills.
- Ability to create and present information in various forms such as textual, graphical and statistical.
- Ability to collect and analyze data to guide decision making while under potentially intense pressure to address security incidents.
- Ability to work collaboratively with and lead a broad range of constituencies and respond to their needs and collaborate effectively towards solutions.
- Ability to effectively communicate technical and non-technical topics to caregivers and leaders across the organization.
- Ability to lead matters of high sensitivity and confidentiality with both professionalism and discretion.
- Hands-on experience implementing and operating three or more common information security tools, such as endpoint protection, intrusion detection, security event monitors, secure proxies, firewalls, encryption, single sign-on, multi-factor authentication, etc.
- Hands-on experience implementing and operating three or more common information security methodologies, such as incident response, risk management, data protection, identity and access management, role-based access control, etc.
- Ability to identify and correlate cyber threats and vulnerabilities.
- Strong understanding of adversarial tactics and techniques.
- Hands-on experience with cybersecurity, ethics and privacy principles, along with related regulatory requirements and industry frameworks (e.g., NIST CSF).
- Knowledge of Microsoft Azure cloud and security services.
For a full job description or questions, contact Jake Baird [email protected]
See how PeaceHealth is committed to Inclusivity, Respect for Diversity and Cultural Humility.
For full consideration of your skills and abilities, please attach a current resume with your application. EEO Affirmative Action Employer/Vets/Disabled in accordance with applicable local, state, or federal laws.