Director Cybersecurity, Identity and Access Management

Location

Beachwood, OH | United States

Job description

req#: 239794

Location: Beachwood, OH

Facilities: CC Administrative Campus ,

Professional Area: Administrative and Business Professionals

Department: 4876 Cybersecurity Administration-Information Tech Div

Job Code: T98473

Schedule: Full Time

Shift: Days

Join the Cleveland Clinic team, where you will work alongside passionate caregivers and provide patient-first healthcare. Cleveland Clinic is recognized as one of the top hospitals in the nation. At Cleveland Clinic, you will work alongside passionate and dedicated caregivers, receive endless support and appreciation, and build a rewarding career with one of the most respected healthcare organizations in the world.    

The Director of Cybersecurity leads all design, development, engineering, deployment, and operational components of the Cleveland Clinic. This position is responsible for developing and implementing enterprise information security solutions to address the current and emerging security and compliance needs of the business.

The ideal caregiver is someone who: 

• Has Cybersecurity leadership experience and has overseen maturity increase and managed budget. 

• Can schedule and manage tasks effectively. 

• Is experience with conflict resolution and problem-solving. 

• Has written and verbal communication skills. 

• Has teamwork and motivational skills. 

This is a rewarding opportunity that offers growth-oriented projects, mentorship, support, and resources. You will experience great exposure to both the institute and department leadership and have numerous opportunities for career growth. We offer leadership development and technical skillset development to attract and retain the best professionals. We offer an international platform that allows each caregiver to influence how Cyber is practiced while having the patient at the center of each decision. 

At Cleveland Clinic, we know what matters most. That's why we treat our caregivers as if they are our own family, and we are always creating ways to be there for you. Here, you'll find that we offer: resources to learn and grow, a fulfilling career for everyone, and comprehensive benefits that invest in your health, your physical and mental well-being and your future. When you join Cleveland Clinic, you'll be part of a supportive caregiver family that will be united in shared values and purpose to fulfill our promise of being the best place to receive care and the best place to work in healthcare. 

Job Responsibilities:

• Leads the development and implementation of enterprise infrastructure security protection solutions. (IDS, anti-malware, DLP, WAF, CASB, etc.)
• Act as the point person for the Technology Protection team, and provides leadership, management, and operational oversight
• Lead the definition of a tailored, differentiated set of Cybersecurity protection capabilities, a roadmap, and the development of underlying resources to enable them
• Create and implement necessary and repeatable processes to manage the lifecycle of the enterprise Cybersecurity protection capabilities.
• Partnering closely with the Procurement and Legal teams to actively manage the organization’s suppliers, service providers and business partners.
• Manage the organization’s operating and project budgets and ensure executive leadership’s support for appropriate funding levels.

• Manages team to ensure quality hiring, performance management, training and skill development, and employee engagement efforts
• Responsible to build operating and capital budgets, review finances on a monthly basis, disclose reasons for variances to leadership, drive efficiencies in the business, and achieve all financial goals.
• Other duties as assigned

Key Job Responsibilities:

• Strategic Planning: Developing and executing a strategic vision for the organization's IAM program. This involves aligning IAM initiatives with business goals and security requirements.
• Policy and Procedure Development: Creating and enforcing policies, processes, procedures, and standards related to identity and access management to ensure compliance with regulatory requirements and best practices.
• Technology Selection and Integration: Selecting, implementing, and maintaining IAM technologies, such as identity and access management systems, single sign-on solutions, and multi-factor authentication tools, and identity governance and administration (IGA) systems.
• Access Control: Overseeing the design and management of access control mechanisms, including user provisioning, deprovisioning, and access review processes. Implementing and managing access control mechanisms, such as role-based access control (RBAC), attribute-based access control (ABAC), and managing permissions.
• Identity Lifecycle Management: Managing the entire identity lifecycle, from onboarding and provisioning to role changes and offboarding.
• Security and Risk Management: Assessing and mitigating security risks related to identity and access management, including the identification and resolution of vulnerabilities.
• Compliance and Auditing: Ensuring compliance with industry regulations and standards, as well as conducting regular audits to verify adherence to security policies and procedures.
• Incident Response: Developing and implementing an incident response plan for IAM-related security incidents and breaches.
• Vendor and Team Management: Managing the IAM team and coordinating with vendors and third-party service providers for IAM-related solutions.
• User Education and Awareness: Promoting security awareness among users and providing training on best practices for securing their accounts and credentials.
• Collaboration: Collaborating with other IT and security teams to ensure a cohesive approach to security and access management.
• Team Leadership: Overseeing and managing a team of IAM professionals, including IAM administrators, security analysts, and other specialists.

