Chief Information Security Officer



Similar documents
Technical Applications Consultant version 20 Dec 2011.doc

Analyst - EDI. healthalliance Purpose, Vision and Principles. Purpose Statement

National Development Lead Catalogue and Master Data

Service Desk Analyst

Systems Engineer Compute and Storage Position Description

Data Warehouse Developer

DAIRYNZ POSITION DESCRIPTION

Terex Leadership Competency Model

CareNZ Job Description GENERAL MANAGER HUMAN RESOURCES

Waikato Regional Council Role Description

360 Degree Leadership Competencies and Questions

POSITION INFORMATION DOCUMENT

Manager Service Transition

Manager, Procurement and Contracts

Team Leader Business Information Data Warehouse Business Information Data Warehouse

Catherine Booth College: School for Learning & Development. The Salvation Army Capability Framework: Generic Matrix

POSITION DESCRIPTION. Role Purpose. Key Challenges. Key Result Areas

GENERIC CORE MANAGEMENT CRITERIA (CMC) AND STANDARDS (SELECT WHICH ONES ARE APPLICABLE)

Chief Information Officer

JOB PROFILE. For more detailed information about Internal Affairs, go to our website:

Confident in our Future, Risk Management Policy Statement and Strategy

FINANCIAL ACCOUNTING MANAGER

Procurement & Supply Chain Analyst Position Description

Specific Responsibilities Associated Performance Measures 1. Excellence in Commercial Management 2. Excellence in Contract Performance

How To Be A Successful Leader

POSITION INFORMATION DOCUMENT

POSITION INFORMATION DOCUMENT

Sub-section Content. 1 Formalities - Post title: Risk Consultant - Reports to: Head of Group Risk - Division: xxx - Location: xxx

Strategic Programme Manager- fixed term months

POSITION DESCRIPTION. Personal Assistant Service Manager/ Clinical Head Integrated Care Adult Mental Health Services

Inquilab Housing Association. Job Profile

JOB AND PERSON SPECIFICATION

Waikato Regional Council Role Description

A responsible, sign. team up. front. Committing to where we re going and putting our hearts into what we do. We get engaged every day.

The Standards for Leadership and Management: supporting leadership and management development December 2012

Name: Tom Triplett Position Title: Instructional Dean Position Responsibility: BITE and Information Technology Career Majors

Head of Engineering Job Description

Statement of Procurement Conduct

POSITION DESCRIPTION, PERFORMANCE MEASURES AND TARGETS

Senior Manager Commercial Lending - Position Description

Quality Assurance Manager Middlemore Central

Position Description. Assistant Director Cyber Security UNCLASSIFIED. Deputy Director, Information Assurance and Cyber Security Directorate

Human Relations Sherry Peters - Director, Human Relations Specialist Professional Phase 2 (SP2), ASPA Bargaining Unit

National Standards for Safer Better Healthcare

Job description - Business Improvement Manager

POSITION DESCRIPTION. Web Content Manager

Role Description. Our Mission: Together, Improve the Health and Independence of the People of the District

JOB AND PERSON SPECIFICATION

POSITION INFORMATION DOCUMENT

Job Description. Radiography Services Manager

Talent Management JOB CLASS: Manager PAY GRADE: 19 EXEMPT STATUS: Exempt DATE: 4/16/2015

Procurement Competency Framework

The Johns Hopkins University Human Resources Competency Dictionary

The integrated leadership system. ILS support tools. Leadership pathway: Individual profile APS6

Case Manager. Team Manager. Nationwide

JOB AND PERSON SPECIFICATION

WHO GLOBAL COMPETENCY MODEL

Management and Leadership. Level 5 NVQ Diploma in Management and Leadership (QCF)

Suite Overview...2. Glossary...8. Functional Map.11. List of Standards..15. Youth Work Standards 16. Signposting to other Standards...

JOB DESCRIPTION. Associate Director of Health Informatics

JOB DESCRIPTION DEPARTMENT/ LOCATION:

JOB DESCRIPTION. To provide a high level of customer care to all business users who raise faults or service requests via the Service Desk.

Clinical Specialty Midwife/Nurse (CSM/N) Quality & Risk Women s Health

Alexander Turnbull Library, National Library. Collections Registrar or Co-ordinator Copying Services

Marketing & Strategic Relations Manager

Lominger Standard 67 Competencies and Related Descriptions

APPLICATIONS AND PORTFOLIO MANAGER

JOB TITLE: Community Manager, Mental Health & Addiction Services

Position Description. Enterprise Agreement: Budget Responsibility: Nil

the role of the head of internal audit in public service organisations 2010

What to look for when recruiting a good project manager

Job Description. Job Title Branch Business Group Reporting to Location. Purpose. Key Tasks

The New Zealand Human Services Quality Framework - ISO9002:2008 to 2012

Centre for Learning and Development

JOB DESCRIPTION. Chief Nurse

APPENDIX 1 POSITION DESCRIPTION. Name Signature Date. Name Signature Date. Principal/ Senior Asset Management Engineer (Career Progression

Operations Manager Orthopaedic Surgery Surgical and Ambulatory Services Position Description

Location. Branch/Work Unit Ad closing date Contact / Telephone

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

The IT Strategic Plan

CLINICAL NURSE MANAGER Emergency Department

Leadership & People Management WSQ

INFORMATION TECHNOLOGY & MEDIA SERVICES

National Manager Online Services for Schools

CHIEF NURSE / DIRECTOR OF CLINICAL GOVERNANCE

CLASSIFICATION SPECIFICATION FORM

COMPETENCY FRAMEWORK

Works closely with all members of the Training and Consultancy team, and the wider Operations, Fundraising and Marketing directorate.

