Position Description s25
Total Page:16
File Type:pdf, Size:1020Kb
CONFIDENTIAL
Position Description
For the Position of Director Information Security Officer
University of Virginia Health System
August 2017
Much of this material contained herein is gained in confidence and as such should be regarded as confidential. Accordingly it is understood that dissemination of this material should be limited to those individuals in your organization who are directly connected with this specific search or whom a reasonable person would agree have a need to know.
1 Confidential Position Description
Title: Director Information Security Officer
Company: University of Virginia Health System
Reports to: Chief Technology & Health Information Officer
Location: Charlottesville, Virginia
Website: healthsystem.virginia.edu
COMPANY OVERVIEW
The UVA Health System embodies the leadership and inventiveness personified by its founder, Thomas Jefferson. In 1825, Jefferson established the nation’s 10 th medical school, which has since grown into a nationally renowned academic medical center. Over the years, the institution has grown and is now the nationally renowned UVA Health System, which includes a 612-bed hospital and level I trauma center, nationally recognized cancer and heart centers, Children’s Hospital, and primary and specialty clinics throughout Central Virginia.
The University of Virginia Health System conceptually integrates the UVA Medical Center, Novant Health UVA Health System, UVA Transitional Care Hospital (LTACH), UVA Physician’s Group, UVA School of Medicine, UVA School of Nursing, and the Claude Moore Health Sciences Library, and several other strategic partnerships and alliances. It is the combination of research, clinical care, and education that takes place through the efforts of its faculty, staff, students, and trainees at many different sites in the region.
As a world-class academic and health care system, the University of Virginia Health System has the following goals:
▶ To become the safest place to receive care ▶ To be the healthiest work environment ▶ To provide exceptional clinical care ▶ To generate biomedical discovery that betters the human condition ▶ To train health care providers of the future to work in multi-disciplinary teams ▶ To ensure value-driven and efficient stewardship of resources Patient care at UVA Health System is distinguished by a collaborative, patient-centered approach that combines the perspectives of numerous clinical experts, with hundreds of board- certified physicians, to provide expertise in every healthcare discipline.
VISION, CORE VALUES, GOALS AND LEADERSHIP PRINCIPLES
The UVA Health System Vision
UVA Health System, in all that it does, will work to benefit human health and improve quality of life. UVA Health System will be:
▶ Our local community’s provider of choice for its healthcare needs
▶ A national leader in quality, patient safety, service, and compassionate care
▶ The leading provider of technologically advanced, ground-breaking care throughout Virginia
▶ Recognized for translating research discoveries into improvements in clinical care and patient outcomes
▶ Fostering innovative care delivery and teaching/training models that respond to the evolving health environment
▶ A leader in training students and faculty in providing healthcare free of disparity
System-Wide Values
The University of Virginia Health System exists to serve others and does so through the expression of our core values:
▶ Accountability: To accept responsibility for the outcomes resulting from one’s own choices, behaviors or actions
▶ Stewardship: To manage resources responsibly
▶ Professionalism: To act in a courteous, conscientious, business-like manner that supports the standards of the UVA Health System
▶ Integrity: To be honest, fair and trustworthy
▶ Respect: To recognize the dignity of every person
▶ Excellence: To work at the highest level of performance, with a commitment to continuous improvement Leadership Guiding Principles
▶ Recognize that greatness and discovery emerge from fearless thinking and informed risk-taking ▶ Aim high, openly acknowledge when something did not work; continue to dream big ▶ Remove barriers to excellence, identify solutions, and make timely and resolute decisions ▶ Empower others to make decisions and act ▶ Look for opportunities to demonstrate what “I” can do to make “us” stand out as one of the best ▶ Model the qualities of a successful leader in supporting the institution, encouraging mutual support and engagement among employees, and actively fostering the development of others
BE SAFE INITIATIVE
UVA’s Executive Vice President for Health Affairs, Richard P. Shannon, MD, introduced “Be Safe,” a shared methodology focused on creating an environment of unmatched patient and team member safety as well as overall performance improvement. Be Safe trains and empowers all front-line staff to call out issues that impact safety, workflow, and outcomes. This triggers a systematic, root-cause, real-time problem solving process that quickly involves leadership support and other organizational resources, as needed, to effect changes.
The University of Virginia Health System is committed to becoming the safest place to work and receive care. Adoption of Be Safe with active involvement of expert caregivers has yielded tremendous results.
Through Be Safe, UVA Health System has transformed process improvement by:
Preventing problems in our environment through observation and standardization of work processes Addressing problems in real-time using help chains and the A3 scientific method problem solving tool
Be Safe has been and will continue to be transformative at UVA Health System, and the organization hopes to transform the national health care system as well.
