chief information security officer - auckland health jobs · · 2016-11-28chief information...
TRANSCRIPT
080713; Template Manager of Managers 1
Chief Information Security Officer
healthAlliance Purpose, Vision and Principles
Pu
rpo
se S
tate
me
nt
healthAlliance provides shared services to benefit NZ health organisations. We will deliver increasing value to our customers through:
Lower cost
Standardized system and processes
Reducing variation or rework
Quality and innovation
Vis
ion
To deliver outstanding shared services that enable healthcare excellence for the Northern Region’s population.
Pri
nci
ple
s
Partnership Developing lasting partnerships through collaboration, working to a common goal, facilitating joint solutions within our means, recognising and celebrating success, open communication to share knowledge and information.
Respect for people
We respect others by; developing trust by being open and honest, listening to and understanding others views, valuing everyone’s contribution, celebrating diversity and have fun and enjoy what we do as a team.
Integrity
We show integrity by; leading by example, open, fair, honest and transparent in everything we do, courage to speak up and challenge when things don’t seem right, act ethically and professionally at all times, can do, will deliver our promises, obligations and commitments.
Delivering Results
We deliver results by; delivering exceptional results through high performance teams, enhance the customer experience, continually improve and add value, being action orientated, responsible and accountable, providing consistent and reliable services.
Energised by Innovation
We are energised by innovation when we; encourage forward thinking ideas and challenge status quo, measure our performance and see it as an opportunity to learn and grow, creating positive change by developing smarter ways to work, empowering people to maximise potential.
Our principles define the expected behaviour of all staff and guide us on the behaviours that are important to us as an organisation. They underpin the way we do things at healthAlliance, defining how we strive to move towards our vision.
080713; Template Manager of Managers 2
This position description provides an indicative outline of the purpose and key responsibilities and tasks of the role.
Title and Reporting Relationships Position title:
Chief Information Security Officer
Reporting to: Chief Information Officer
Location: Auckland
Purpose of the Role
The CISO is responsible for establishing and maintaining a healthAlliance wide information security management programme to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the healthAlliance. This requires a visionary leader with sound knowledge of business management and a deep knowledge of information security technologies. The CISO will proactively work with business units to implement practices that meet defined policies and standards for information security. The role will also oversee a variety of IT-related risk management activities.
The CISO serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the healthAlliance’s information security policies. A key element of the CISO's role is working with executive management to determine acceptable levels of risk for the healthAlliance. The CISO must be highly knowledgeable about the business environment and ensure that information systems are maintained in a fully functional, secure mode.
Once established the CISO will also be available to support customer information security activities and will represent healthAlliance on any appropriate regional advisory/ working groups including the regional security forum.
Personnel Dimensions (Employees reporting to this position directly and indirectly)
Number of Staff: Direct: 1 Through subordinates: 0 Total: 1
Key Relationships
People and organisations both inside and outside of the company that this position would be required to manage relationships with.
Internal Stakeholders External Stakeholders
hA IS Management Team Service Users and Customer User Groups
Other hA IS Project, Service Delivery, Applications and Infrastructure Teams
DHB stakeholder representatives including Clinical Directors/Advisors of IS, Health Information Managers, IM Consultants, etc.
Other hA IS Teams that require IS support and assistance
DHB embedded Functional Support, IS and Information Management Staff
Other Health Providers and Agencies such as Primary Care Providers, HBL and MoH
Suppliers & Contracted Personnel
080713; Template Manager of Managers 3
Position in Organisation
Key Responsibilities and Tasks Expected Outcomes
Develop, implement and monitor a strategic, comprehensive enterprise information security programme to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organisation.
Manage directly and indirectly the enterprise's information security organisation consisting of direct reports and indirect reports (such as individuals in business continuity and IT operations). This includes hiring, training, staff development, performance management and annual performance reviews.
Facilitate information security governance through a governance programme, including creation (where necessary) and participation in various committees and/or advisory board.
Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
Develop and manage information security budgets, and monitor them for variances.
Created a ‘Culture of Security’ through the creation, delivery and management of information security and risk management awareness training programmes and communications programmes for all employees, contractors and approved system users.
Enterprise information security programme developed
Implement a security governance programme
Up-to-date information security policies, standards and guidelines developed, maintained and published
Security Culture created
Budgets managed and maintained within set boundaries
Information security management framework implemented
Alignment between the security and enterprise architectures
Security programmes are in compliance with relevant laws, regulations and policies.