Education:

• Bachelor's Degree required.
• Master's Degree preferred.

Certifications:

• ITIL Foundations certification is required within 6 months of position start date
• Certified Information Systems Security Professional (CISSP) certification preferred.

Competencies (Complexity of Work):

• Demonstrated ability in established functional teams and marshalling requisite resources to achieve defined goals
• Tested business acumen and sound judgment in stressful and critical situations
• Clarity in communication with an effective style and proven ability to maintain composure in stressful situations
• Prior experience in a leading role in at least one of the two functional areas
• Proven leadership and managerial skills in attracting, recruiting, and developing teams
• Complete understanding of major cybersecurity technology solutions including advanced malware detection/prevention, mobile device virtualization/MDM, data protection for the Cloud, NAC, next generation Firewalls, database encryption, mobile application security, and others.
• Proven skills in managing all aspects (scope, budget, schedule, & quality) of IT service delivery engagements in Fortune 100 scale environments.
• Extensive experience in successfully operating and maintaining large scale, complex, mission-critical IT solutions.
• Excellent process management and continuous improvement skills applied in the context of formal process frameworks.
• Demonstrated ability to establish and maintain strong working relationships with internal/external customers, stakeholders, suppliers, business partners, industry peers.

Work Experience:

• A minimum of 15 years of total related experience that should include engineering of security protection tools and capabilities (IDS, DLP, WAF, and CASB) inclusive of a minimum 4 years of progressive management experience.
• Strong communication, leadership, team building and project management skills required.
• Experience in mature and regulated industries (e.g. financial services, healthcare) preferred.

Preferred Qualifications:

• Bachelor’s degree in Information Systems Security, engineering, or related field required.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or relevant security certification(s)
• Experience with enterprise identity and access management technologies (e.g., Ping, Azure SSO, Sailpoint, MyAccess, Passwordless, SailPoint, Thycotic-Delinea, AppViewX, etc.)
• 7+ years of experience in a similar role with a proven record of successful development and management of security risk management.
• Prior leadership experience is required.
• Ability to facilitate productive meetings and work successfully in a team-oriented and OKR-focused environment.

Physical Requirements:

• Requires the ability to sit and be stationary for prolonged periods of time, normal or corrected vision and manual dexterity sufficient to perform work on a personal computer.
• Requires the ability to walk to various locations throughout the organization and to function in a stressful environment.

Personal Protective Equipment:

• Follows standard precautions using personal protective equipment as required

Pay Range

Minimum hourly: $62.91

Maximum hourly: $100.67

The pay range displayed on this job posting reflects the anticipated range for new hires. While the pay range is displayed as an hourly rate, Cleveland Clinic recruiters will clarify whether the compensation is hourly or salary. A successful candidate’s actual compensation will be determined after taking factors into consideration such as the candidate’s work history, experience, skill set, and education. This is not inclusive of the value of Cleveland Clinic’s benefits package, which includes among other benefits, healthcare/dental/vision and retirement.

The policy of Cleveland Clinic Health System and its system hospitals (Cleveland Clinic Health System) is to provide equal opportunity to all of our caregivers and applicants for employment in our tobacco free and drug free environment. All offers of employment are followed by testing for controlled substance and nicotine. All new caregivers must clear a nicotine test within their 90-day new hire period. Candidates for employment who are impacted by Cleveland Clinic Health System’s Smoking Policy will be permitted to reapply for open positions after one year.
Cleveland Clinic Health System administers an influenza prevention program. You will be required to comply with this program, which will include obtaining an influenza vaccination on an annual basis or obtaining an approved exemption.

Decisions concerning employment, transfers and promotions are made upon the basis of the best qualified candidate without regard to color, race, religion, national origin, age, sex, sexual orientation, marital status, ancestry, status as a disabled or Vietnam era veteran or any other characteristic protected by law. Information provided on this application may be shared with any Cleveland Clinic Health System facility.

Please review the Equal Employment Opportunity poster

Cleveland Clinic Health System is pleased to be an equal employment employer: Women / Minorities / Veterans / Individuals with Disabilities

Job tags

Salary