The Medical Center prioritizes and monitors its performance using a balanced scorecard:
▶ HEALING: Clinical Quality & Safety – to continue to deploy the Be Safe Initiative and optimize patient transitions through care model(s) redesign by testing strategies to standardize care/communication and increase efficiency. ▶ SERVING: Patient Experience – to provide the highest level of care, use the voice of the patient to better understand patient needs, and develop service improvement goals. ▶ ENGAGING: Team Member Engagement – to develop and implement strategies to reduce staffing vacancies, especially in critical positions and departments, and develop and implement strategies to achieve engagement goals, including staff retention. ▶ BUILDING: Growth & Stewardship – to ensure value-driven and efficient stewardship of resources and identify and enhance opportunities for revenue growth.
SYSTEM ENTITIES
UVA Medical Center is consistently ranked among the nation’s best hospitals by the U.S. News & World Report and has been named among the top 25 percent in seven specialties: Cancer, Diabetes & Endocrinology, Gynecology, Nephrology, Neurology & Neurosurgery, Orthopedics, and Urology. The UVA Medical Center includes the 612-bed hospital, including the UVA Children’s Hospital, trauma center and multiple primary/specialty care locations throughout Virginia.
Novant Health UVA Health System is a joint venture formed in January 2016 when Novant Health’s Virginia operations joined UVA Culpeper Hospital to form this regional health system. Each hospital in this regional health system continues to directly employ all existing staff. Novant Health has 60 percent ownership and UVA Health System has 40 percent ownership of the joint operating company that oversees the regional health system.
UVA Transitional Care Hospital (TCH) is the first long-term acute care hospital (LTACH) in the Charlottesville area specializing in treating individuals with serious medical conditions that require a longer length of stay (25-28 days on average) than is standard at a typical acute care hospital. In partnership with Hospice of the Piedmont, a 10-bed hospice unit was recently added to the 3rd floor of the TCH building.
UVA Physicians Group (UPG) is the physician group practice of the University of Virginia, representing primary and specialty care doctors and other allied health professionals who provide care within the UVA Health System. UPG is a distinct organization from the School of Medicine, the School of Nursing, and the UVA Medical Center, but works collaboratively with these partners that make up the UVA Health System to provide high-quality patient care. UPG physicians serve patients at the main UVA Medical Center in Charlottesville and throughout Central Virginia, including regional primary care practices.
Founded in 1979 as a nonprofit supporting organization of UVA, UPG performs billing and collections functions for physician professional services; manages selected primary care practices; oversees physician payroll and benefits, including its pension plan; negotiates professional commercial payer contracts; participates in clinical outreach business development; and offers legal and financial services.
Today, UPG includes more than 1,200 physicians, nurse practitioners, and other allied health professionals, with 67 provider-based locations. Clinical staff holds joint employment with the School of Medicine and UPG. This dual employment helps to coordinate the teaching, research, and direct patient-care responsibilities of the clinical staff. Through this partnership with the School of Medicine, UPG supplies the financial and administrative support that allows the clinical staff to focus on delivering world-class patient care.
UVA School of Medicine was established by Thomas Jefferson in 1825 as the nation’s 10th medical school and has grown to become a renowned academic health system. The School of Medicine is responsible for the education of over 620 medical students, 540 residents, and 150 fellows annually and employs over 1,050 clinical and research faculty. The school houses 21 clinical departments, seven research departments, and six research centers.
UVA School of Nursing, founded in 1901, has earned a national reputation for excellence in education, research, and practice. The School is comprised of 414 undergraduates, 379 graduate students, 133 faculty members (53 full-time and 80 part-time), four research centers, and 18 programs of study. Ranked among the nation's top 25 public nursing schools, UVA offers undergraduate, master’s, and doctoral level nursing programs. UVA's graduate programs include a #2 ranked Clinical Nurse Leader program, a #8 ranked Psych Mental Health Nurse Practitioner program, and a top 20 Family Nurse Practitioner program. These graduate programs are in the nation's top three percent, according to 2016's U.S. News & World Report’s “Best Graduate Schools.”
Claude Moore Health Sciences Library is a state-of-the-art library with a staff of professionals available to help healthcare specialists and patients find the latest health news and information. The library serves as a biomedical information resource for the University at large, the local community, and the Commonwealth through proactive outreach services. The library also serves the nation through cooperative programs with other libraries and agencies. The library licenses over 4,400 journal titles in the basic and clinical sciences and provides access to over 44,000 electronic/print books and 1,700 multimedia programs.
