Director Information Security

Cottage Health
200000CZ Requisition #

The Director of Information Security for Cottage is responsible for the strategy, deployment and management of infrastructure, network and application security programs for the IT Security Team. The position provides technical expertise to establish and implement security related standards, procedures, and guidelines appropriate to securing the existing environment in partnership with various properties, corporate departments, and Information Technology. Furthermore, this position also supports the IT Security Team in doing security research and development, product evaluations, consulting, project support, and any other operational tasks needed to support the overall requirements of the program and strategy.


1. Strategic Planning & Management: Manage and oversee the IT Security Incident Response Team, Security Information & Event Management (SIEM), and Application Security (AppSec) Management. Manage the activities of the IT Security Team working directly with the IT Department, Hospital/Clinic departments, and project teams. Oversee all processes and projects managed by the IT Security Team for all project work completed by the team members. Develop annual project/initiatives for the IT Security organization to align with overall IT and business objectives. Review all recommendations on possible improvements resulting from the work performed as part of projects. Sign-off on all projects after reviewing all security deliverables prepared by the IT Security Team.

2. Operational Planning & Management: Support all activities performed by the IT Security Team associated with the deployment and maintenance of all IT Security NIS (Network & Infrastructure Security) Protection Systems once they are in place (including various infrastructure and network security tools such as firewalls, IPS, anti-malware tools, etc.). Provide strategic and tactical direction as to the overall security architecture of Cottage Health including network, infrastructure, application, and data, making sure to involve the IT Department and hospital/clinic departments as needed.

3. Security Risk Management: Manage the IT Security aspect of various audits, PCI, assessments, etc. to ensure that all outstanding findings and gaps are resolved by the various hospital/clinics and IT. Partner with IT to build an integrated end-to-end security risk and compliance framework to protect Cottage Health's information assets and supporting resources. Act as the main point of contact for the design and deployment of Cottage Health's security risk management framework as it relates to IT Security. Develop, implement and manage IT Security policies, standards, procedures, and guidelines that will assist the network, infrastructure, and application teams in integrating security requirements in the network, applications, and operating systems. Be a influence in promoting the technical understanding of new and existing information security standards, solutions and tools with respect to networks and systems. Advocate and promote informational security awareness, education and training programs to promote the knowledge of information security issues throughout all areas of the organization. Using the IT Security risk management framework, ensure that all IT Security activities (e.g., penetration testing, vulnerability threat assessments, threat modeling, security reviews and assessments, code reviews) are completed timely and with the utmost quality. Monitor the effectiveness of corrective actions and recommending cost-effective preventive measures to preclude recurrences.

4. Documentation, Reporting & Analytics: Manage the design and implementation of an operational reporting framework that will provide regular metrics and statistics about our business and IT environment; analyze trends in security events, activities, etc. to better understand risks, insufficiencies in our solutions, staffing shortages, etc.; report security metrics and statistics. Document and follow-up on security exceptions relating to IT and property activities that could negatively impact security risks and/or not adhere to established policies, standards, or procedures. Manage all IT Security requirements with regards to metrics and ensure that metrics are gathered on a daily basis.

 5. Performance and Training Management: Mentor IT Security staff on fundamentals of security threats, vulnerabilities, and testing methodologies. Provide training and advice to less experience IT Security staff and/or other non-security professionals (IT, properties, e.g.). Manage and coach current direct reports to ensure they perform at the highest level of quality and are able to achieve current goals.

6. Organizational Planning and Management: Implement the organizational structure and staff the organization to support IT Security's goals and objectives. Manage projects with the IT and property teams and for projects internal to IT Security. Assist with general administrative activities in collaboration with all team members. Manage vendors' activities and relationships as needed including SOWs, maintenance renewals, licensing updates, etc. Prepare project plans and associated documentation, Prepare status reports and other management metrics, as needed.



Minimum: Bachelor's degree or equivalent business experience in Computer Science, Business Management, or MIS (8 years of experience is considered equivalent to a Bachelor's degree)

Preferred: Master’s degree


Minimum: Certified training in security management, risk and compliance solutions and practices, leading to one or more of the following certifications: CISSP, CISA, CISM, GSEC, CRISC, or related certification(s)


Minimum: Working knowledge of process engineering and technical requirements generation in the user environment. Experience with current concepts in project risk assessment, metrics generation and analysis and risk management. Requires knowledge of underlying platform(s); prior experience working with interdependent platforms; working knowledge of standards and impact of non-standard approaches. Technical knowledge of business processes and procedures and underlying technical workings of system to support it. Ability to maximize system to support business processes, recommend and influence business process change to maximize use of system.


Minimum: 5 years of experience working in IT security and managing multi-faceted IT integration projects. 3 years of experience in an information security leadership role.

Previous Job Searches

My Profile

Create and manage profiles for future opportunities.

Go to Profile

My Submissions

Track your opportunities.

My Submissions

Similar Listings

Cottage Health

Santa Barbara, California, United States

📁 IT

Requisition #: 190001TR

Cottage Health

Santa Barbara, California, United States

📁 IT

Requisition #: 190000DW

Cottage Health

Santa Barbara, California, United States

📁 IT

Requisition #: 200000DU