Join the transformative team at City of Hope, where we're changing lives and making a real difference in the fight against cancer, diabetes, and other life-threatening illnesses. City of Hope’s growing national system includes its Los Angeles campus, a network of clinical care locations across Southern California, a new cancer center in Orange County, California, and treatment facilities in Atlanta, Chicago and Phoenix. Our dedicated and compassionate employees are driven by a common mission: To deliver the cures of tomorrow to the people who need them today. 

** This is a Fully Remote Opportunity within the United States**

The System Executive Director, Technology Risk Management (ED, TRM) provides overall direction, planning and implementation of a security governance and strategic plan. Additionally, the System ED, TRM will define and establish all enterprise policies and procedures, to ensure the confidentiality, integrity, and availability of City of Hope (COH) sensitive data.

The System ED, TRM is jointly responsible, along with the CISO and CIO, for creating and maintaining a governance structure that promotes full cooperation between and the efficient cross-functional operations of the information security function and the ITS Infrastructure function. The System ED, TRM, in cooperation with the CISO, provides the Board and its committee’s regular reports on the maturing of this governance structure and the creation at City of Hope of an industry-best practice.

The System ED, TRM fosters an environment that demonstrates to stakeholders (patients, Researchers, Clinicians, and Administrative staff) that security is of paramount importance, is dealt with in a systematic and proactive manner and that critical information is properly safeguarded.

The System ED, TRM establishes and maintains a security framework as a mechanism to baseline COH’s information security policy. Regularly report on enterprise risk, security measures, and maturity at all levels of the enterprise, including:  executive leadership, senior leadership, and management.

In addition to the System ED, TRM’s duties and responsibilities serving City of Hope National Medical Center, the Beckman Research Institute, the Medical Foundation, and City of Hope various community centers, the ED, TRM will be expected to provide, as needed, expertise guidance and advice for City of Hope affiliates and business initiatives.

As a successful candidate, you will:

• Develop and architect an enterprise wide information security program that will ensure the integrity, reliability, privacy, and availability of information and systems.

• Perform regular, periodic reviews of any security testing that is performed (vulnerability scans, application code, etc…

• Define and approve software and application controls and periodically review controls.

• Define and approve host and network-based controls and periodically review of network perimeter controls.

• Provide ongoing input into data classification in terms of in-scope data types based on regulatory and compliance obligations.

• Define policy for incident response and thresholds for notifications.

• Manage investigations, acting as the interface point with HR, Legal, and Compliance. Act as Liaison with external law enforcement and relevant agencies.

• Establish a cybersecurity risk management program that effectively reports on risk based on qualitative and quantitative metrics.

• Prepare and oversee the cybersecurity third party risk management program and report on risk to the relevant committee and bodies.

• Conduct regular information security and HIPAA gap analyses which include a review of administrative, physical, and technical safeguards, including documentation and systems.

• Prepare the security portion of the organization’s disaster recovery and business continuity plans for information systems.

• Create, document, implement, and enforce policies and procedures that comply with HIPAA, GLBA, and PCI.

• Assist Internal Audit in the development of appropriate criteria needed to assess the level of new and existing applications and/or technology infrastructure elements for compliance with enterprise security standards

• Ensure compliance to security standards and best practices for new applications and infrastructures by reviewing/auditing applications, systems, and networks.

• Establish internal control systems to ensure the appropriate information access levels are in place.

• Monitor changes in legislation and accreditation standards that affect information security.

• Manage and provide professional development to the City of Hope IT security staff consisting of a Manager and several Data Security Analysts.

• Follows established City of Hope and department policies, procedures, objectives, performance improvement, attendance, safety, environmental, and infection control guidelines, including adherence to the workplace Code of Conduct and Compliance Plan.  Practices a high level of integrity and honesty in maintaining confidentiality.

• Performs other related duties as assigned or requested.

Your qualifications should include: 

Bachelor’s degree in related discipline plus ten (10) years of directly related experience in business continuity planning, auditing and risk management as well as contract and vendor negotiation, with at least seven (7) years in a leadership capacity

~or~

Thirteen (13) years of directly related experience in, auditing and risk management as well as contract and vendor negotiation, with at least seven (7) years in a leadership capacity

Preferred Education: Master’s Degree in Public Administration, area of assignment, Business Administration or related field.

City of Hope employees pay is based on the following criteria: work experience, qualifications, and work location.

City of Hope is an equal opportunity employer.

To learn more about our Comprehensive Benefits, please CLICK HERE.