Back to Jobs

Chief Information Security Officer

Carilion Clinic Roanoke, VA

This position has been filled.

Carilion Clinic has retained Kirby Partners to identify, qualify, and present individuals for their Chief Information Security Officer position.
As a key member of the SVP/CIO’s leadership team, the Chief Information Security Officer will have the opportunity to lead an information security team as they establish a strong security culture. Carilion Clinic, a nationally recognized not-for-profit healthcare system in Roanoke, Virginia, serves approximately one million residents in Western Virginia through their comprehensive network of hospitals, primary and specialty physician practices and other complementary services. With 696 employed physicians representing more than 76 specialties, the healthcare system seeks to advance care through medical education and research. Key Network Indicators:
  • $1.7 billion (net) total revenue
  • 12,800 employees
  • 1,026 licensed beds
  • 50,399 admissions
 Chief Information Security Officer position opening at Carilion Clinic
 
Chief Information Security Officer Position Description:
Carilion Clinic is hiring the organization’s first enterprise Chief Information Security Officer. The organization is looking for the CISO to provide an enterprise information security vision and grow the security environment. Carilion Clinic has a patient-focused culture; this position will work closely with research and physicians, and the Epic team. The CISO is responsible for developing long-term information security strategies including, but not limited to, network security, computer and device security as well as application and data security. The CISO leads the response to IT security incidents, serving as primary IT contact point for information security matters that require coordination within the central IT organization as well as the enterprise. The information security program is well funded with a $3M investment over the past three years and is strongly supported by senior leadership and the board of directors. The CISO will oversee a team of eight people which includes two network security engineers and six identity and access management analysts. The CISO will oversee the coordination of IT security matters in collaboration with Carilion Clinic’s legal counsel, internal audit, compliance/risk management, and other departments as appropriate. The position will also provide specialized IT security consulting, materials, programs and analysis related to information security and IT policy. Additional duties include proactive involvement with IT risk assessments, IT security policy and research, evaluating and overseeing implementation of procedural and technical IT security measures for Carilion’s network, applications, computing systems and environments as well as mobile and clinical engineering assets.
Responsibilities
  • Lead governance processes for IT security strategies.
  • Lead strategic security planning to achieve organizational goals by prioritizing defense initiatives and coordinating the evaluation, deployment, and management of current and future security technologies using a risk-based assessment methodology.
  • Develop and communicate security strategies and plans to executive team, staff, partners, and stakeholders.
  • Assist with the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements.
  • Develop, implement, maintain, and oversee enforcement of policies, procedures, and associated plans for system security administration and user system access based on industry-standard best practices.
  • Define and communicate corporate plans, procedures, policies, and standards for the organization for acquiring, implementing, and operating new security systems, equipment, software, and other technologies.
  • Establish standards for the administration of all computer security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and related software.
Upcoming projects:
  • Develop a comprehensive IT security program that includes training and awareness
  • Formalize incident response plan
  • Network segmentation
  • Centralize and streamline identity and access management process
 
Qualifications
  • Over eight years of dedicated IT security related experience
  • Expert technical understanding IT security protocols, technologies, and issues
  • CISSP or CISM
  • Bachelor's degree required; Master’s degree desired
 
For more information about the organization, position, and the community, click the "Full Profile" link (top right sidebar) or click here.