Security incidents and events are managed to protect corporate IT assets.
080713; Template Manager of Managers 4
Ensure policies, process and practices are developed and implemented to enhance the security of customer, patient management information
Ensure information security risks are effectively managed and monitored.
Work in coordination with Legal, Compliance, Privacy groups and Audit on various inter-related initiatives including information ownership, classification, accountability and protection.
Serve as a resource and provides expert counsel on security matters.
Develop and enhance an information security management framework
Liaise with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
Create and manage a unified and flexible control framework to integrate and normalise the wide variety and ever-changing requirements resulting from global laws, standards and regulations.
Ensure that security programmes are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
Liaise among the information security team and corporate compliance, audit, legal and HR management teams as required.
Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation.
Monitor the external threat environment for emerging threats, and advise relevant stakeholders
Relationship Management
Facilitate cyber security and business alignment and communication through a cyber-security steering committee or advisory board
Coordinate the use of external cyber security resources will ensure that a consistent approach is being applied across the agency
hA and DHB staff support, contribute to, and realise demonstrable value in being a part of an security steering group.
Customer and stakeholder expectations are managed in line with the organisation’s capability to deliver.
080713; Template Manager of Managers 5
Develop and maintain effective relationships with customers, colleagues, suppliers and other stakeholders to foster and encourage collaboration.
Build effective client relationships through understanding their business models and by identifying their business drivers and key performance indicators (KPI)
Create and manage a seamless, flawless and valuable end user experience
Drive collaboration through governance by bringing the right stakeholders into the decision-making process
Positive feedback from customers, stakeholders and colleagues recognising effectiveness and contribution.
This role and customers you engage with understand each other’s objectives and pro-actively seek each other’s advice through regular and effective engagement.
Regular contact is maintained with all clients including visits to client sites as necessary
Divisional Support
Engage with the other members of hA Senior management to integrate end-to-end services delivery.
Activity support members of hA IS leadership team to achieve the collective set of objectives.
Contribute to general planning, management and reporting activities.
Attend and report at leadership team meetings as required
Provide input to strategic planning activities
hA IS team is coherent and achieves its goals as a team. This is also apparent in the way our teams collaborate to achieve end-to-end service excellence.
hA IS contribution to hA planning and reporting activities is outstanding.
Divisional operational information is shared.
Financial Management
Manage financial performance in line with relevant budgets and targets and in accordance with organisational policies and processes
Support the CIO and IT Leadership Team with business analysis and advice
Provide input to the annual divisional budget planning process
Identify areas and opportunities to drive efficiency, cost savings and support continued growth
Operational expenditure and capital expenditure are managed to budget
Annual plans are in place and are managed within agreed parameters and organisational policies
Benefits and savings targets met or exceeded
Active measurement, monitoring and improvement of financial performance
Budgets are prepared within the agreed time frame and are regularly reviewed and recast as agreed
Analysis reports are timely and provide information and options to address issues and challenges
080713; Template Manager of Managers 6
Professional Development
Accept responsibility for own professional development
Annually agree professional development plan with your Manager
Liaise with all customers (internal and external) as required in a helpful and polite manner
Development and training plans are in place
Knowledge sharing among team members
Spirit of co-operation with other work areas/departments is maintained
Risk Management
Manage all business risks and mitigation plans assigned to you and maintain accurate and up to date risk registers
Pro-actively seek opportunities to align strategy, risks and controls to optimise business performance
Adhere to the company’s risk appetite and business risk management policies
Assist the Executive Team to identify, evaluate, mitigate, monitor, manage and report all significant risks and internal control weaknesses in a timely, accurate and consistent manner
Create and embed a culture of strong ethical behaviour, quality and continuous improvement
Early warning systems in place (no “surprises”) which protect company from unforeseen events and which notifies risks promptly to the ELT
Key risks are identified and the control environment is optimised to: improve effectiveness, reduce costs and enhance business performance
Opportunity risks are identified and exploited and risk discussions are embedded in operational planning, resource allocation etc.
Activities related to regulatory, compliance and audit related matters are efficient and effective
Health, Safety and Wellbeing
Support healthAlliance health, safety and wellbeing culture and recognize individual responsibility for Workplace Health and Safety under the Health and Safety Employment in Act 1992
Support healthAlliance health, safety and wellbeing culture by:
Ensuring a safe working environment and safe working practices
Planning, organising and managing Health and Safety activities directed at preventing harm in the workplace
Reading and understanding healthAlliance Health and Safety policies and relevant procedures and applying to own work activities
Identifying, reporting & managing hazards where appropriate
Assisting in identifying Health and Safety Representatives for your area.
