Develops, implements, and oversees the organization’s information security program to protect patient data, electronic medical records (EMRs), and other sensitive information. Ensures compliance with healthcare industry regulations, including HIPAA, and other applicable security frameworks. Collaborates with IT teams, compliance officers, and senior management to assess risks, respond to security incidents, and develop strategies to safeguard digital assets.

Leadership & Collaboration
Leads a team of security professionals, providing guidance and professional development.

Works with clinical and administrative staff to ensure security policies align with operational needs.

Supports the Director as a key point of contact for cybersecurity incidents and security-related inquiries from executive leadership.

Collaborates with external cybersecurity experts, law enforcement, and industry groups to stay informed about evolving threats.

Cybersecurity Operations & Incident Response
Oversees daily security operations, including monitoring, detection, and response to cyber threats.

Ensures the management of security tools such as firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, and SIEM solutions.

Develops and maintains an incident response plan, coordinating investigations and remediation efforts in the event of security breaches.

Collaborates with IT teams to ensure secure system configurations, patch management, and threat intelligence sharing.

Ensures the conduction of forensic analysis and root cause analysis following security incidents to strengthen defenses.

Performs security incidents, system upgrades, or audits as needed.

Information Security Strategy & Governance
Develops and implements the healthcare facility’s information security policies, standards, and procedures in alignment with regulatory requirements.

Ensures compliance with HIPAA, NIST, and other applicable security frameworks.

Ensures the conduction of risk assessments, vulnerability management, and audits to identify and mitigate security threats.

Ensures the provision of security awareness training programs for employees to reinforce best practices in handling sensitive data.

Monitors and enforces access controls, identity management, and user authentication mechanisms.

Travels for conferences, training, or vendor meetings as needed.

Regulatory Compliance & Risk Management
Ensures compliance with federal and state regulations regarding data privacy, electronic health records (EHRs), and protected health information (PHI).

Leads third-party risk assessments for vendors and business associates handling sensitive healthcare data.

Works with legal, compliance, and IT teams to respond to data privacy requests and breach notifications.

Compliance/Safety
Reports any safety-related incident in a timely fashion through the Midas/RDE tool; attends all safety-related training programs; performs work in a safe manner; monitors work environment for possible safety issues and ensures others are also performing work in a safe manner.

Stays current and complies with state and federal regulations/statutes and company policies that impact the employee's area of responsibility.

Ensures all certifications and/or licenses are up-to-date and valid prior to expiration dates.

Completes all company mandatory modules and required job-specific training in the specified time frame.

Developing a Positive Culture
Actively engages in creating and sustaining an NAH environment that is rooted in our Mission, Vision and Values, where colleagues love their work and are proud to work for Northern Arizona Healthcare.

* Demonstrates a sincere care for those on the team.

* Models NAH Values in making decisions and communicating them>

* Recognizes and rewards colleague behavior.

* Relentless focus on colleague and patient safety.

* Committed to continuous learning.

Establishing Collaborative Partnerships
Proactively establish internal collaborative relationships where silos are eliminated and partnerships and processes facilitate efficient and productive work.

* Proactively builds coalitions that removes barriers to solving problems, facilitates efficient and productive work, coordinates care to create an amazing experience for staff and patients, and achieves the strategic plan.

* Pursues innovation while accepting well designed failure.

* Embraces a system perspective.

200% Collective Accountability for Achieving Results
Leaders hold themselves and their colleagues accountable to achieve every target/result. They are committed to the leadership team and "own" every decision, and every result.

* Holds self and colleagues accountable to achieve every target/result.

* Commits to the NAH leadership team and have each other's back.

* Make no excuses; eliminate blame.

* Manage up and down.

Communication and Deployment
Ensures key information is communicated and understood by all colleagues on a timely basis, that colleague feedback is incorporated into decisions and standardized, repeatable processes are implemented "every, every, every" with intended results achieved.

* Ensures organizational knowledge and information is communicated effectively and on a timely basis.

* Commits to continuous improvement through consistent/continuous utilization of DMAIC and ADLI.

* Manages by fact.

* Commits to fully deploy standardized leadership practices and key initiatives, including huddle boards, shared governance, standard work for all positions, quarterly one-on-one meetings and DMAIC & ADLI thinking.

Education:

Bachelor’s degree in Information Security, Computer Science, Cybersecurity, or a related field – Required

Equivalent combination of degree and years of experience will be considered.

Certification and Licensure:

* Minimum of 3+ years of experience in information security, with demonstrated progressive responsibilities- Required

* Knowledge of security technologies, including firewalls, IDS/IPS, SIEM, antivirus, and endpoint security solutions.

• Experience with cloud security (AWS, Azure, Google Cloud) and electronic health record (EHR) security.

• Familiarity with encryption methods, access control models, and secure coding practices.

• Strong understanding of network security, application security, and data protection strategies. 

• Detail-oriented and proactive in identifying security risks and implementing solutions.

Experience in a healthcare setting with knowledge of HIPAA compliance and medical IT systems - highly preferred