Contessa offers a unique opportunity for individuals interested in being part of an organization that is leading the country in redefining the way care is provided to patients. Contessa’s Home Recovery Care model brings all the essential elements of inpatient care to the comfort and convenience of a patient’s home. The model enables provider organizations and health plans to deliver high-quality, safe and affordable care to patients with non-life-threatening conditions. At Contessa, you will have the opportunity to make a direct impact on the lives of patients and be at the forefront of shaping a pioneering space in the health care industry.
We are seeking a Director, IT Security to join our team. The Director, IT Security plays an integral part in the development, implementation, and compliance of technical security across the enterprise. This Senior leader will have proven experience in growth-oriented businesses in the healthcare information and analytics space with strong competencies in developing and leading information security programs. This position is responsible for developing the IT Security program and policies, managing risks related to information security, physical security, disaster recovery, crisis management, privacy, and compliance. The ideal candidate possesses the intellect and energy to excel in a complex and ever-changing environment, coupled with the poise and ability to act calmly in high-pressure, high-stress situations.
Core Security Activities
- Help maintain a successful information security program including establishing security standards, metrics, processes and procedures working with guidelines and requirements outlined/driven by HITRUST, HIPAA, NIST, SOX, etc.
- Lead internal security audits, external vendor audits and customer audits to ensure compliance with all relevant policies, procedures and regulations. Provide guidance, evaluation, and advocacy on audit responses.
- Evaluate and prioritize risk and act expeditiously in making decisions and recommendations, understanding the factors associated with decision-making in a technological environment as well as the varying needs and viewpoints of the enterprise.
- Investigate and coordinate responses to security incidents in conjunction with Compliance.
- Articulate budget requirements to address risks in a prioritized fashion
- Reports security performance against security metrics
- Coordinate risk management and incident response activities with compliance and legal as needed
Core Compliance Activities
- Primary IT liaison to Chief Compliance Officer and Legal Counsel for all IT related security and compliance activities.
- Complete and/or coordinate all IT related activity for Risk Assessment, OCR audits, or other HIPAA-required IT activity.
- Monitors and improves compliance with respect to Technology-related Administrative, Physical, and Technical Safeguards as outlined in HIPAA (hhs.gov/hipaa).
Disaster Recovery and Business Continuity
- Together with the Chief Compliance Officer, Privacy Officer, and the SVP of Technology, create a risk-appropriate Disaster Recovery plan for the organization.
- Identify key applications for DR/BC, including Recovery Point Objectives (RPO), Recovery Time Objectives (RTO).
- Work across IT teams to institute an appropriate environment that meets business RPO, RTO objectives.
- Provide reports on a regular basis, including preparation of a quarterly security program report, and as directed or requested, keeps senior management informed of the operation and progress of security efforts. Ensure proper reporting of security violations as appropriate or required
- Creates an information security awareness program to ensure staff members across the organization understand the trade-off between risk and return
- Understands “voice of the customer” and develops mechanisms to proactively sense adoption and usage patterns of consumer technologies by end users so that policy can align with need
- Coordinates with technology and business groups to assess, implement, and monitor IT-related security risks/hazards
- Bachelor’s degree in business, computer science, information technology, or equivalent; Master’s degree and/or Security-specific certifications preferred.
- Minimum 5 years’ Information Security experience, with increasing levels of responsibility and oversight as a technical professional.
- Preference for experience in healthcare environments specifically in the areas of HIPAA and Medicare and Medicaid managed care contracting.
- Strong technical skills with hands-on experience in assessing, implementing and managing technical security controls with in-depth knowledge of network, and system architecture and protocols.
- Proficiency in performing assessments (information risk, business impact, control and vulnerability) and in defining remediation strategies.
- Excellent verbal and written communication skills.
- Strong leadership skills and the ability to work effectively with business managers, IT engineering and IT operations staff.
- Experience contributing to strategic planning, budgeting, and allocation.
- CISSP, CISM or similar security certification preferred.
The position is based in Nashville, TN and relocation is not available.
Our team members are our greatest asset. That’s why you’ll find that Contessa has built a culture around trust, open communication, and a unified desire to change the way healthcare is being delivered. It’s important to us that you like your job, are motivated by the work you do every day and feel supported by leadership. Contessa offers a generous compensation and benefits package, a strong belief in a healthy work-life balance and great opportunities for career growth.