Senior Director, Information Security
| Req Number: | DERHF1 |
| Location: | Philadelphia, PA (remote/hybrid) |
| Posted: | 8/6/2025 |
| Category: | Life Sciences/Healthcare : Hospital/Health Systems |
| Job Type: | Permanent |
The Opportunity
APPLY NOW
This health system is uniquely positioned as an internationally renowned hospital and research organization. Over the last several years, the organization has initiated a significant digital transformation across the organization in alignment with the Chief Executive Officer and the health system’s multi-year strategic plan. This includes a wide array of initiatives centered around the technology-enablement of world class employee and patient experience, operational efficiency and excellence, systems modernization, automation, AI, external partnerships, and broad innovation. This transformation has significant information security implications, as does the heightened threat landscape in an age of AI.
As the health system continues to transform healthcare, it strives to revolutionize its security program to protect its assets and support its world-class health system strategy. The Senior Director of Information Security will lead and modernize security engineering and operations (cyber defense), ensuring continuous improvement, risk mitigation, and robust layers of defense.
This role is responsible for the strategic and operational management of the organization’s security engineering and cyber defense programs. The Senior Director oversees the management of security operations services, including incident response, vulnerability management, threat hunting, and overall program development within the enterprise. A key responsibility is the continuous evaluation of evolving threats, staying abreast of security technologies, and modernizing layers of defense. The role acts as a security liaison between technology, business, research, and clinical verticals to advance security culture and achieve alignment for strategy and security posture. Additionally, the health system is partnering with a leading managed security services organization, transitioning to a next generation, hybrid SOC model imminently. This new leader will spearhead this ongoing initiative, including the decommissioning of legacy systems in 2026.
The Senior Director is a critical leadership position reporting directly to the Chief Information Security Officer and is a trusted advisor to the Digital Technology Leadership team, as well as key stakeholders throughout the organization.
Key Responsibilities
The Senior Director of Information Security will have a broad set of responsibilities that will encompass the following:
Lead and continuously improve the health system's approach to security monitoring, logging and incident response, ensuring regular oversight, risk evaluation, metrics, and reporting focused on process improvement, tackling evolving threats and focusing on automation and emerging technologies (e.g., artificial intelligence) for continuous improvement
- Lead and manage a world-class, 24/7 Security Operations Center (SOC), encompassing resources and technologies in a hybrid, matrixed team.
- Ensure comprehensive metric analysis, reporting, and a dashboard view of security across the health system, leveraging insights from SIEM, MSSP, XDR, and other technologies.
- Spearhead the implementation and evolution of next-generation security operations technologies, processes, and best practices.
- Continuously refine SOC processes to establish standardized playbooks and defined response scenarios
- Foster engineering excellence, creative solutions and strategically drive modernization efforts by staying informed of and leveraging new technologies to continuously improve layers of defense, mitigate risk and enhance security operations services
- Establish a culture of continuous improvement through development of frequent service and tabletop reviews/exercises focused on best practices, lessons learned and root cause analysis with the intention of refining processes and playbooks, informing better engineering designs, and delivering a more efficient, secure service while reducing key response metrics
- Cultivate a world-class operational workforce through the continuous evaluation of skills and capabilities, and the use of ongoing training to ensure readiness to accommodate an evolving security and technology landscape
- Develop strategies for the workforce optimization that achieve improvement both in service delivery outcomes and engagement
- Oversee and manage vendors partners to deliver top-tier security services; looking ahead to develop and implement next generation of services with a continuous improvement mindset
- Manage the budget for the security program and cross-functional security services, while promoting a financial stewardship approach to solutions and services
- Develop and execute robust processes, procedures, and frameworks for security program services, while cultivating relationships with enterprise stakeholders, advocating for a security-first mindset, providing trusted advisory services, and supporting the health system’s mission and Strategy
- Have pulse on threat landscape, industry trends to position the health system optimally and adopt innovations to reduce risks and enhance efficiency
- Develop strong, collaborative relationships within DTS, administrative, business, research, operations, technology and application leaders across the health system to drive collective security health, cyber judgment, change management, risk action plans and response plans as needed
- Stay informed regarding regulations, applicable laws, and security frameworks; understanding the implications for the health system’s business and security program, and develop strategies to ensure program alignment
Professional Experience/Qualifications
The Senior Director will be an innovative leader with strong technical acumen and outstanding communication skills, with the natural ability to interface and influence effectively across the health system. Healthcare experience and more specifically in large health systems is strongly preferred. Regardless of industry background, the Senior Director must be an innovative, self-starting, collaborative, and thoughtful leader with proven experience navigating a complex, scaled environment and drive meaningful, technology-driven transformation.
The following experience and skills are critical to success:
- At least 10 years of experience within Information Security, Cyber Security, Risk Management, and Information Technology, or industry focusing on control environment.
- At least five (5) years of experience in a technology leadership capacity.
- Experience in managing security, operations and technology teams.
- Security Operations Center development and management.
- Healthcare environment, changes and emerging trends in healthcare industry, and understanding of healthcare applications, systems and processes desired.
- Demonstrated security operations, standards, and technology life cycle knowledge and experience.
- Knowledge and high proficiency in relevant legal and regulatory requirements, including but not limited to, Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH) Act, Payment Card Industry Data Security Standards (PCI DSS).
- Knowledge and high proficiency with various security frameworks.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
Information Security Requirements:
- Understand and comply with all enterprise and IS departmental information security policies, procedures and standards.
- Support the integration of information security in the development, design, and implementation of Hospital Technology Resources that process, transmit, or store health system information.
- Support all compliance activities related to state, federal regulatory requirements, healthcare accreditation standards, and all other applicable regulations that govern the use and disclosure of patient, financial, or other confidential information.
Education & Certifications
A bachelor’s degree in computer science, information technology, or a similar field is required, an advanced degree in a related field is preferred. The following certifications are preferred:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified in Risk and Information Systems Control (CRISC)
- HealthCare Information Security and Privacy Practitioner (HCISPP)
******
Korn Ferry shall provide equal employment opportunity to all qualified candidates, and will refer candidates without regard to race, color, religion, national origin, sex, age, disability, veteran status or any other legally protected basis.
Apply
APPLY NOWSimilar Jobs
| Title | Location | Date Opened |
|---|---|---|
| Director of Research Security Atlanta May 7, 2025 | Atlanta | May 7, 2025 |
| Senior Vice President Information Technology Chicago Jun 3, 2025 | Chicago | Jun 3, 2025 |
| CEO, American Health Information Management Association (AHIMA) Remote with travel Apr 25, 2025 | Remote with travel | Apr 25, 2025 |
| Political Director Washington, DC Jul 29, 2025 | Washington, DC | Jul 29, 2025 |
| Regional Director Indiana, Indianapolis - Remote May 19, 2025 | Indiana, Indianapolis - Remote | May 19, 2025 |
| The Vice President and Chief Digital Information Officer (CDIO) Karachi, Pakistan or Nairobi, Kenya May 29, 2025 | Karachi, Pakistan or Nairobi, Kenya | May 29, 2025 |
| Managing Director, US Washington DC Aug 3, 2025 | Washington DC | Aug 3, 2025 |
| Director, Youth Initiative Westlake Village, CA Aug 7, 2025 | Westlake Village, CA | Aug 7, 2025 |
| Executive Director & Chief Executive Officer Washington, D.C. Jul 15, 2025 | Washington, D.C. | Jul 15, 2025 |