SELECT HONORS and AWARDS
US News & World Report ranked UVA Medical Center nationally in one adult and four pediatric specialties. It was also high performing in four adult specialties. It also recently (August 3rd, 2017) ranked UVA Medical Center as the #1 hospital in the entire state of Virginia: http://health.usnews.com/best-hospitals/area/va/university-of-virginia-medical- center-6344000 ▶ Adult Specialties:
Diabetes & Endocrinology - ranked #44 in the nation Cancer – ranked #30 in nation Cardiology & Heart Surgery - #50 in the nation Ear, Nose & Throat – ranked #32 in the nation Nephrology Neurology & Neurosurgery Orthopedics - #33 in the nation
▶ Pediatric Specialties: Neonatology – ranked 50th in nation Orthopedics – ranked 47th in nation Pulmonology – ranked 37th in nation Urology – ranked 35th in nation
• University of Virginia Medical Center has earned two 2015 national Women’s Choice Awards® from WomenCertified Inc. – one for patient safety and one for patient satisfaction in orthopedics. • The Battle Building at the University of Virginia Health System has earned a Gold rating from the U.S. Green Building Council’s Leadership in Energy and Environmental Design (LEED) program. • In 2015, the University of Virginia Medical Center received Magnet® recognition from the American Nurses Credentialing Center (ANCC) for its quality patient care, excellence in nursing care, and innovative nursing practices. • UVA Children's Hospital and Women's Services was honored with a Baby Friendly Designation for supporting breastfeeding.
UVA HEALTH SYSTEM KEY STATISTICS – FY15
Licensed Beds 612 Operating Expenses $1.24B Operating Margin 4% FTEs 6,938 Professional Nurses 2,342 APNs (CRNAs, CNs, NPs) 177 Full time Faculty 749 Residents & Fellows 763 Average Daily Census 457 Admissions 27,933 Average Length of Stay 5.99D Outpatient Visits 769,594 Emergency Visits 60,646 Surgical Cases 28,840 Births 1,674 University of Virginia Medical Center Job Description Addendum
Job Title: Director Information Job Code: 96152 Date: 7/9/2013 Security Officer Revised: 8/7/2017
Reporting Relationship: Health System Chief Direct Reports: Information and Technology Officer
Job Summary: The Director of Information Technology Security has responsibility for developing, implementing, and directing the Information Security Program for the University of Virginia Health System (UVAHS), to include the Medical Center, University Physician’s Group, and the School of Medicine. Accordingly, the Director is responsible for planning, directing and coordinating the implementation of strategic initiatives to preserve the availability, integrity and confidentiality of Health System information resources. The Director is also responsible for ongoing management of the Health System’s cybersecurity defenses and responses to threats and attacks. The Director works in close collaboration with the UVA Chief Information Security Officer, Health System Compliance and Privacy Officer, UVA Internal Audit, UVA Legal, and external audit and other agencies.
Essential Duties and Responsibilities:
1) Implement comprehensive Information Security Program. a. Set vision and establish direction for the global deployment of information security technology solutions that are aligned with the strategic objectives and initiatives of the Health System. b. Conduct regular assessments of information security and provide exposure and risk reporting along with remediation plans to leadership. c. Coordinate and conduct infrastructure as well as system assessments to identify key information security vulnerabilities and provide recommendations for remediation. d. Develop and maintain information security policies, procedures, and guidelines and collaborate with Corporate Compliance and University Internal Audit to ensure compliance. e. Collaborate with senior leadership in the development of technology strategies. f. Implement and manage information security education and communication programs to increase information security awareness and promote best information security practices and ensure compliance
2) Direct Information Security Risk Management Program. a. Oversee formal information security risk program that includes the identification, classification, and prioritization of risks associated with UVAHS resources to enable leadership to determine the most effective strategies for managing risks. b. Coordinate UVAHS department leaders to facilitate risk assessment and risk management processes and work with stakeholders on risk mitigation strategies. c. Drive risk-based processes for technology vendor risk management d. Provide strategic risk guidance for technology projects including the evaluation and recommendation of appropriate technical controls.
3) Serve as senior information security leader in the organization. a. Coordinate and lead all information security related activities related to information technology incident/event response. b. Serve as liaison with University Internal Audit as well as the Auditors of Public Accounts with the Commonwealth to coordinate all technology related audit responses and follow-up remediation. c. Complete contract reviews for information technology to ensure compliance with established policies, procedures, and standards. d. Prepare/Review/Respond to RFIs/RFPs, proposals, contracts, statements of work, and other documentation for information technology related projects and initiatives. e. Attract, develop, and retain team of highly skilled information security professionals. f. Prepare and conduct presentations to senior level executives regarding information technology security.
