Assistant Vice President Information Security

Shift: Day
Schedule: Full - Time Regular

Ardent Health Services invests in people, technology, facilities and communities, producing high-quality care and extraordinary results. Based in Nashville, Tennessee, Ardent’s subsidiaries own and operate 31 hospitals in seven states with more than 25,000 employees including 1,150 employed providers. Ardent facilities exceed national averages in Overall Hospital Quality Star Rating as ranked by the Centers for Medicare & Medicaid Services; 89 percent of its hospitals received a three-star rating or above in comparison with 73 percent of all hospitals ranked. Seven of the company's hospitals were recognized by Modern Healthcare as "Best Places to Work" in 2017 – more than any other system in the country. Ardent's corporate office was named "Top Work Places" for Nashville based companies in 2017 & 2018.

  • 31 hospitals
  • 4,840 licensed beds
  • 25,000 employees
  • 1,150 employed providers
  • $4.6 billion in revenues

Ardent Health Services invests in quality healthcare.  AHS makes considerable investments in people, technology, facilities, and communities, producing high quality care and extraordinary results. Since 2001, those investments total more than $835 million. From newly constructed facilities and expanded services, to lifesaving technology and outstanding opportunities for employees, AHS is committed to providing its hospitals and clinics the tools needed to succeed. 

Ardent’s work environment is built upon Behavior Standards, which include five key pillars: Service, Quality, People, Financial and Growth. These pillars represent who we are, what we do and how we operate. Our corporate office in Nashville, TN was recently named Best Places to Work by The Tennessean and seven of our hospitals were also named Best Places to Work by Modern Healthcare.

OUR MISSION: Ardent Health Services is a premier provider of health care services, delivered with compassion for patients and their families, with respect for employees, physicians, and other health professionals, with accountability for our fiscal and ethical performance, and with responsibility to the communities we serve.

OUR PHILOSOPHY: Every action we take at AHS is built on three key tenets:

  • Ardent recognizes that each hospital is as unique as the community it serves.
  • We believe in working with employees and physicians to improve the quality of care, patient safety and customer service and we measure all three continuously.
  • We reinvest in our facilities – helping our hospitals expand services, enhance technology and add new programs that fulfill their missions.

We believe it is this mix of corporate support and local autonomy that equips our facilities for success.

OUR POSITION: We have an exciting opportunity to join our team as an Assistant Vice President, Information Security.

The key responsibilities for the AVP, Information Security include assessment of information security exposures, installation and management of an enterprise information security programs, the completion of compliance reviews, and lead investigations and audits of security breaches in conjunction with the CISO and CCO. Takes direction from CTO/CISO.  The AVP, Information Security is responsible for determining appropriate security measures, creating policies and procedures that support strategic, tactical and operational objectives on a cost-effective basis.  Investigates and recommends secure solutions that implement information security policy and standards. Coordinates Office of Information Security activities and manages staff. 

Primary Responsibilities

  • Validate and updated (as required) previous risk assessments, perform risk assessment and mitigation planning for new systems, facilities, vendors, etc. when they are added or proposed
  • Set annual goals for HIPAA and HITRUST certifications and manage staff and vendors to the annual standards
  • Work with executive management, business owners, and resource owners to determine appropriate security policies, processes and procedures for securable resources, coordinating these activities with the CISO and CCO
  • Consult with technical staff to evaluate, select, install, and configure budgeted hardware and software systems that provide appropriate security functions
  • Direct InfoSec team members to work with resource owners and staff in understanding and responding to security audit failures reported by internal and external auditing departments
  • Direct work by InfoSec team members with system administration staff to review operation logs and event console activity to determine causes of security-related events or to identify potential security-related events
  • Manage and direct the execution of physical security programs and tools as assigned
  • Manage security project implementations and provide security expertise to non-security end users
  • Present information on security status, project status, and security training to audiences from top executive level to field staff as appropriate
  • Consult with management to ensure selection and use of realistic enforcement mechanisms
  • Research, evaluate, design, test, recommend, and plan implementation of new or improved information security software or devices
  • Analyze new or enhanced software application or tool implementation for implications to existing security software and devices
  • Maintain technical reference library; develop technical information materials and workshops on these new areas as appropriate
  • Develop and implement information security educational programs, conducting awareness seminars and workshops as needed to deploy the Information Security program
  • Approve changes to Information Security assignments including application access approvers
  • Manage and optimize access control analyst and staff to meet the businesses service levels for new or modified access request
  • Maintain security portion Intranet site/pages with all public Information Security documentation (e.g. policies, procedures, training material, etc.)
  • Maintain and execute and Information Security measurement program (Key Performance Indicators) including adjustments to the KPI’s as needed, supervision and approval of the collection, and reporting to the Security Committee
  • Manages the Information Security Agreement signature program for all computer users
  • Oversees the investigation of security breaches
  • Monitor changes in the threat environment and technological advances, and recommend security program adjustments as needed
  • Monitor changes in legislative and accreditation standards that impact information security programs
  • Ensure organizational compliance with key government regulations including HIPAA and Sarbanes Oxley
  • Manage the budget and schedules for Ardent’s information security program

Education/Experience

  • BS in computer or network concentration and an Masters in Business or Technology (or 8+ years management experience) required
  • 5+ years of managing a team of 20 or more security analysts with a focus on cyber security and role based user profiles
  • In addition to the 5+ years of management experience, an additional 8+ years of experience in technical and lead roles focused on core technical competencies in systems engineering, network management and security, data center management or coordination, hands on budget preparation for management, executive level presentations at the CEO level as well as contract negotiations and contract management experience
  • Security certifications (i.e. CISM, CISSP, etc.) are required

Additional Requirements

  • Demonstrated information security program/personnel management skills
  • A working knowledge of all aspects of information security (including HIPAA and Sarbanes-Oxley requirements)Knowledge of systems software, operations, capacity management, large and mid-range computers, PC’s and client-server computing in a networked environmentDemonstrated competency in strategic thinking with strong abilities in relationship managementSuccessfully developed and implemented new technology
    • Ability to apply this knowledge in a healthcare environment
  • Demonstrated competency in project management in a cross-functional environment and experience in managing resources to meet goals on multiple projects
  • Demonstrated competency in developing effective solutions to diverse and complex business problems
  • Must be willing to travel up to 30%
  • Must be willing to respond to security issues 24/7/365

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.