Director Information Security, Chief Information Security Of

at Martin's Point Health Care in Portland, Maine, United States

Job Description

Join Martin’s Point Health Care – an innovative, not-for-profit health care organization offering care and coverage to the people of Maine and beyond. As a joined force of “people caring for people,” Martin’s Point employees are on a mission to transform our health care system while creating a healthier community. Martin’s Point employees enjoy an organizational culture of trust and respect, where our values – taking care of ourselves and others, continuous learning, helping each other, and having fun – are brought to life every day. Join us and find out for yourself why Martin’s Point has been certified as a “Great Place to Work” since 2015.

Position Summary The Director of Information Security also serves as the organization’s Chief Information Security Officer(CISO) and is responsible for the development and delivery of a comprehensive information security and privacy program for MPHC. The scope of this program is corporate-wide, and includes information in electronic, print and other formats. The purpose of this program includes: to assure that information created, acquired or maintained by MPHC and its authorized users is used in accordance with its intended purpose; to protect MPHC information and its infrastructure from external or internal threats; drive the adoption of the MPHC BCM/DR program, and to assure that MPHC complies with statutory and regulatory requirements regarding information access, security and privacy. Job Description

Key Outcomes:

+ Coordinates the development of MPHC information security policies, standards and procedures.

+ Serves as the corporate compliance officer with respect to MPHC state and federal information security policies and regulations.

+ Works with key IT offices, data custodians and governance groups in the development of such policies. Ensures that corporate policies support compliance with external requirements.

+ Oversees the dissemination of policies, standards and procedures to the organization.

+ Coordinates the development and delivery of an education and training program on information security and privacy matters for employees, other authorized users, and student interns. Specific topic areas to include, but are not limited to: PCI, HIPAA Privacy & Security, DoD regulations, and other CMS regulations and guidelines as they are updated by the Federal Government.

+ Develops and implements Incident Reporting and Response Systems to address MPHC security incidents and/or breaches, respond to alleged policy violations, or complaints from external parties.

+ Collaborates with MPHC Compliance senior leadership and staff to develop, train, and provide oversight for all information security polices and guidelines is a key requirement of the position.

+ Ensures the security department has the correct technical skill set currently and in the future.

+ Initiates and supports LEAN process improvements initiatives.

+ Participates in the leadership of the Information Technology team.

+ Keeps abreast of latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining to the MPHC and its mission.

+ Responsible for MPHC BCM/DR strategy development and recovery planning with guidance from the Chief Information Officer (CIO) and the IT Management Team.

+ Leads and directs the daily work of the security department.

+ Manages vendors, consultants and outside contacts associated with Security.

+ Builds and develops Information Security Program for all lines of business.

+ Provides mentoring/coaching to members of security staff in security disciplines.

+ Provides consultation to all levels of management relating to appropriate use of security at MPHC.

+ Provides leadership to continuous process improvement efforts within the team.

+ Manage vendors, consultants and outside contacts associated with Security.


+ Bachelor Degree in related field or combination of relevant education and experience. (Master’s Degree preferred.)

+ 10+ years of relevant and applicable IT security experience required.

+ 7+ years of applicable management and leadership experience in an information technology department.

+ Working knowledge of and experience in the policy and regulatory environment of information security, especially in healthcare, government or health insurance desirable.

+ Experience in developing and administering information security programs required.

Required License(s) and/or Certification(s):

+ Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) is highly desired

We are an equal opportunity/affirmative action employer.

Do you have a question about careers at Martin’s Point Health Care? Contact us at: Martin’s Point Health Care is a progressive, not-for-profit organization providing care and coverage to the people of Maine and beyond. The organization operates six primary care health care centers in Maine and New Hampshire, accepting most major insurance plans. Martin’s Point also administers two health plans: Generations Advantage (Medicare Advantage plans available throughout Maine and New Hampshire), and the US Family Health Plan (TRICARE Prime® plan for active-duty and retired military families in northern New England, upstate New York, and western Pennsylvania). For more information, visit .
Copy Link

Job Posting: JC251520991

Posted On: Nov 22, 2023

Updated On: Dec 03, 2023

Please Wait ...