Director of Information Security - UNOS

  • 8 Nov 2019 2:01 PM
    Message # 8098257
    James Walters (Administrator)

    Director of Information Security - UNOS

    Position Description

    A strategic leader within UNOS directs strategy, operations and the budget for the protection of the enterprise information assets and manages that program.  Ensures that corporate information assets and technologies are adequately protected and information security related compliance is met.

    Director of Information Security establishes and leads implementation of a UNOS wide strategy in areas of Cybersecurity, Business Continuity Management,  Security Operations, Information Security Awareness and Training, Incident Response, Security Audit Compliance.  Works with other executives across different departments to ensure that security systems are working smoothly to reduce the organization's operational risks in the face of a security attack.

    Information Security responds to incidents, establishes appropriate standards and controls, manages security technologies, and directs the establishment and implementation of policies and procedures.  Guides Information Security staff and leads cross-organizational efforts in identifying, developing, implementing and maintaining processes across the company to reduce risks.

    Key Responsibilities

    • Direct and approve the design of security systems - oversees development and maintenance of information security architecture that provide defense in depth, reduces attack surface/exposure, limits risk and aids in detection, isolation and response.
    • Review and approve security policies, controls and cyber incident response planning
    • Ensure that disaster recovery and business continuity plans are in place and tested
    • Approve identity and access policies - lead Identity and Access Management for financial systems and systems that contain PII, PHI or other potentially sensitive information.  These access controls include internal and perimeter firewall management and network access as well as providing guidance for service authentication and authorization.
    • Ensure that information privacy needs are met, including compliance with all privacy regulations as well as providing guidance for best practices for protecting personally identifiable information (PII) and protected health information (PHI) data entrusted to UNOS.
    • Ensures that UNOS is compliant with applicable information security regulations and contract requirements, such as HIPAA Privacy Rules, HRSA (NIST) requirements and the OPTN contract.
    • Manages the Information Risk program and the Risk Acceptance Process to ensure that all risks are handled and stake holders are able to make informed decisions concerning risk acceptance.  Track all known vulnerabilities that exist in software and infrastructure at UNOS and work with appropriate teams remove or remediate these risks as appropriate.
    • Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities
    • Perform risk assessments as require by the UNOS Privacy Office as part of breach investigations
    • Maintain a current understanding the IT threat landscape for the industry.  Constantly update the cyber security strategy to leverage new technology and threat information.  Translate that knowledge to identification of risks and actionable plans to protect the business
    • Ensure compliance with the changing laws and applicable regulations
    • Develop internal audit and assessment capabilities including pen testing, and active defense capabilities.  Schedule periodic security audits.
    • Make sure that cyber security policies and procedures are communicated to all personnel and that compliance is enforced
    • Brief the executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget and
    • Communicate best practices and risks to all parts of the business, outside IT.
    • Acts as the focal point for all communications related to information security, both with internal staff, HRSA or other parts of Dept. of Health and Human Services, and third parties – Member Organizations, Vendors/Partners, etc.
    • Manage all teams, employees, contractors and vendors involved in IT security.  Own the overall success of the team, including planning, growth and staffing, thereby assuring an outstanding client experience that decreases time to first value and drives adoption.  Provide training and mentoring to security team members
    • Identify opportunities for continuous improvement and drive efficiencies in departmental process and procedures
    • Measure effectiveness of Information Security team - refine operational metrics for the team, create reporting and review cadences
    • Be an extremely effective communicator understanding the significance and appropriate use of various communication channels and tone based on circumstances and audience
    • Makes effective independent decisions relating to day-to-day issues that do not require team discussion, input or agreement.
    • Involve fellow team members in collaborative decisions based upon member/customer feedback.
    • Provide input and influence on information security in the transplant community by becoming involved in the transplant community and promoting UNOS and security best practices
    • Influence the development of standards and best practices for the exchange of transplant data
    • Assist UNOS Business Services in leveraging information security to help develop new revenue sources
    • Offer/Provide consultative services to UNOS, and its members and partners, in best practices for securing transplant data and interfacing with UNOS systems
    • Develop and report risk metrics as part of an overarching corporate risk strategy
    • Provide input and influence on the direction of UNOS in addressing network and computer security needs with regard to choice of hardware and software technologies, choices between commercial and open source software, and local and cloud-based services.
    • Recruit and Develop the Information Security Team so that the organization is seen as a leader in information security in Richmond technology community as well as the transplant community.  Promote UNOS and Information Security through local and national events, such as RichTech and AOPO.


     Minimum Requirements

    ·       10+ years of experience within the Information Security field

    ·       5 years of people management experience; 7-10 years preferred

    Critical Skills

    • Pertinent deep information security experience
    • Experience in establishing a NIST and/or other information security standards and best practices
    • Ability to multi-task and handle numerous assignments simultaneously.
    • A proven process thinker seeking productivity and exceptional service.
    • Customer centric with well-developed business acumen.
    • Strong leadership skills and the ability to take initiative.
    • Ability to work well both in a team environment and independently.
    • Must have a professional, positive and enthusiastic attitude.
    • Excellent problem solving skills.
    • Effective meeting facilitation skills.
    • Excellent listening and feedback skills.
    • Exceptional interpersonal and consensus-building skills.
    • Excellent verbal, telephone, and written communication skills.


    4-year degree in computer science, computer engineering, IT or other related field of study, or equivalent level of professional work experience; Advance degree highly desired.

    Physical Requirements

    • General office demands

Copyright 2018, International Information Systems Security Certification Consortium, Inc. (“(ISC)²), in website format and trade dress only. All Rights Reserved. (ISC)², CISSP, SSCP, CAP, ISSAP, ISSEP, ISSMP, CSSLP, and CBK are registered certification, service, and trademarks of (ISC)². Disclaimer: (ISC)²” does not own, operate, or moderate this website. All content of this site, exclusive of licensed trademarks or copyright, is the property of the designated (ISC)² Chapter organization, which is not owned, managed, or controlled by (ISC)² and operates independent of (ISC)².  

(ISC)2RVA is a 501(c)3 nonprofit organization.  EIN: 83-4655968

P.O. Box 2566, Glen Allen, VA 23058-2566

Powered by Wild Apricot Membership Software