Enable America Jobs

The Director of Information Security is responsible for developing, implementing, and monitoring a strategic, comprehensive enterprise cybersecurity and IT risk management program. Reporting to the Chief Information Officer (CIO), this role provides the vision and leadership necessary to manage organizational risk, ensuring business alignment, effective governance, and the availability, integrity, and confidentiality of systems and products. Additionally, the Director of IT Security oversees the development and management of the organization's information security strategy and programs, leads a team of security professionals, secures information assets, manages security risks, and ensures compliance with regulatory requirements. This position is crucial in protecting the organization's data and maintaining the integrity of its IT infrastructure.

The Director of Information Security is responsible for various areas of IS risk management and compliance and enterprise security architecture, managing audits of financial systems, Health Insurance Portability and Accountability Act (HIPAA), and other regulatory bodies related to IT-managed and supported systems. The Director of Information Security maintains policies and procedures that relate to successfully meeting the relevant compliant regulations and guidelines while meeting the business needs and goals of IS and Maxim. Other key areas for the Director of Information Security include Disaster Recovery planning and execution in support of the overall Business Continuity Planning.

The Director of Information Security works closely with all IS and business functions and senior management to develop standard processes, such as validation of systems, audit policies, change control policies, security policies, etc., in each of the key areas of IS. The Director of Information Security partners with other IS teams in developing the enterprise risk and compliance strategy for each of the respective areas of responsibilities, developing a road map, and overseeing the execution of the plan with the respective teams in a matrix organization to meet the strategic goals. This role also investigates industry risk and compliance trends and key research bodies, and provides guidance and recommendations to senior management. In collaboration with other IT leaders, the Director of Information Security will ensure architecture and design of security in all IT supported systems and infrastructure and supports HR and Legal where required for investigations where IS support is required.

Essential Duties and Responsibilities:

• Develop and implement a comprehensive information security strategy aligned with organizational goals. Provide strategic guidance and direction for information security initiatives and programs. Ensure alignment of security strategies with business objectives and regulatory requirements.

• Develop, implement, and maintain comprehensive information security policies, procedures, and guidelines. Ensure compliance with relevant laws, regulations, and industry standards (e.g., GDPR, HIPAA/HITECH, PCI-DSS). Conduct, manage or support regular security audits (internal and external) and assessments to ensure adherence to policies and standards.

• Identify, assess, and manage information security risks. Conduct regular risk assessments and vulnerability analyses to identify potential security threats. Develop and implement risk mitigation strategies. Monitor and report on security risks and incidents to senior management. Clearly articulates the business value proposition for all IS enabled risk and compliance initiatives.

• Oversee the implementation and maintenance of security technologies and tools, including SIEM, firewalls, intrusion detection systems, intrusion prevention systems, and antivirus software. Coordinate security monitoring and incident response activities. Manage security audits and assessments. Ensure continuous monitoring of security systems and networks. Coordinate with IT and other departments to ensure the security of information assets.

• Develop and deliver security awareness training programs for employees. Promote a culture of security awareness across the organization.

• Oversee the development and execution of incident response plans. Lead incident response efforts in the event of a security breach or other security incident. Conduct post-incident analyses to identify root causes and prevent future occurrences.

• Work closely with IT, legal, and compliance teams to ensure a unified approach to information security. Communicate security risks and issues to senior management and other stakeholders. Collaborate with external partners, such as security vendors and consultants.

• Lead, mentor, and manage a team of information security professionals. Oversee recruitment, training, and development of security staff. Foster a culture of security awareness and continuous improvement within the team.

• Develop and manage the information security budget. Allocate resources effectively to support security initiatives and programs.

• Manage relationships with external security vendors and service providers. Collaborate with internal stakeholders, including IT, legal, and compliance teams, to ensure a unified approach to information security. Communicate security risks, strategies, and issues to executive management.

• Performs other duties as assigned/necessary

Minimum Requirements:

• Bachelor's degree in Computer Science, Information Technology, or a related field, or an equivalent combination of training and experience.

• A minimum of eight (8) years of experience in an information systems environment, with strong knowledge of risk and compliance management preferred.

• Professional certifications such as ISSAP (Information Systems Security Architecture Professional), CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CISA (Certified Information Systems Auditor) are highly desirable.

• Proven experience in an IT technology and/or security leadership role, with a track record of successfully implementing and managing IT technology and/or security programs. In-depth knowledge of IT security principles, best practices, and industry standards.

• Strong knowledge of relevant regulations and standards, such as PCI-DSS, GDPR, HIPAA/HITECH, ISO 27001, etc. Familiarity with regulatory requirements, policies, audit practices and industry standards related to IT security.

• Knowledge and Experience with risk management methodologies and frameworks such as the NIST CSF (National Institute of Standards and Technology Cybersecurity Framework). Proficiency in conducting risk assessments and vulnerability testing.

• Experience with security incident response and management. Familiarity with security tools, technologies and controls, such as firewalls, intrusion detection and prevention systems, encryption, antivirus software, etc.

• Familiarity with project management principles and practices, such as agile framework.

• Strong written and verbal communication skills and interpersonal skills, with the ability to effectively communicate complex security concepts to both technical and non-technical stakeholders.

• Strong attention to detail and the ability to prioritize and manage multiple tasks simultaneously.

• Strong leadership and management skills, with the ability to motivate and inspire a team.

• Excellent problem-solving and analytical skills, with the ability to identify and mitigate security risks.

• Understanding of cloud computing security principles and best practices. Knowledge of network and system administration.

• Excellent communication skills.

• Proficiency in the English language is required.

• Computer proficiency including Microsoft Office suite (Word, Excel, Teams, etc.)

  About Maxim Healthcare Services

Maxim Healthcare Services has been making a difference in the lives of our patients, caregivers, employees and communities for more than 30 years. We offer private duty nursing, skilled nursing, physical rehabilitation, companion care, respite care and behavioral care for individuals with chronic and acute illnesses and disabilities. Our commitment to quality customer service, compassionate patient care, and filling critical healthcare needs makes us a trusted partner wherever care is needed.

Maxim Healthcare Services is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law.