Senior Director of IT Security and Infrastructure

Company: Shields Health

Job Title: Senior Director of IT Security and Infrastructure

Location: Quincy/Remote

Reports To: Chief Information Officer (CIO) / Chief Information Security Officer (CISO), Privacy Officer

Who We Are:

Shields Health is an independent, Massachusetts-based medical service provider with a national reputation for blending exceptional customer service with superior technology. Patients, partners and colleagues define our 35 + years of quality healthcare services as a true mark of successful teamwork. Known for our advanced diagnostic imaging, we are a sought after provider - not only because of our technology but also because of our teamwork and tremendous opportunities for professional growth.

About The Role:

The Sr. Director of IT Security and Infrastructure is a pivotal leadership role responsible for overseeing the organization's IT security program, infrastructure, and service desk operations. This role involves strategic planning and execution in collaboration with the CIO to safeguard the company's information assets and ensure robust IT infrastructure. The ideal candidate has experience with the development and execution of the IT strategies, including cloud / data center strategy, user-experience & service delivery strategy, overseeing the design, implementation, and management of IT infrastructure, including networks, servers, cloud services, ensuring optimal performance, security, and scalability. The Sr. Director will be instrumental in shaping security policies, managing security systems, and leading IT service initiatives.

Key Responsibilities:

IT Security Program Management

• Information Security Strategy: Develop and implement a comprehensive cybersecurity strategy that aligns with the company's business goals and objectives.
• Security Governance: Establish and oversee the company's security governance framework and ensure the integration of security into all aspects of the business.
• Risk Management: identify, assess, prioritize cybersecurity risks, and develop strategies to mitigate these risks effectively.
• Compliance: Ensure compliance with industry regulations, standards, and legal requirements related to cybersecurity, including HIPAA, SOC2, and HITRUST.
• Security Policies and Procedures:

Develop and Maintain Security Policies: Establish, update, and enforce IT security policies and procedures to safeguard the organization's digital assets.

• Develop, maintain, and enforce security policies, standards, and procedures to protect company assets and data, including validating and providing design options on Application Security and end-to-end Security controls.
• Incident Response: Develop and oversee the incident response plan, ensuring that the company is well prepared to respond to and recover from cybersecurity incidents.
• Security Awareness:
  • Promote a culture of cybersecurity awareness throughout the organization by providing training and educational programs.

IT Security Education Program: Create and administer a comprehensive IT security training and awareness program to educate employees on security best practices and policies.

• Vendor Security: Evaluate and manage third-party vendor security risks and relationships.
• Security Technology:
  • Oversee the selection, implementation, and management of security technologies and tools, including firewalls, intrusion detection systems, and encryption.

Design and Manage Security Systems: Implement and oversee security systems, including firewalls, intrusion detection/prevention systems, and encryption technologies to protect against cyber threats.

• Security Metrics and Reporting: Establish key performance indicators (KPI's) and metrics to measure the effectiveness of cybersecurity efforts and report to executive leadership and the board, as needed.
• Leadership: Lead your team by building, developing, and mentoring the growth of the security team and oversee the day-to-day activities.

IT Infrastructure Oversight

Direction Setting: Define and manage the direction for telecom, network, storage, and compute services to align with organizational goals and industry standards.

• Designs, directs, manages and oversees infrastructure services by establishing and implementing short/long-term strategies to accomplish the goals and objectives to deliver services to the organization within budget, schedule, and quality objectives.
• Develops and controls the annual operating expenditure and capital expenditure budgets for infrastructure to ensure that it is consistent with the overall strategic objectives of the organization.
• Provides network support that includes installing networked application software, granting access to users, creating user groups, managing shared resources, installing peripherals, and user support and problem solving.
• Contacts software vendors to obtain specifications, pricing, and other purchase related information. Overseeing relationships with third-party vendors and service providers, ensuring the delivery of high-quality services and support.
• Ensures the safety and security of the company's data and systems by establishing proper security procedures and backup strategies that follow established best practices

Service Desk and IT Service Management

Service Desk Oversight: Manage the IT Service Desk to ensure efficient handling of user requests, incidents, and service issues.

ServiceNow Rollout: Lead the rollout and continuous improvement of the ServiceNow platform to streamline IT service management and enhance user experience.

Collaboration with CIO

Strategic Planning: Work closely with the CIO to set strategic direction for IT security and infrastructure initiatives, aligning them with overall business objectives.

Program Development: Contribute to the development and execution of IT strategies and programs to support organizational growth and resilience.

The Skills:

Proficiency in Data Loss Prevention (DLP) tools and strategies.

Expertise in disaster recovery planning and execution.

Experience with security tools such as Crowd Strike, Rapid7, and Fortinet.

Familiarity with ServiceNow platform and IT service management best practices.

Strong knowledge of IT infrastructure components including telecom, network, storage, and compute services.

Proven ability to manage 3rd party vendors and oversee complex IT projects.

• In-depth knowledge of cybersecurity principles, best practices, and industry standards
• Strong understanding of relevant regulations and compliance requirements
• Excellent communication and people skills, with the ability to influence and collaborate at all levels of the organization
• Exceptional problem-solving and decision-making abilities
• Demonstrated experience in leading and developing teams in a fast-paced environment, with a track record of fostering a strong team culture.

About You:

Relevant security certifications such as Certified Information Systems Security Professional (CISSP), HealthCare Information Security and Privacy Practitioner (HCISPP), or similar.

Bachelor's degree in Information Technology, Cybersecurity, or a related field. A Master's degree or relevant advanced qualifications are a plus.

Minimum of 8-10 years of experience in IT security and infrastructure roles, with at least 5 years in a leadership or management capacity.

Minimum of 3 years of experience working in a cloud infrastructure

Previous healthcare experience with a solid understanding of HIPAA compliance

• 5-8 years of progressive leadership experience, including experience leading teams across all technology functions.
• Proven experience leading technology transformation and initiatives.
• Exceptional political savvy, with the ability to navigate complex organizational dynamics and build consensus.
• Outstanding communicator in both oral and written forms, conveying technically complex information and concepts in easily understood terms to a variety of audiences.
• Strong knowledge of IT infrastructure, including VPN and server management.
• Excellent problem-solving skills, particularly in ambiguous situations, with the ability to collaborate with stakeholders across the organization.
• Strong analytic and organizational skills, particularly in planning, communications, process redesign, and problem solving.
• Maintains up-to-date expertise in the operation and application of software and a working knowledge of a wide variety of commonly used hardware and software.
• High degree of flexibility and adaptability, with the ability to manage multiple priorities.

NOTE: It is not intended that this Job Description include all details of the work functions of this position. The employee will perform work of a lower or equivalent classification as required or directed, and work of higher classification for training and development purposes or as situationally warranted.