Director of Information Security | PAM Health Corporate

The Director of Information Security is responsible for leading PAM Health’s security program, ensuring the protection of systems, data, and compliance with HIPAA security standards. This role oversees day-to-day security operations, risk management, incident response, vendor partnerships, and the development of cybersecurity policies and procedures. The position works closely with leadership and the (v)CISO to strengthen PAM Health’s security posture through continuous improvement, monitoring, and employee education. Additionally, they provide strategic guidance, lead security initiatives, and foster a culture of safety, compliance, and collaboration across the organization.

Position Responsibilities

• Responsible for all tasks associated with the operations of the PAM Health security program including day-to-day security management, event response, security maturity, vendor management, communication and education, etc.
• Responsible for the HIPAA Security compliance program including compliance analysis, remediation projects, and communication.
• Responsible for the PAM Health Security Risk Management program.
• Work with (v)CISO to develop ongoing improvement initiatives to PAM Health security profile.
• Regular communication with leadership regarding security program status and initiatives.
• Manage, maintain and communicate policies and procedures related to information security.
• Designs, develops and tests cybersecurity features, as microservices and cross platform shareable components with high quality design
• Designs, implements, and maintains cybersecurity policies and procedures such as data access controls, acceptable use of technology, password management, and incident reporting procedures
• Translates technical cybersecurity requirements into clear, actionable policies that employees can understand and follow
• Monitors and audits compliance of cybersecurity policies to identify gaps
• Reviews existing cybersecurity policies post security incidents to identify improvements
• Manages multi-functional team coordination, opportunity screening, benefit/cost analysis, vendor selection, schedule and budget oversight, management of consultants/contractors, issue resolution, and reporting.
• Conducts network monitoring and intrusion detection analysis using various computer network defense tools, such as intrusion detection/prevention systems, firewalls and host-based security systems
• Conducts log-based and endpoint-based threat detection to detect and protect against threats coming from multiple sources
• Deploys cloud-centric detection to detect threats related to cloud environments and services used by the organization
• Correlates activity across assets (endpoint, network, apps) and environments (on-premises, cloud) to identify patterns of anomalous activity
• Reviews alerts and data from sensors, and documents formal, technical incident reports
• Works with threat intelligence and/or threat-hunting teams
• Supports the creation of business continuity/disaster recovery plans, including conducting disaster recovery tests, publishing test results and making changes necessary to address deficiencies
• Works with security information and event management (SIEM) to manage/tune the system, create/manage the detection content and actively watch for alerts
• Correlates network, cloud and endpoint activity across environments to identify attacks and unauthorized use
• Researches emerging threats and vulnerabilities to aid in the identification of incidents
• Provides users with incident response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary
• Performs security standards testing against computers before implementation to ensure security
• Provides regular training sessions on intrusion detection and prevention systems, security incident response procedures, threat intelligence analysis, log analysis, etc. within the team

 Leadership

• Inclusiveness: Promotes cooperation, fairness and equity; shows respect for people and their differences; works to understand perspectives of others; demonstrates empathy; brings out the best in others and in his/her team
• Managing Staff: Coaches, evaluates, develops, and inspires staff; sets expectations; recognizes achievements
• Stewardship and Resource Management: Demonstrates accountability and sound judgment in managing company resources; appropriate understanding of confidentiality and company values; adheres to and supports company policies, procedures and safety guidelines
• Problem-Solving: Identifies problems and involves others in seeking solutions; conducts appropriate analysis and searches for best solutions; effectively and efficiently implements appropriate responses to correct problems; responds promptly and effectively to new challenges
• Decision-Making: Makes clear, consistent decisions; acts with integrity in all decisions; distinguishes relevant from irrelevant information; makes timely, appropriate decisions.
• Strategic Planning and Organizing: Understands company vision and aligns priorities accordingly; measures outcomes; uses feedback to redirect as required; evaluates alternatives; appropriately organizes complex issues to desirable resolution.
• Communication: Connects with peers, subordinate employees and all customers; actively listens; clearly and effectively shares information; demonstrates effective oral and written communication skills; negotiates effectively.
• Quality Improvement: Strives for efficient, effective, high-quality performance in self and in the department; delivers timely and accurate results; resilient when responding to matters that are challenging; takes initiative to make improvements
• Leadership: Motivates others; accepts responsibility; maintains high morale in department; develops trust and credibility; expects honest and ethical behavior of self and staff
• Teamwork: Encourages cooperation and collaboration; builds effective teams; works in partnership with others; is flexible; responsive to the needs of others
• Development: Maintains up-to-date skills through involvement with professional organizations and/or continuing education 

Customer Service

• Maintains the highest level of customer service via courtesy, compassion and positive communication.
• Promotes the mission and vision of PAM Health within the work environment and the community.
• Respects dignity and confidentiality by adherence to all applicable policies and procedures.

Education and Training:    

• Desired: Bachelor’s degree or equivalent education and experience
• Preferred: Bachelor’s/Masters degree in computer science and/or information security
• HIPAA, A+, Sec+ certifications preferred

Experience:   

• 5 years+ experience in information security management
• Development and management of Information Security program
• 3 years+ in organizational management

Knowledge, Skills, and Abilities:

• Experience with Windows platforms
• Experience with enterprise cloud environments (Azure, AWS, Google)
• Experience with network routing and firewalls
• Ability to communicate technical information, both verbal and written, to a wide range of users

PAM HEALTH (PAM) based in Enola, Pennsylvania, provides specialty healthcare services through more than 80 locations, as well as wound clinics and outpatient physical therapy locations, in 17 states. PAM Health is committed to providing high-quality patient care and outstanding customer service, coupled with the loyalty and dedication of highly trained staff, to be the most trusted source for post-acute services in every community it serves. Its mission is to serve people by providing compassionate, expert care, and to support recovery through education and research. Joining our PAMily allows you to work in a collaborative environment with colleagues and leadership with exposure to a variety of patient care levels. Aside from our competitive pay, generous paid benefit time, and excellent insurance options, you will also have opportunities for professional growth through our Education Advancement Program. We are excited to learn more about you and hope that you consider joining us on a shared mission to improve the lives of others by being an integral part of our We Care Program. Please take a moment to visit us online at www.PAMHealth.com for a comprehensive look at how we're able to positively impact our local communities.

PAM Health does not discriminate and does not permit discrimination, including, without limitation, bullying, abuse or harassment, on the basis of actual or perceived race, color, religion, national origin, ancestry, age, gender, physical or mental disability, sexual orientation, gender identity or expression or HIV status, or based on association with another person on account of that person's actual or perceived race, color, religion, national origin, ancestry, age, gender, physical or mental disability, sexual orientation, gender identity or expression or HIV status.