Director of Health IT Security Operations

  • Job Reference: 462847538-2
  • Date Posted: 2 January 2022
  • Recruiter: MLK Community Healthcare
  • Location: Los Angeles, California
  • Salary: On Application
  • Sector: Executive Positions
  • Job Type: Permanent

Job Description

If you are interested please send your resume to and apply online.

Position Summary

The Director of Health IT (HIT) Security Operations is a critical resource at MLK Community Healthcare (MLKCH) because the role ensures the organization's technology backbone is continually available to carry out it's mission - to provide compassionate, collaborative, quality care, and improve the health of our community.

The Director is responsible for maintaining and continually optimizing MLKCH's Health Information Security Program comprised of four key pillars - Governance, Risk Management, Cybersecurity Operations, and Incident Readiness. Maintaining our security posture requires leading the day-to-day operations of the HIT Security team, collaborating with the Senior Director of Health IT Operations, our Director of Compliance (MLKCH's Compliance Officer), and leading MLKCH's HIT Security Council. This position reports to the Chief Information and Innovation Officer.

Essential Duties And Responsibilities
  • Manage HIT security operations, infrastructure, and systems.
  • Staff, manage, and develop the HIT Security team.
  • Lead MLKCH's HIT Security Council and be accountable to the Council for adherence to MLKCH's policies, security controls, readiness, system/infrastructure hardening & patching as well as the overall performance of MLKCH's Health Information Security Program.
  • Keep abreast of and ensure adherence to regulatory compliance requirements as well as HIPAA Security Rule 45 CFR 308(a)(1), and the NIST Cybersecurity Framework.
  • Assess and respond promptly to the industry's cybersecurity threat bulletins.
  • Develop and maintain documentation related to the security architecture, systems, etc.
  • Develop and manage all HIT related compliance policies and procedures and assist in enforcing the organization's compliance to them.
  • Adhere to MLKCH's Change Control procedures with respect to any and all changes to the HIT security infrastructure, architecture, and systems.
  • Develop and direct HIT compliance control monitoring programs to ensure risks are managed to the appropriate level of acceptable residual risk.
  • Manage MLKCH's annual HIT Security Assessment and other audit-related tasks.
  • Administer MLKCH's 3rd Party Risk Management Program and manage the regulatory, commercial and organizational, inherent and residual IT compliance risks.
  • Administer MLKCH's HIT Security Awareness and Training Program, periodically educate end users, conduct at least bi-monthly phishing campaigns, and audit end user adherence to HIT compliance controls.
  • Administer MLKCH's Incident Response and Cybersecurity Readiness Program, conducting at least two tabletop exercises annually, developing the after action report, and ensuring gaps are closed. Maintain MLKCH's Incident Response Procedure, playbook, and other related policies.
  • Collaborate with MLKCH's Emergency Response Team, participate in the Emergency Preparedness Committee, and ensure HIT incident response procedures align with the organization's emergency response procedures.
  • Maintain and continually audit System Access Control and Identity Access Management.
  • Ensure HIT infrastructure, systems, devices, workstations, etc. are continually hardened and patched and certificates are renewed on a timely basis.
  • Participate in MLKCH's Value Analysis Committee for the purposes of ensuring medical equipment and devices are assessed for health information risk and risks are mitigated.
  • Manage the HIT security of MLKCH's medical equipment, devices and Internet of Things. Coordinate a periodic 3rd party assessment of device management.
  • Support and assist the Sr. Director of Health IT Operations in the development of the overall HIT HIT security-related budget/financial spend in accordance with the desired HIT compliance risk appetite of the organization. Ensure adherence to the budget.
  • Maintain requirements for our cybersecurity and other information technology insurance policies.
  • Maintain and HIT Security Dashboard and present an annual review of our Health Information Security Program to our Board of Directors.
  • Maintain and manage HIT security-related vendors.
  • Participate in HIT's leadership team's on-call rotation.
  • Other duties as required.
Position Requirements
  • Education
  • A bachelor's degree in information systems is preferred or 5+ years of equivalent work experience. CISM and/or CISSP Certifications are preferred.
  • Qualifications/Experience
  • 5+ years of IT security audit or IT compliance experience
  • 3+ years of program and project management experience
  • 2+ years serving in a healthcare setting
  • Prior experience working within an information technology organization supporting enterprise level IT functions and processes
  • Prior experience in management consulting, IT governance, and change management is a plus
  • Demonstrated skills in either desktop security or network security
  • Special Skills/Knowledge
  • High level understanding of IT Audit and risk-based audit approaches
  • High level knowledge of Health Care Security, Risk, and Compliance methods and technologies
  • Understanding of global and domestic regulations and standards (PCI, PII, EU Safe Harbor, HIPPA, COFA)
  • Understanding of ISO 27001/27002 framework
  • Strong project management skills with proven track record for delivering results
  • Strong organizational skills: ability to balance multiple tasks simultaneously
  • Excellent interpersonal skills; comfortable dealing with a large span of people from middle tier management to business analysts
  • Strong relationship management skills; recognizes the benefit of investing in relationships
  • An excellent understanding of business ethics and the ability to keep sensitive information confidential
  • Strong critical thinking and problem-solving skills; knows when to escalate issues and risks to upper management
  • Strong communication skills - verbal, listening, written, and presentation
  • Strong desktop application skills (MS PowerPoint, Word, Excel, SharePoint, Project, Visio etc.)
  • Strong network infrastructure technology skills preferred
  • Strong endpoint operating system knowledge and skills preferred