Director of Information Services Risk / Controls - Security

Confidential Company  •  Houston, TX
Salary depends on experience
Posted on 10/10/17
Confidential Company
Houston, TX
Business Services
Salary depends on experience
Posted on 10/10/17


We are searching for a Director of Information Security in Risks / Controls – someone who works well in a fast-paced hospital setting. In this position, you’ll establish and maintain a corporate-wide information security management program to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating and reporting on information securityrisks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the organization.


This role requires that you influence change in an organization, and do it at many levels with your leadership and experience. We are looking for someone who has “been there before”, and can demonstrate a technical knowledge as well as a managerial flare. Can you make collaborative change where it counts? This role will work in the medical center at our Feigin Building.


Think you’ve got what it takes?

Responsibilities :

  • Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization
  • Develop, maintain and publish up-to-date information security policies, standards and guidelines
  • Oversee the approval, training, and dissemination of security policies and practices
  • Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation
  • Provide direction, support and in-house consulting for development and implementation plans and procedures for business continuity and disaster recovery
  • Define and facilitate the information securityrisk assessment process, including the reporting and oversight of treatment efforts to address negative findings
  • Develop and enhance an information security management framework including log management, review of controls, review of output from security monitoring applications and devices
  • Facilitate a metrics and reporting framework to measure the capability of the security framework
  • Create, communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers
  • Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls
  • Monitor the external threat environment for emerging threats, and react accordingly


  • Bachelor’s Degreerequired in Computer Sciences/MIS
  • Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is preferred
  • Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard
  • Ten to fifteen years of experience in a combination of risk management, information security and IT jobs
  • At least eight years must be in an information security role
  • At least five years in an IT leadership role – preferably in information security
  • Information TechnologyInfrastructure Library (ITIL) certification is preferred
  • Knowledge of Budgeting and Variance Analysis, Regulatory Standards/Regulations, Hospital operations and Data analysis
  • Have excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences
  • Has proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment
  • Has a managerial skill needed for providing limited supervision for one or more functions within a department
  • A high degree of analytic ability and inductive thinking is required to devise new, non-standard approaches to highly intricate, technically complex problems
  • Requires regular contacts with internal persons of importance and influence involving considerable tact, discretion and persuasion in obtaining desired actions and/or the handling of difficult personal relationships

Job ID: 144953

Not the right job?
Join Ladders to find it.
With a free Ladders account, you can find the best jobs for you and be found by over 20,0000 recruiters.