Director - Information Security Operations (1.0FTE, Days)
1.0 FTE, 8 Hour Day Shift
At Stanford Children’s Health, we know world-renowned care begins with world-class caring. That's why we combine advanced technologies and breakthrough discoveries with family-centered care. It's why we provide our caregivers with continuing education and state-of-the-art facilities, like the newly remodeled Lucile Packard Children's Hospital Stanford. And it's why we need caring, committed people on our team - like you. Join us on our mission to heal humanity, one child and family at a time.
This paragraph summarizes the general nature, level and purpose of the job.
Reporting to the Chief Information Security Officer (CISO), the Director of Security Operations is responsible for leading the Information Security Operations team. This role is expected to backup and serve as a trusted lieutenant of the CISO. The Director role requires technical acumen and leadership savvy and will lead a team that provides: security infrastructure and services management and threat detection and response. This includes but is not limited to the selection, scoping, deployment, and operation of information security tools and systems, management of firewalls, endpoint protection, IPS, malware detection, DLP, anomaly detection and encryption tools. Provides subject matter expertise in security infrastructure architecture design and partners and collaborates with other technology partners/experts to provide secure solutions to resolve overall infrastructure and security infrastructure design and implementation challenges. Maintains ownership of the firewall change approval process and provides oversight to any managed security service providers who provide our firewall services. Acts as the primary liaison with the outsourced Security operations center (SOC) and works with CISO on continuous improvement of SOC operations. Works in collaboration with the CISO to update our adherence to the NIST Security controls and to develop and implement the Security roadmap based on NIST Security Controls.
The Director, Security Operations oversees the security review and exceptions programs. This includes assessing risk and ensuring that Stanford Children’s Health technologies and services are consistent with security standards through architecture review, threat analysis and required compliance obligations.
The essential functions listed are typical examples of work performed by positions in this job classification. They are not designed to contain or be interpreted as a comprehensive inventory of all duties, tasks, and responsibilities. Employees may also perform other duties as assigned.
Employees must abide by all Joint Commission Requirements including but not limited to sensitivity to cultural diversity, patient care, patient rights and ethical treatment, safety and security of physical environments, emergency management, teamwork, respect for others, participation in ongoing education and training, communication and adherence to safety and quality programs, sustaining compliance with National Patient Safety Goals, and licensure and health screenings.
Must perform all duties and responsibilities in accordance with the Service Standards of the Hospital(s).
Security Infrastructure Management
- Evaluates pending and post-implementation changes to the Stanford Children’s Health Infrastructure (solutions, network connectivity and/orservices) to identify security risks, adherence to security policies and drive secure resolution to these identified issues
- Validates the effectiveness of Stanford Children’s Health defensive systems and assess threats to the environment and enacts appropriate changes to security defense posture, architectures and designs
- Manages and oversees the efforts of the outsourced Firewall Services team
- Collaborates with appropriate Information Services teams to execute various security projects (upgrades, new implementations, etc.); evaluates and implements new security technology controls and solutions
- Ensures proper change management and oversight of changes to security controls (including but not limited to firewalls, endpoint protection, IPS, malware detection tools, DLP, anomaly detection and encryption tools) and solutions
- Provides security subject matter expertise to the Information Security and Information Services teams where requested and in response to pending and/or realized incidents
Management of Threat Detection and Response
- Leads the CERT and manages incidents through to conclusion, including but not limited to, conducting post mortem analysis and developing preventative actions
- Ensures appropriate tools and services are in place to rapidly detect and respond to threats to SCH, Stanford Medicine and our trusted partners
- Oversees the analysis of network, system, and security events to determine whether an incident has occurred and leads appropriate response actions
- Creates detailed reports on incidents within the enterprise to include trends, remediation steps taken, and feedback on how to prevent future incidents
- Manages and oversees the efforts of the outsourced SOC
- Ensures threat response plans are in place and regularly exercised
- Develops, documents and manages containment strategies recommending actions to mitigate the risk associated with intrusion attempts
- Researches, implements and maintains proficiency in response and detection tools, countermeasures and attack method trends
- May work with Federal and/or state and local law enforcement agencies
- Develops, trains and mentors members of the Information Security Operations team to grow their technical and professional capabilities and skill sets
- Defines and manages a set of interconnected processes
- Effectively builds and manages the budget for Security Operations
- Measures andreports on operational effectiveness and efficiency; set goals and measure performance
- Communicates regularly and clearly to a wide variety of technical and non-technical audiences
- Develops vision and strategy for the team
- Resolves disputes within the team and across the larger Stanford Children’s Health functional teams
- Defines clear roles and responsibilities and establish accountability
- Leads complex information security projects through to successful completion
Any combination of education and experience that would likely provide the required knowledge, skills and abilities as well as possession of any required licenses or certifications is qualifying.
Education: BA or BS in Computer Science, Management Information Systems, or related field, from an accredited college or university or equivalent experience.
Experience: Seven (7) years of progressively responsible and directly related work experience.
License/Certification: CISSP (Certified Information Systems Security Professional). CISM preferred
Knowledge, Skills, and Abilities
These are the observable and measurable attributes and skills required to perform successfully the essential functions of the job and are generally demonstrated through qualifying experience, education, or licensure/certification.
- Strong leadership skills with demonstrated ability to prioritize and execute in a methodical and disciplined manner. Previous experience managing and leading a team within an Information Security Department
- Thorough understanding of network defense technologies, TCP/IP networking, Active Directory, DHCP, DNS, tunneling, WAN/LAN connectivity, network security monitoring tools, secure engineering principles and technical security testing
- Advanced knowledge of the threat landscape and a working knowledge of global threats to cyber security and understanding of the tools and tactics utilized by threat actors
- Expert level Windows, Mac, Linux and Unix experience including deep knowledge of file system layout, log file analysis and scripting (Perl, Python, or other) for automation, debugging and parsing purposes
- Strong analytical and problemsolving skills are required; ability to useindependent judgment to make sound, justifiable decisions and act in a timely and effective manner to solve problems
- Customer-focused mindset, with demonstrated skill in managing expectations, providing proactive status updates, and producing high-quality work product
- Knowledge of information security standards (e.g., ISO 17799/27002, etc.), rules and regulations related to information security and data confidentiality (e.g. HIPPA, PCI, DSS, etc.). Knowledge of local, state and federal regulatory requirements related to areas of functional responsibility
- Excellent communication (oral, written, presentation), interpersonal, and consultative skills; the ability to present to diverse audiences of varying organizational levels. Ability to deliver succinct and fact-based communications, both verbally and in writing
- This position may require some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities. The director should be prepared to back up the Chief Information Security Officer, as necessary
- Ability to plan, organize, prioritize and work both independently and in a collaborative team environment to work through security issues and meet established deadlines.
Physical Requirements and Working Conditions
The Physical Requirements and Working Conditions in which the job is typically performed are available from the Occupational Health Department. Reasonable accommodations will be made to enable individuals with disabilities to perform the essential functions of the job.
Expertise in network, mobile, cloud, cryptography, web, operating systems, and SANs also desirable. Other industry standard certifications such as MCSE, CCSE, or CCNA
Equal Opportunity Employer