4) Provides effective leadership. a. Commitment to organization’s vision, values, purpose, and direction is demonstrated. b. Activity goals are aligned effectively with the strategic direction of the medical center. c. Goals and objectives are implemented effectively. d. Goals and objectives are implemented with staff involvement and appropriate delegation. e. Teamwork is fostered for effective operations. f. All relevant issues, stakeholders and broad systematic implications are considered when making decisions. g. Opportunities are created and promoted to celebrate the contributions of the team/work group.
5) Models effective communication and collaboration skills / behaviors. a. Cooperation is always promoted when working with other work groups. b. Information is shared appropriately with employees and those that might find it useful. c. Ideas and concerns of others are listened to attentively and with understanding. d. Integrated work processes are ensured by working with internal and external partners. e. A broad network of contacts, within and outside the medical center, is cultivated, regardless of boundaries. f. Organizational barriers to collaboration and teamwork are removed.
6) Takes action to achieve measurable results. a. Broad strategies and business plans are translated into specific objectives, metrics and action plans that are linked to the strategic plan. b. Goals are developed that are challenging but achievable, with appropriately aggressive yet realistic time frames, for achieving objectives. c. A sense of urgency is demonstrated when solving problems and getting work done. d. Decisive action is taken in high stakes situations, crises or conditions of uncertainty. e. Accountability is ensured by using key indicators, processes and management systems to monitor the department’s performance against goals.
7) Supports innovation and organizational change to improve effectiveness. a. Structures and processes are established to plan and manage the orderly implementation of change. b. Individuals and groups are helped to manage the anxiety of significant change in a timely manner. c. Problem solving and creative thinking processes that lead to the development and implementation of new approaches and methods are facilitated at every opportunity. d. An environment of continuous improvement, best practices, lessons learned, and quality outcomes is fostered. e. Competing demands, shifting priorities and organizational constraints are adapted to appropriately.
8) Develops talent and coaches peers and others to develop their capabilities. a. Assignments are given appropriately to develop staff. b. Behaviorally specific feedback is provided in a timely manner. c. Decision making is fostered at the lowest level whenever appropriate. d. Progress in development of behaviors, skills and abilities is reviewed and recognized regularly. e. Staff are consistently recognized and rewarded for their achievements and creative ways are sought to make staff’s work rewarding. f. Career development, work environment and life balance issues are addressed to ensure the medical center retains talented people.
9) Achieves budgetary goals. a. Organizational resources are allocated (e.g. budget, staff) in alignment with strategic priorities. b. Budget projections includes adequate detail to support projections. c. Operational and salary reports are monitored for trends indicating action is necessary to remain within budget. d. Effective action is taken to address variance promptly. e. Achievement of budgetary goals is accomplished.
10) Applies knowledge of functional area to effectively manage operations. a. Industry trends are followed in order to take advantage of cutting-edge and innovative ideas b. Functional knowledge is applied to effectively manage department / unit operations. c. Functional knowledge is applied to effectively solve a range of problems. b. Responsible and accountable for meeting external and/or internal customer’s needs. a. Communication with internal and/or external customers occurs on a regular basis to identify expectations and satisfaction level. b. Business concerns and perspectives of customers are recognized and addressed, pursuing a win-win outcome. c. Customer problems are solved quickly and effectively. d. Confidentiality is maintained at all times with customer information or concerns. e. Follow through is maintained on committed actions in a timely manner.
Qualifications:
EDUCATION: Master’s degree required – or – Bachelor’s degree with 4 years from date of hire/transfer to obtain Master’s degree.
EXPERIENCE: 7-10 years of demonstrated experience in related area with at least 5 years of leadership preferably in information technology security within the healthcare industry. Prefer experience working with legal, audit, and compliance professionals. Thorough understanding of Federal and Commonwealth regulations including HIPAA, ARRA, HITECH, etc.
LICENSE/CERTIFICATION: One or more of the following professional certifications required: Certified Information System Security Professional (CISSP) Certified Information Security Manager (CISM) Global Information Assurance Certification (SANS/GIAC) Systems Security Certified Practitioner (SSCP) Certified Information Systems Auditor (CISA)
GENERAL INFORMATION: The above statements are intended to describe the general nature and level of work being performed by individuals assigned to this position. They are not intended to be an exhaustive list of all duties, responsibilities, and skills required of personnel so classified. THE COMMUNITY
Nestled amid the foothills of the magnificent Blue Ridge Mountains, the greater Charlottesville region offers a thriving community and an amazing arts culture that's both innovative and grounded in tradition. A half-hour to the west of Charlottesville is the Skyline Drive and the Blue Ridge Parkway through the Blue Ridge Mountains. A three-hour drive to the east brings you to Atlantic Ocean beaches. Richmond, the state capital, is only one hour away by car, and Washington, D.C. is just two hours north. Charlottesville averages more than 200 days of sunshine a year; the average July high is 88 degrees.
