Purpose of Class:
This position provides the day to day management of the UConn Health IT Security Team responsible for information security and risk management programs. The IT Security Director serves as the process expert and acts as the central point of contact for Information Security issues. The Director serves as a change agent for business operations promoting understanding of technology security risks and the role and responsibility of the community in maintaining information security.
Works under general supervision of the UConn Health Chief Information Officer or designee.
Supervises employees as assigned.
EXAMPLES OF DUTIES:
- Leads a team of security analysts, It professionals and vendors who safeguard UConn Health assets,intellectual property and computer systems which contain confidential information about patients, students and employees.
- Implements and monitors compliance with UConn Health and University information security policies and procedures.
- Identifies and resolves any security issues on the UConn Health data network through analysis, physical monitoring, forensics, incident response.
- Configures and tests security systems (including telecommunication and network using appropriate “best practices” and technologies such as but not limited to, cryptography, firewalls, access control systems, two factor authentication, identity access management, and major operating system and application security .
- Monitors security controls to ensure that appropriate information access levels and security clearances are maintained.
- Reviews all system-related information security plans throughout the institution’s network and develop safeguards against accidental or unauthorized modification, destruction, or disclosure.
- Performs information security risk assessments and serves as the internal auditor for information security processes.
- Serves as the information security consultant and monitors changes in legislation and accreditation standards that affect information security.
- Serves as the information security liaison for users and promotes activities that foster security awareness within the institution.
- Assists and supports in business continuity planning and implementing security or disaster recovery actions.
- Recommends “best practice” related to data retention and discovery platforms . Lead incident response planning as well as the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as necessary.
- Performs personnel actions with assigned staff such as, but not limited to, work assignment schedules and reviews, performance evaluation review, disciplinary action, etc.
- Keeps technically current with “best practices” and monitors advancement in information security technologies/environment.
- Performs other related duties as required.
MINIMUM QUALIFICATIONS REQUIRED:
KNOWLEDGE, SKILLS AND ABILITY:
Proficient knowledge of all security architecture and design used in a complex system infrastructure including, but not limited to, firewall technologies, encryption based security safeguards and standards, access control methodologies, major operating system security configurations, two factor authentication, identify access management, security event management, cryptographic controls; strong network security understanding in a multi-protocol LAN/WAN environment including TCP/IP, ISPEC, SSL and HTTP; strong understanding of host and network intrusion detection and monitoring technologies; knowledge of regulations that affect information technology, including HIPAA;demonstrated experience with litigation hold processes; technical leadership skills to provide world-class information system solutions; excellent cross functional relationship building skills; effective written and verbal communications skills and ability to interact with senior management; ability to create and maintain a strategic plan for IT security initiatives with a rolling three (3)-year horizon; ability to organize and lead project activities.
EXPERIENCE AND TRAINING:
Ten years’experience in similar role within IT, preferably in an Academic Medical Center or Health Care industry setting, with at least 5 years in a senior analyst role. Additional experience includes: Data Center Server management, network switching management; security appliance implementation and management; security data log auditing.
Bachelor’s degree may be substituted for two (2) years of the general experience.
Must have Information Systems Security Professional (CISSP) certification or equivalent.
Schedule: 40 hours per week, 8:00am – 5:00pm with a 30 minute meal break
May be required to work minor holidays and weekends as needed.
Full Time Minimum Salary: TBD