JOB SUMMARY The AVP, Security Infrastructure position in Infrastructure Services works with all areas of IT&S and Facility based Information Technology staff in researching, recommending, developing, coordinating, implementing, maintaining and administering an overall HCA-wide information systems security program which will increase the focus on security company-wide and positions the organization for HIPAA requirements. The scope of the security technology program includes all plans, standards, procedures, assessments and authorizations necessary to ensure the protection of HCA information from compromise, destruction and unauthorized manipulation while processed, stored or transmitted by HCA systems. This position functions as the primary security interface with Solutions Development and Integration, Architecture and Advanced Technology, Business Solutions, eHC, and Senior Executive Management as well Facility management. GENERAL RESPONSIBILITIES In conjunction with Infrastructure Services Directors and Assistant Vice Presidents, sets security infrastructure standards, design and integrate policies and principles that conform to the IT security strategy as defined by the IT&S CTO and Security Officer, and meets the needs of the company in terms of security delivery. Manages an operational Security group of 20-25 people. Responsible for Intrusion detection, hardening systems, auditing environments and applications for vulnerabilities, consulting with field to find secure ways to conduct business. Oversees development, implementation and maintenance of Security Integration relevant processes, infrastructure and standard operating procedures; insures compliance with all IT procedures and work processes. Operational experience is necessary.Communicate the standards, policies and principles to all areas of IT&S and Facility based Information Technology professionals. Assist in setting the security skill development curriculum for field technical staff.Review and approve security infrastructure component standards for adherence to HCA’s Security standards, design and integrate policies and principles.Understands and has a wide scope of experience in security technology, including infrastructure, risk management, project management and participation (ERP), system access controls administration, access violation analysis, computer crime and abuse inquiries and incident response. Provide advice, guidance and assistance to HCA Executive management relative to Information Systems Security matters. Identify all government, customer and HCA requirements necessary for the protection of information processed, stored or transmitted by HCA; Interpret those requirements; Develop, implement and administer plans, policies, standards and procedures. Ability to simplify and communicate complex technical concepts to others. Knowledge of Healthcare regulatory issues as it relates to electronic security.Facilitates integration of new technology and applications for the Enterprise. All with other operational areas, shares responsibility for high availability service levels for all platforms. strategic planning and development of high-level security policies for HCAKeep current on industry security directions and relate their applicability to the HCA IT&S mission. Responsible for continuous operational improvement within assigned scope.Develop and maintain high- level technical relationships with key technology vendors for the purpose of improving Infrastructure Services’ ability to successfully implement solutions.Recognized by individuals both inside and outside the organization as being a leader in security knowledge strategy and security implementation.Responsible for directing and developing direct reports. Responsible for the following functional areas: Security Integration Administration (annual budget approximately $1.8M Security Consulting & Support Operational Audit & Reporting, Virus Prevention and Incident Management Security Infrastructure Directory Services HIPAA Group Administration DIRECTION RECEIVED/RESPONSIBILITY FOR OTHERS Provides guidance as to the development of goals and objectives of his area.Develops the functional areas measurements and goals which correspond to the department and company goals. Responsible for administering all aspects of the company incentive compensation plan and human resource guidelines for Security Integration. EXPERIENCE/EDUCATION 10 – 15 years experience in the security field of Information Systems for Healthcare and/or a related industry.Advanced Technical Security and/or related education/experience.Exposure to large Information Systems organizations. COMPANY HCA owns and operates 200+ hospitals across the US as well as internationally. HCA uses leading edge technology and has an IT department of over 1000 IT professionals. Visit our website at hcahealthcare.com. This position is located in Nashville, TN. We do provide a relocation package. Please e-mail resume to: [EMAIL PROTECTED]