Charlottesville has been voted the Best Place to Live in America, Best Place to Retire, Best Green City, Best Digital City, Best Place to Start a Small Business, and the Healthiest City.
The 2014 accolades are impressive and numerous, including “10 Best College Towns” by Livability; “Happiest City in America,” Good Housekeeping; “America’s 5 New Foodie Cities,” Wine Enthusiast; and “5 Destinations Every American Should Visit,” Luxury Travel Magazine.
Charlottesville is best known as home to the movers and shakers in American history, welcoming visitors to see Thomas Jefferson's home at Monticello, his lasting academic legacy at the University of Virginia, and James Madison’s Montpelier. Greater Charlottesville features history, culture, arts, shopping, championship Atlantic Coast Conference & NCAA sports, etc.
Just beyond city lines, the rolling hills and farms complement city life within Albemarle County's more than 700 square miles of vibrant natural beauty, including Shenandoah National Park's Skyline Drive and abundant history and heritage. Residents and visitors alike love the orchards along the roads, flowing into the fields at harvest times throughout the year to pick strawberries, cherries, peaches, and apples. Outdoor enthusiasts have a host of choices from hiking the Appalachian Trail in the Blue Ridge Mountains to snowboarding at Wintergreen Resort to kayaking on the James or Rivanna Rivers. There are a dozen golf courses nearby, as are miles of biking and walking trails.
Over the years, Greater Charlottesville's beauty, charisma, and energy have lured artists and patrons alike. Charlottesville has quietly developed into a sophisticated arts community. The number and variety of arts events, performances, exhibitions, and festivals in the Greater Charlottesville area is impressive.
Charlottesville's Historic Downtown Mall, one of the longest outdoor pedestrian malls in the nation, is home to a lively street scene with restaurants; theaters; art galleries; shops; the recently renovated 1930s movie palace, the Paramount Theater, and historic Court Square just a few steps away.
In 1776, Charlottesville’s most famous son, Thomas Jefferson, penned the Declaration of Independence. Today, residents and visitors write their own declarations on the Downtown Mall's Freedom of Expression Wall, a stretch of dark granite covered daily with the messages and art of passersby. The mall also hosts the Virginia Festival of the Book, the Charlottesville Festival of the Photograph, and the Virginia Film Festival.
Charlottesville is an enclave of academia, home to the University of Virginia, consistently ranked one of the nation's top public universities, with world-leading programs in business, law and English and a leading medical center. More than 20,000 UVA students infuse the area with energy and creativity.
Virginia is well known for its growing number of wineries and vineyards, and Greater Charlottesville is considered the "Wine Capital of Virginia." There are more than 20 different vineyards along the Monticello Wine Trail. Central Virginia’s growth includes high-tech and pharmaceutical startups that have made use of the University’s research parks and pool of talent. In addition, the National Ground Intelligence Center and regional offices of large corporations, including GE Fanuc, State Farm Insurance, LexisNexis, and SNL Financial, among others, employ a significant portion of the region’s workforce and are supported by a well- maintained infrastructure, including an attractive, accessible airport.
There is an enthusiasm about Charlottesville and its combination of a thriving economy, spectacular scenery, superb arts and recreational activities, and the University of Virginia. The city appeals to people in every stage of life. The school system is world class and the University of Virginia brings a vibrant population into the area, along with the cultural and educational opportunities associated with one of America’s premier universities. Procedure for Candidacy
Interested candidates should submit their resume to Bryan Kirby or apply online at kirbypartners.com.
Candidates should expect two interviews with Kirby Partners recruiters (including a video conference interview). You may be asked to complete an Executive Profile and submit references to be considered for presentation to the search committee. All inquiries will be treated in confidence, and your references will not be contacted without your prior knowledge and approval.
Kirby Partners is a leading executive search firm specializing exclusively in healthcare IT and cyber security. We leverage our 28 years of experience to efficiently place leaders at top organizations.
Kirby Partners does not discriminate based on race, color, ethnicity, national origin, sex, pregnancy, sexual orientation, gender identity, religion, disability, age, genetic information, veteran status, marital status, and/or political affiliation in its programs, activities, or employment.
Note: The material presented in this position specification should be relied on for informational purposes only. This material has been copied, compiled, or quoted in part from client documents and personal interviews and is believed to be reliable. While every effort has been made to ensure the accuracy of this information, the original source documents and factual situations govern.