080713; Template Manager of Managers 7
General
Model a culture of innovation by leading changes to processes, practices and systems that align with company values.
As an employee you are required to familiarise yourself with and comply with all our policies, including but not limited to our Code of Conduct.
Consistently displays the principles of the organisation and holds staff accountable for their behaviour
Adheres to and observes all organisational policies, methodologies and practices
Other duties as required in addition to or as a result of changing circumstances, that contributes to achieving the purpose of the role.
Qualification, Experience and Training Requirements
What is the typical background required to competently perform the responsibilities of the job?
Essential is the minimum acceptable level for entry. Preferred indicates the desirable level, but may also expand on the nature, eg: industry related, level of previous supervisory experience
Essential Preferred
Bachelor’s or Master’s Degree in Computer Science, Information Systems, or other related field. Or equivalent work experience.
10 to 15 years of IT and business/industry work experience
Deep understanding of health information system standards.
4 years of leadership experience in managing multiple, large, cross-functional teams or projects
Experience in current IT service delivery with strong knowledge of ITIL v3 framework and experience in its practical application in mid to large sized companies.
Proven experience of leading a review of an existing IT function and then defining and delivering a programme of improvements to its internal processes, structures and capability.
Awareness and understanding of industry standard security issues and processes.
Awareness and Understanding of Business Continuity principles
Competent knowledge of Prince2 methodology in order to complement project managers within the design stages of the project lifecycle
Awareness and understanding of Data Protection law and regulations.
Demonstrable and practical experience at a senior level, in public or private sector, of working with senior colleagues to deliver transformational change to business processes and systems, to deliver cost savings and service improvements for customers
080713; Template Manager of Managers 8
Competencies for the role Decision Quality Makes good decisions (without considering how much time it takes) based
upon a mixture of analysis, wisdom, experience, and judgement; most of his/her solutions and suggestions turn out to be correct and accurate when judged over time; sought out by others for advice and solutions.
Planning Accurately scopes out length and difficulty of tasks and projects; sets objectives and goals; breaks down work into the process steps; develops schedules and task/people assignments; anticipates and adjusts for problems and roadblocks; measures performance against goals; evaluate results.
Strategic Agility Sees ahead clearly; can anticipate future consequences and trends accurately; has broad knowledge and perspective; is future oriented; can articulately paint credible pictures and vision of possibilities and likelihoods; can create competitive and breakthrough strategies and plans.
Process Management Good at figuring out the processes necessary to get things done; knows how to organise people and activities; understands how to separate and combine tasks into efficient work flow; knows what to measure and how to measure it; can see opportunities for synergy and integration where others can’t; can simplify complex processes; gets more out of fewer resources.
Total Quality Management
Is dedicated to providing organization or enterprise –wide common systems for designing and measuring work processes; seeks to reduce variances in organization processes; deliver the highest –quality products and services which meet the needs and requirements of internal and external customers; is committed to continuous improvement through empowerment and management of data; leverages technology to positively impact quality; is willing to re-engineer processes from scratch; is open to suggestions and experimentation; creates a learning environment leading to the most efficient and effective work processes.
Conflict Management Steps up to conflicts, seeing them as opportunities; reads situation quickly; good at focussed listening; can hammer out tough agreements and settle disputes equitably; can find common grounds and get cooperation with minimum noise.
Drive for Results Can be counted on to exceed goals successfully; is constantly and consistently one of the top performers; very bottom-line oriented; steadfastly pushes self and others for results.
Interpersonal Savvy Relates well to all kinds of people-up, down, and sideways, inside and outside the organization; builds appropriate rapport; build constructive and effective relationships; uses diplomacy and tact; can diffuse even high-tension situations comfortably.
Customer Focus Is dedicated to meeting the expectations and requirements of internal and external customers; get first-hand customer information and uses it for improvements in products and services; acts with customers in mind; establishes and maintains effective relationships with customers and gain their trust and respect.
080713; Template Manager of Managers 9
Integrity and Trust Is widely trusted; is seen as a direct, truthful individual; can present the unvarnished truth in an appropriate and helpful manner; keeps confidences; admits mistakes; doesn’t misrepresent him/herself for personal gains.
Note: The position description needs to be reviewed by both parties annually. Signed as current and agreed: ______________ ______________ Manager Employee