This job listing has expired and the position may no longer be open for hire.

Director IT Security at CareCore National, LLC in FRANKLIN, Tennessee

Posted in General Business 30+ days ago.

Type: Full-Time

Job Description:


This position is responsible for leading a team of security professionals to refine the definition, guidance and alignment of eviCore's information security audit and assurance functions. This includes management and transformation of eviCore's security policies and standards, development of an information security controls assurance program as well as leading the SOC2 and HITRUST attestations. Additional duties include leading the Identify and Access Management function as well as coordinating and managing the security posture and deliverables of internal and external service providers of eviCore.

Responsibilities include:

  • Lead internal security audits, external vendor audits and customer audits to ensure compliance with all relevant policies, procedures and regulations.

  • Advance eviCore's compliance with the HITRUST Common Security Framework

  • Lead the organizations effort to develop, refine and publish information security policies, procedures, standards and guidelines.

  • Actively participates in committees as security representative, responds to RFP's, and assess all potential new vendors for security risk.

  • Lead or act as a key stakeholder in the implementation of related security products including GRC, IAM and PUMA

  • Lead security staff in perform access management for applications, servers and databases

  • Mentor and lead a team of security engineers both onshore and offshore to ensure quality deliverables

  • Support CISO in the creation of an enterprise IT security scorecard

  • Support CISO with development of security product and service roadmaps, budget plans and staffing requirements.

Minimum Experience Required

  • BA/BS degree in MIS/Computer Science or related degree strongly preferred

  • Minimum 8-10 years in IT security, healthcare domain a plus

  • Specific years of experience may serve as substitution in some areas

Required Skills

  • Experience in security risk assessment and internal security consulting

  • Strong capability to work and partner with key business leads to understand business strategies and drive business results

  • Ability to evangelize change, to guide, mentor and grow security professionals and to integrate people, team and processes

  • Ability to travel domestically and internationally as needed

  • Demostrated ability to delegate and empower others

  • IT security and general controls audit and assessments

  • Knowledge/experience in HITRUST CSF

  • IT policy management

  • Knowledge/experience on security tools including governance, risk and compliance tools a plus

  • Proficiency in Microsoft Office suite of tools

  • General understanding of the healthcare and health insurance businesses

  • Ability to conduct meetings with various business and IT personnel