Director IT Cybersecurity Digital Protection and Engineering
Primary City/State:Arizona, ArizonaDepartment Name:IT Info Tech Admin-CorpWork Shift:DayJob Category:Information TechnologyPrimary Location Salary Range:$75.22 - $125.36 / hour, based on education & experienceIn accordance with State Pay Transparency Rules.Innovation and highly trained staff. The Information Technology professionals at Banner Health are utilizing cutting-edge technology to change health care for the better. If you’re ready to change lives, we want to hear from you.Banner Health is looking for a Director, Digital Protection and Engineering to lead the Digital Protection team. This leader role will be responsible for three main teams: data protection engineering, network security engineering, and detection engineering. Focus areas include, but are not limited to, cloud security posture management, CNAPP, data loss prevention, endpoint protection, email security, web application firewalls, API security, CASB, proxy management, all detection logic for central logging tools, SOAR, and more. In this dynamic role, you would lead a team of approximately 30 full time personnel to accomplish and sustain our initiatives. At Banner, and we are looking for a strong, confident, highly motivated leader and team player that will take charge, initiating and tracking strategies, metrics, being innovative, collaborative, drive technology and initiatives, be a thought leader, and a professional at all times.This is a salaried position and the typical schedule is a 40+ work week. This is not typical, but there may be times where your presence and leadership is necessary to support the team after hours. The primary location for this role will be fully remote. Opportunities to be in the office will be made available at the Banner Corporate Center (Phoenix Plaza - off Thomas and Central). An ideal candidate would possess a Bachelor’s Degree in Computer Science, Information Systems, Engineering, Business Administration or a related field with 10+ years of related experience, including 6 years of leadership experience. A certification such as a Certified Information Systems Security Professional (CISSP), Systems Security Certified Practitioner (SSCP), Certified Information Security Manager (CISM), HealthCare Information Security & Privacy Practitioner (HCISSP), CompTIA Security+ or other relevant certifications pertaining to data and cloud security.This can be a remote position if you live in the following states only: AK AR GA FL ID IN IA KS KY LA MI MN MS MO NM NY NC ND OH OK OR PA SC TN TX UT VA WA WI AZ CA CO NE NV WYYour pay and benefits are important components of your journey at Banner Health. This opportunity includes the option to participate in a variety of health, financial, and security benefits. In addition, this position may be eligible for our Management Incentive Program as part of your Total Rewards package.Within Banner Health Corporate, you will have the opportunity to apply your unique experience and expertise in support of a nationally-recognized healthcare leader. We offer stimulating and rewarding careers in a wide array of disciplines. Whether your background is in Human Resources, Finance, Information Technology, Legal, Managed Care Programs or Public Relations, you'll find many options for contributing to our award-winning patient care.POSITION SUMMARYThis position is the managerial professional who leads a team in the development of the direction and objectives for the Cybersecurity digital protection, engineering, and organizations strategic and operational delivery functions. This position will be responsible for the overall planning, organization and execution of processes and technology to manage data security across the enterprise. This position will also be responsible for participating in risk assessment activities across the enterprise to determine criticality of new and legacy systems, and determine level of controls necessary to protect data stored, processed, or transmitted by the same.CORE FUNCTIONS
Collaborates with business owners and organizational stakeholders to define, implement and maintain enterprise-wide data protection tools and strategy.
Oversees the operation of a DLP solution in accordance with enterprise data security and classification standards. Work swith vendors and third-party contractors to implement integrated DLP software solutions.
Collaborates with the IT Infrastructure team to implement technical mechanisms to encrypt sensitive and business critical data while in transit or at rest in accordance with regulatory, contractual, and business requirements. Ensures all data transmissions between applications and devices are encrypted.
Develops policies, procedures and controls designed to protect sensitive data. Develop and document processes to mask sensitive data in accordance with compliance requirements. Develops and documents processes for the recovery of data in the event of an adverse event or loss of data.
Inventories systems, applications, and databases, and determine criticality based on types of data stored, processed, or transmitted by the same.
Collaborates with the risk teams team to develop and maintains control profiles for various systems, applications, and databases based on criticality and sensitivity of data stored, processed, or transmitted by the same.
Identifies and implements data channel security technologies to monitor and prevent unauthorized activity.
Develops and oversees the department budget in conjunction with corporate goals and objectives. This position is accountable for meeting annual budgetary goals. Identifies and prioritizes security program expenditures in coordination with I/T, Audit, Compliance, Privacy and Legal.
This position reports to the Senior Leadership and will interface with and support staff at all levels and in all areas throughout the enterprise. This person will also work frequently with external customers, vendors, and business partners on projects and various assignments.
MINIMUM QUALIFICATIONSRequires a Bachelor’s degree in Computer Science, Information Systems, Engineering, Business Administration or a related field.Requires proficiency level typically attained with ten or more years experience in information security experience in positions of increasing responsibility including seven or more years of data protection and five years of leadership experience.Extensive knowledge of data protection controls. Strong understanding of data classification tiers (e.g., Critical, Classified, Internal Use Only, Public, etc.) and the applicability of control profiles based on the selected classification.Extensive experience designing, implementing and managing technical solutions for data security, including DLP, Digital Rights Management, eDiscovery and encryption.Demonstrated experience with developing strategies for the proper operation and management of DLP monitoring capabilities.Experience with the design and implementation of data encryption capabilities for workstations, laptops, and servers. Strong understanding of information security threats affecting the healthcare industry.Experience strategizing with cross-functional business partners on information security solutions. Strong understanding of risk-based decision-making (i.e. risk analysis, mitigation, resolution, acceptance, etc.).Demonstrated organizational and leadership skills with the ability to lead, build, and develop a team of senior IT professionals through formal and informal reporting relationships. Demonstrated communication skills with the ability to build relationships and influence others to get results.Extensive knowledge in governance frameworks including: ISO 27001, NIST, COBIT, ITIL.Extensive knowledge in regulations and/or contractual obligations including: HIPAA, PCI, Sarbanes Oxley, GLBA, SOC /SSAE16.PREFERRED QUALIFICATIONSAdvanced Degree in Computer Science, Information Systems, Engineering, Business Administration, or a related field. Industry certifications: CISSP, CISA, CISM, CRISC, EAP, etc.Additional related education and/or experience preferred.Anticipated Closing Window (actual close date may be sooner):2025-04-12EEO Statement:EEO/Female/Minority/Disability/Veterans (https://www.bannerhealth.com/careers/eeo)Our organization supports a drug-free work environment.Privacy Policy:Privacy Policy (https://www.bannerhealth.com/about/legal-notices/privacy)EOE/Female/Minority/Disability/VeteransBanner Health supports a drug-free work environment.Banner Health complies with applicable federal and state laws and does not discriminate based on race, color, national origin, religion, sex, sexual orientation, gender identity or expression, age, or disability