Information Security Director jobs in Michigan

Company Overview:

SpendMend is the leading provider of tech-enabled solutions to optimize the cost cycle for the healthcare industry. The Company serves more than a third of the top 100 health systems in the US and is a market leader in profit recovery services utilizing its tech-enabled platform to generate cost savings for hospitals by identifying instances of payment errors and contract non-compliance within hospitals’ operating expenses.

We are looking for a highly skilled and experienced Director of Information Security to lead our information security initiatives. The successful candidate will play a crucial role in safeguarding our organization’s sensitive information, data, and systems from potential threats and vulnerabilities. As the Director of Information Security, together with IT and Corporate leadership, you will be responsible for developing and implementing comprehensive policies and procedures, ensuring compliance with relevant regulations, responding to security incidents, and fostering a culture of security awareness across the organization.

Job Summary

The Director of Information Security is responsible for leading and managing all aspects of the organization’s information security program. This role entails developing, implementing, and overseeing security strategies, polices, and procedures to protect the organization’s information assets. The Director of Information Security collaborates closely with executive leadership, IT teams, and other stakeholders to ensure that security measures align with business objectives and regulatory requirements.

Key Responsibilities:

• Strategic Leadership: Develop and communicate the organization's information security vision, strategy, and roadmap. Provide strategic direction and guidance to align security initiatives with business goals.
• Policy and Procedure Development: Develop, implement, and maintain information security policies, standards, and procedures. Ensure compliance with relevant regulations and industry standards.
• Risk Management: Conduct risk assessments and develop risk mitigation strategies to protect the organization's information assets. Identify, prioritize, and address security risks effectively.
• Security Operations: Oversee the day-to-day operation of the organization's security infrastructure, including security systems, tools, and technologies. Monitor security events, investigate incidents, and implement incident response procedures as needed.
• Security Awareness and Training: Develop and deliver security awareness and training programs to educate employees about security best practices and promote a culture of security awareness throughout the organization.
• Vendor Management: Manage relationships with security vendors and service providers. Evaluate and select security solutions that meet the organization's needs and budgetary constraints.
• Compliance and Audit: Ensure compliance with applicable laws, regulations, and industry standards related to information security, such as NIST, HITRUST, HIPAA, etc. Coordinate and support internal and external audits as needed.
• Security Governance: Establish and chair a security governance committee to provide oversight and governance of the information security program. Report regularly to executive leadership and the board of directors on the status of security initiatives and key metrics.

Desired Qualifications:

• 5 years in an Information Security role.
• Experience with business continuity and IT disaster recovery planning/testing.
• Experience with audit compliance, risk analysis, and risk management related to information security.
• Experience addressing information security issues involving identity and access management, intrusion detection, forensics, incident management, risk management, and/or auditing.
• Bachelor’s degree in Information Technology, Information Security, Business or related field or equivalent experience in lieu of education.
• Previous experience with HITRUST CSF Framework and HIPAA Security Rule.
• Security certifications (CISSP, CISA, CCSFP, CHQP, etc.).

Personal Attributes:

• High level of attention to detail and sense of urgency to resolve issues.
• Intrinsically motivated and able to multitask and prioritize.
• Capable of working autonomously with minimal supervision.
• Critical thinking and problem-solving ability.
• Understanding of the healthcare industry.

      Note: Will accept any suitable combination of education, training, and/or experience.