DIRECTOR, SECURITY INCIDENT RESPONSE & STRATEGY

Job Description

Summary: The Director of Sec Incident Response and Strat Relations leads and directs the response efforts around any potentially significant security incidents and strives to protect the confidentiality and integrity of patient, employee, and business information in compliance with organization policies and standards. These efforts include enhancing our cyber intelligence posture/capabilities, ensuring on-going communications between our various business departments, and utilizing both internal and external threat intelligence resources to increase our security readiness and reduce response time, continuously improving our corporate cyber security and incident response posture.

Company Overview: Envision Physician Services is a leading national medical group focused on delivering high-quality care to patients when and where they need it most. You'll find clinicians and clinical support professionals across the nation who are proud to call Envision home. We welcome teammates of every background and work in communities that reflect the racial, ethnic, gender, sexual orientation, and economic diversity of our country.

Benefits: At Envision Physician Services we offer benefits at the speed of your life. Our wide range of health and welfare benefits allow you to choose the right ones for you and your family. Best of all, qualifying employees are eligible to enroll from day one, so you can rest easy knowing you and your loved ones are protected. Envision Healthcare offers a variety of health and welfare benefit options to help protect your health and promote your wellbeing. The benefits offered include but not limited to: Medical, Dental, Vision, Life, Disability, Healthcare FSA, Dependent Care FSA, Limited Healthcare FSA, FSAs for Transportation and Parking & HSAs.

Paid Time Off: Envision Physician Services offers paid time off, 9 observed holidays and paid family leave. You accrue Paid Time Off (PTO) each pay period and depending on your position and can earn a minimum of 20 days and up to 25 days per calendar year.

Responsibilities

• Leads as an internal, information security risk consultant to the organization, serving as an authoritative internal resource in all aspects related to threats and incidents
• Directs employees by supporting, coaching, training, assisting with time management and performing evaluations; should conduct regular meetings with all direct reports.
• Establishes relationships between internal teams (e.g., Legal, IT, Compliance) and external (e.g., law enforcement agencies, vendors, and public relations professionals)
• Evaluates the company's ability to manage and respond to cyber-attacks from a business process and technical level, and across all levels of an organization (e.g. leading monthly incident response exercises)
• Assists with security awareness efforts by presenting at various company functions, regional offices, etc., and providing/coordinating security training as needed
• Identifies business exposures resulting from cyber-attack vectors (e.g. insider threat, competitive intelligence, supply chain, distribution, and materials security, etc.);
• Evaluates the company's ability to respond to interruptions resulting from cyber-attacks (e.g. works with IT on their business continuity planning)
• Researches and collects information on threats to the organization through communication with other partner institutions, mailing lists, open-source news, and industry partnerships, translating how the myriad of threat factors (geopolitical, competitive, criminal, and market threats) in conjunction with cyber-attack vectors used to disrupt business operations, can impact the company
• Provides awareness to internal teams and leadership on changes to the cyber threat landscape
• Publishes internal threat intelligence products and intelligence briefings to provide actionable information to tactical and strategic stakeholders; such as local and federal agencies.

Qualifications

• Must be able to handle multiple, simultaneous tasks effectively and efficiently while maintaining a professional, courteous manner.
• Must be able to work well with others.
• Strong verbal and written communication skills required.
• Must be detail oriented and organized.
• High integrity, including maintenance of confidential information.
• Must be able to exercise good judgment and positively influence and lead others, including handling confrontations with poise and efficiency.
• Working knowledge and experience with MS office with proficiency in Excel
• Ability to work a flexible schedule, including some evenings and weekends as approved in advance.
• Ability to travel as needed (5-10%)
• Bachelor's degree in related field from an accredited college or university or relevant equivalent experience.
• Minimum of ten (10) years of experience working with security controls, frameworks, and regulatory requirements.
• Cyber threat in healthcare industry experience required.
• Knowledge of HIPAA, NIST, SOX, PCI DSS and ISO principles, concepts, and practices.
• Active CISSP/CISM or equivalent security certification preferred.

If you are ready to join an exciting, progressive company and have a strong work ethic, join our team of experts! We offer a highly competitive salary and a comprehensive benefits package.

Envision Physician Services uses E-Verify to confirm the employment eligibility of all newly hired employees. To learn more about E-Verify, including your rights and responsibilities, please visit www.dhs.gov/E-Verify.

Envision Physician Services is an Equal Opportunity Employer.