With more than 11,000 team members, Tower Health consists of Reading Hospital in West Reading; Brandywine Hospital in Coatesville; Chestnut Hill Hospital in Philadelphia; Jennersville Hospital in West Grove; Phoenixville Hospital in Phoenixville; and Pottstown Hospital in Pottstown. It also includes Reading Hospital Rehabilitation at Wyomissing; Reading Hospital School of Health Sciences in West Reading; home healthcare services provided by Tower Health at Home; and a network of 22 urgent care facilities across the Tower Health service area. Tower Health offers a connected network of 2,000 physicians, specialists and providers across 125 convenient locations. For more information, visit towerhealth.org.
The VP CISO reports to the SVP/CIO and serves a central role for strategic, cost-effective, secure, and high-quality delivery of new and existing IT services to Tower Health. The position is accountable to the CIO for the auditing of service quality, production readiness, root cause analysis, change management and other ITIL processes to ensure IT availability, stability, and service delivery to Tower Health.
The position has accountability to Tower Health Executives and the Board of Directors for maintaining a risk-managed, regulation compliant, and appropriately secure and available IT environment. The position also has accountability to the IT governance executive committee (OPMC) for portfolio, program, and project management and for IT strategy development. The position has accountability for the successful development, communication, deployment, and management of the following information technology areas: Information Security, Risk Management, Disaster Recovery, Strategy Maintenance, Portfolio Management, Program and Project delivery.
- Bachelor of Science Degree in Computer Science or related field required. Master’s degree preferred. Demonstrated comparable mastery of a domain may be substituted.
- Attainment and maintenance of nationally recognized information security and risk management credentials is required (e.g., CISM, CISSP, CRISC).
- 10-15 years of demonstrated performance in the Information Technology field with a minimum of five years progressive experience in information security program leadership roles in highly regulated industries.
- A minimum of 5 years’ experience working with the senior-most leaders in an organization is required.
- Excellent verbal and written communication, presentation and facilitation skills; ability to influence and communicate with impact to all types of audience; ability to present effectively to a Board of Directors.
- A minimum of 5 years’ experience interacting with federal regulatory agencies and maintaining regulatory compliance.
- A history of presentations at nationally recognized conferences that acknowledge expertise in the security field is preferred.
- Demonstrated success in conducting and overseeing forensic investigations, establishing organization-wide information security risk management programs, addressing regulatory compliance issues, primarily NIST and PCI, and managing third-party vendor relationships.
- Excellent leadership skills including the ability to develop vision, set strategy, lead direct and indirect reports, and coordinate cross-organization support.
- Demonstrated advanced level of knowledge in information security management, information security delivery, disaster recovery, IT risk management, IT enterprise governance, and program management through IT certification.
- Excellent analytical and research skills necessary to understand and interpret for senior leaders, and all levels of the organization, information security-related risk, regulations, and industry standards.