Information Security Director jobs in Utah

Agency Information, Privacy, & Security Director

Data, Systems & Evaluation

The Utah Department of Health & Human Services is looking for an Agency Information Privacy & Security Director, responsible for overseeing the agency information privacy and security program. Individuals are required to understand the data held by the department and the overarching federal code, federal regulations, state codes, state rules, contracts and other agreements that govern the data of the department. 

This position manages personnel and resources to guide the security and privacy aspects of system development, implementation, and upgrades; develops policies, procedures, and strategies for information security management and ensures the security of department data; work directly with agency leadership and IT partners to define and measure the execution of the privacy and security programs and facilitate reporting to all stakeholders; organizes and/or participates in privacy and security committees or work-groups; responds to and implements legislative actions regarding information privacy and security. 

The Agency Information Privacy and Security Director may require expertise of different privacy and security regulations, standards and frameworks, including but not limited to: 

• HIPAA, 

• 42 CFR Part 2, 

• IDEA, 

• FERPA, 

• IRS code, 

• PCI compliance, 

• NIST 800-53, and

• NIST Privacy Framework. 

Responsible for the privacy and security budgets. Directly supervises Agency Information Security Manager(s), Agency Information Security Officers, other staff and provides complex technical assistance and/or training to others.

Preference

May be required to have or obtain information privacy and security certifications and/or training. Approval from the Government Operations Privacy Officer is required for any agency to use this job.

Why You Should Join Our Team

Become an integral part of the Utah Department of Health and Human Services (DHHS) and contribute to the vision of advocating for, supporting, and serving all individuals and communities in Utah; and ensuring all Utahns have fair and equitable opportunities to live safe and healthy lives. Help us achieve this through effective policy and a seamless system of services and programs. 

The Agency 

For information on the Utah Department of Health & Human Services, click here. This is an opportunity to make a difference, along with the satisfaction of helping the community.

The Utah Department of Health & Human Services is looking for an Agency Information Privacy & Security Director, responsible for overseeing the agency information privacy and security program. Individuals are required to understand the data held by the department and the overarching federal code, federal regulations, state codes, state rules, contracts and other agreements that govern the data of the department. 

This position manages personnel and resources to guide the security and privacy aspects of system development, implementation, and upgrades; develops policies, procedures, and strategies for information security management and ensures the security of department data; work directly with agency leadership and IT partners to define and measure the execution of the privacy and security programs and facilitate reporting to all stakeholders; organizes and/or participates in privacy and security committees or work-groups; responds to and implements legislative actions regarding information privacy and security. 

The Agency Information Privacy and Security Director may require expertise of different privacy and security regulations, standards and frameworks, including but not limited to: 

• HIPAA, 

• 42 CFR Part 2, 

• IDEA, 

• FERPA, 

• IRS code, 

• PCI compliance, 

• NIST 800-53, and

• NIST Privacy Framework. 

Responsible for the privacy and security budgets. Directly supervises Agency Information Security Manager(s), Agency Information Security Officers, other staff and provides complex technical assistance and/or training to others.

Preference

May be required to have or obtain information privacy and security certifications and/or training. Approval from the Government Operations Privacy Officer is required for any agency to use this job.

Why You Should Join Our Team

Become an integral part of the Utah Department of Health and Human Services (DHHS) and contribute to the vision of advocating for, supporting, and serving all individuals and communities in Utah; and ensuring all Utahns have fair and equitable opportunities to live safe and healthy lives. Help us achieve this through effective policy and a seamless system of services and programs. 

The Agency 

For information on the Utah Department of Health & Human Services, click here. This is an opportunity to make a difference, along with the satisfaction of helping the community. Click here to view a summary of all the benefits we offer.

• Manages and organizes department information security posture.

• Evangelizes privacy and security principles within the department and continuously works to embed improvement of privacy and security practices within existing and new programs.

• Works with the Division of Technology Services in developing strategic IT plans, and improving security posture and compliance with federal and state security policies and standards.

• Conducts security risk assessments.

• Conducts privacy risk assessments.

• Develops, implements, and monitors department security policies, procedures, and/or standards.

• Anticipates the impact that new or modified software will have on existing standards and systems.

• Applies theoretical expertise and innovation to create decision support tools to improve security practices.

• Provides technical security assistance and consults with bureau/division/department directors.

• Organizes and/or participates in state-wide and/or agency-wide security committees and/or work-groups.

• Works with the Division of Technology Services to develop technical requirements, standards, and specifications to ensure and maintain systems security.

• Manages security systems, including workflow analysis, resources, contracts, personnel and system evaluation.

• Monitors and evaluates electronic operations, processes and practices for quality and effectiveness, and makes recommendations for improvement.

• Establishes goals, objectives, and priorities and assures adequate administrative controls, quality and procedural efficiencies.

• Acts as a resource to provide information or determine the most effective way of meeting the needs of management, staff, clients or customers.

• Analyzes, summarizes and/or reviews data; reports findings, interprets results and makes recommendations.

• Supervises subordinate personnel including: hiring, determining workload and delegating assignments, training, monitoring and evaluating performance.

• Develop strategies for the continuous improvement of the department's privacy and security posture and support enabling technologies and programs to achieve desired agency outcomes.

• Ensures each office in the department has risk assessments that are reviewed every three years 

• Monitors budget, including revenues, expenditures and budget projection, etc.

• The ability to communicate information and ideas so others will understand, including the ability to adapt communication.

• Fluency of Ideas - innovative and open-minded

• Collaborative with stakeholders

• The ability to come up with unusual or clever ideas about a given topic or situation, or to develop creative ways to solve a problem.

• The ability to tell when something is wrong or is likely to go wrong.

• Understanding the implications of new information for both current and future problem-solving and decision-making.

• Determining how a system should work and how changes in conditions, operations, and the environment will affect outcomes.

• Identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.

• The ability to get in the trenches with the teams to break through barriers and establish processes.

• Strong planning/project management skills.

• Results driven and ability to communicate.

• Motivating, developing, and directing people as they work, identifying the best people for the job.

• Knowledge of applications and programming.

• Knowledge of principles and methods for curriculum and training design, teaching and instruction for individuals and groups, and the measurement of training effects 

• Knowledge of relevant equipment, policies, procedures, and strategies to promote effective local, state, or national security operations for the protection of people, data, property, and institutions. 
  
  
  

• Risks found in typical office setting which is adequately lighted, heated and ventilated, e.g., safe use of office equipment, avoiding trips and falls, observing fire regulations, etc
• Typically, the employee may sit comfortably to perform the work; however there may be some walking, standing, bending, carrying light items, driving an automobile, etc. Special physical demands are not required to perform the work.
• This position is currently a hybrid of both in-office and remote work days. Please note, a position's eligibility for remote work is established by agency management and is subject to change at their discretion at any time and for any reason.