The Senior Director of Cyber Security is responsible for overseeing and managing the organization's cybersecurity operations and supporting the CISO with cybersecurity strategy. This role involves leading a team of cybersecurity professionals, developing and implementing programs for the following areas: Identity & Access Governance, Cyber Operations, Network & Data Security, and Attack Surface Management. The senior director will be accountable for implementing cyber strategy throughout the organization and ensuring that the teams are focused on process enhancements. Additionally, the Sr. Director will be responsible in assisting the evangelizing of cybersecurity concepts withing the enterprise to help enhance the posture.Essential Duties:

• Lead the development and execution of the incident response strategy.
• Coordinate and manage responses to security incidents and breaches and ensure security systems and process integrity and availability on a 24/7/365 basis.
• Conduct post-incident reviews and implement improvements.
• Work with hospital operations to coordinate IT Security’s responsibilities to educate, inform and train hospital departments on IT security, cybersecurity threats and privacy security including working with operations to perform an annual internal disaster drill for a cyber-security attack.
• Streamline security operations through automation to improve efficiency and response times.
• Plan and execute purple team exercises to test and improve the organization’s security posture.
• Collaborate with teams to identify vulnerabilities and enhance defenses.
• Create a vulnerability management program to manage and monitor evolving threat landscape and partner with responsible IT teams helping them to understand the deficiencies and recommending mitigation or remediation activities to resolve open vulnerabilities and reduce risk.
• Continuously monitor and manage the organization’s attack surface.
• Ensure root-cause analysis, identification, and resolution of actual or potential security issues/risks and implementation of preventive measures on a timely basis. Serve as a liaison/point of contact for problem resolution as required.
• Implement a Data Security Governance program to ensure appropriate controls are in place to govern sensitive data sharing.
• Oversee the implementation and management of network security measures.
• Ensure the protection of data through encryption, access controls, and other security measures.
• Manage identity and access management (IAM) programs.
• Ensure proper access controls are in place and regularly reviewed.
• Aligns IAM processes across the organization and develops and documents standards for organizational use.
• Collaborate with decision makers to provide actionable insights and recommendations that will lead to better business decisions.
• Support the creation and modification of all technology compliance policies and procedures while working with the Chief Information Officer, Chief Information Security Officer, and Chief Technology Officer.
• Drives continuous improvement for security practices based on expert knowledge in domain areas, industry best practices, business objectives and risk tolerances.
• Manage the Information Security budget/financial spend in accordance with the desired IT compliance risk appetite of the organization.
• Consults with IT technical teams and collaborates to develop plans to drive improvement in the annual IT Maturity Assessment.
• Prepare project status and program readiness reports.
• Review at departmental and strategic hospital levels to provide input into the information security budget and resource planning.
• Builds and nurtures positive working relationships with IT and other business units.
• Manage assigned management and technical staff.
• Continually assess operational objectives, organizational structure, and work processes to assure optimum skill mix, scheduling, and staffing levels to meet daily operations, project needs and external events.
• Develop, implement, and maintain a strategic and tactical vision to deploy security technology and processes with emphasis on a consistent, efficient, and effective deterrence.
• Implement consistent performance management practices by defining and communicating goals and performance objectives; regularly monitor, evaluate, and improve individual and team performance.
• Provide coaching and mentoring and other training and development activities to build staff competencies. Develop and implement evaluation criteria that define highly competent, high-performing individuals and teams.
• Conduct 90-day and annual evaluations with assigned staff; prepare summaries and activity reports.
• Create and report risk and control metrics. Produce standard monthly reporting.
• Other duties as assigned.

Required Qualifications:

• Req Bachelor’s Degree Degree in Computer Science, Information Technology, Cyber Security, or a related field. OR
• Req Master’s degree Degree in Computer Science, Information Technology, Cyber Security, or a related field.

• Req 10 - 15 years Experience in cybersecurity, with at least 5 years in a leadership role

• Req Proven track record of managing large-scale security projects and teams.
• Req In-depth knowledge of cybersecurity frameworks and standards.
• Req Strong understanding of network security, vulnerability management, incident response and identity & access management.
• Req Excellent communication and leadership skills.
• Req Strong leadership skills with a high level of drive and initiative.

Preferred Qualifications:

Required Licenses/Certifications:

• Req Certification - Job Relevant Certifications such as CISSP, CISM, CRISC, or equivalent
• Req Fire Life Safety Training (LA City) If no card upon hire, one must be obtained within 30 days of hire and maintained by renewal before expiration date. (Required within LA City only)

The annual base salary range for this position is $174,720.00 - $288,288.00. When extending an offer of employment, the University of Southern California considers factors such as (but not limited to) the scope and responsibilities of the position, the candidate’s work experience, education/training, key skills, internal peer equity, federal, state, and local laws, contractual stipulations, grant funding, as well as external market and organizational considerations.