Project Managers Operations

Position Description. Te Aho o Te Kura Pounamu. Purpose Statement

Leicestershire Partnership Trust. Leadership Development Framework

Clinical Nurse Manager Surgical Outpatients and District Nursing

Information & Communication Technology Strategy

Transcription:

Principles Vision Purpose Statement Chief Information Security Officer healthalliance Purpose, Vision and Principles healthalliance provides shared services to benefit NZ health organisations. We will deliver increasing value to our customers through: Lower cost Standardized system and processes Reducing variation or rework Quality and innovation To deliver outstanding shared services that enable healthcare excellence for the Northern Region s population. Partnership Developing lasting partnerships through collaboration, working to a common goal, facilitating joint solutions within our means, recognising and celebrating success, open communication to share knowledge and information. Respect for people We respect others by; developing trust by being open and honest, listening to and understanding others views, valuing everyone s contribution, celebrating diversity and have fun and enjoy what we do as a team. Integrity We show integrity by; leading by example, open, fair, honest and transparent in everything we do, courage to speak up and challenge when things don t seem right, act ethically and professionally at all times, can do, will deliver our promises, obligations and commitments. Delivering Results We deliver results by; delivering exceptional results through high performance teams, enhance the customer experience, continually improve and add value, being action orientated, responsible and accountable, providing consistent and reliable services. Energised by Innovation We are energised by innovation when we; encourage forward thinking ideas and challenge status quo, measure our performance and see it as an opportunity to learn and grow, creating positive change by developing smarter ways to work, empowering people to maximise potential. Our principles define the expected behaviour of all staff and guide us on the behaviours that are important to us as an organisation. They underpin the way we do things at healthalliance, defining how we strive to move towards our vision. 080713; Template Manager of Managers 1

This position description provides an indicative outline of the purpose and key responsibilities and tasks of the role. Title and Reporting Relationships Position title: Reporting to: Location: Chief Information Security Officer Chief Information Officer Auckland Purpose of the Role The CISO is responsible for establishing and maintaining a healthalliance wide information security management programme to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the healthalliance. This requires a visionary leader with sound knowledge of business management and a deep knowledge of information security technologies. The CISO will proactively work with business units to implement practices that meet defined policies and standards for information security. The role will also oversee a variety of IT-related risk management activities. The CISO serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the healthalliance s information security policies. A key element of the CISO's role is working with executive management to determine acceptable levels of risk for the healthalliance. The CISO must be highly knowledgeable about the business environment and ensure that information systems are maintained in a fully functional, secure mode. Once established the CISO will also be available to support customer information security activities and will represent healthalliance on any appropriate regional advisory/ working groups including the regional security forum. Personnel Dimensions (Employees reporting to this position directly and indirectly) Number of Staff: Direct: 1 Through subordinates: 0 Total: 1 Key Relationships People and organisations both inside and outside of the company that this position would be required to manage relationships with. Internal Stakeholders ha IS Management Team Other ha IS Project, Service Delivery, Applications and Infrastructure Teams Other ha IS Teams that require IS support and assistance External Stakeholders Service Users and Customer User Groups DHB stakeholder representatives including Clinical Directors/Advisors of IS, Health Information Managers, IM Consultants, etc. DHB embedded Functional Support, IS and Information Management Staff Other Health Providers and Agencies such as Primary Care Providers, HBL and MoH Suppliers & Contracted Personnel 080713; Template Manager of Managers 2

Position in Organisation Key Responsibilities and Tasks Develop, implement and monitor a strategic, comprehensive enterprise information security programme to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organisation. Manage directly and indirectly the enterprise's information security organisation consisting of direct reports and indirect reports (such as individuals in business continuity and IT operations). This includes hiring, training, staff development, performance management and annual performance reviews. Facilitate information security governance through a governance programme, including creation (where necessary) and participation in various committees and/or advisory board. Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices. Develop and manage information security budgets, and monitor them for variances. Created a Culture of Security through the creation, delivery and management of information security and risk management awareness training programmes and communications programmes for all employees, contractors and approved system users. Expected Outcomes Enterprise information security programme developed Implement a security governance programme Up-to-date information security policies, standards and guidelines developed, maintained and published Security Culture created Budgets managed and maintained within set boundaries Information security management framework implemented Alignment between the security and enterprise architectures Security programmes are in compliance with relevant laws, regulations and policies. Security incidents and events are managed to protect corporate IT assets. 080713; Template Manager of Managers 3

Ensure policies, process and practices are developed and implemented to enhance the security of customer, patient management information Ensure information security risks are effectively managed and monitored. Work in coordination with Legal, Compliance, Privacy groups and Audit on various inter-related initiatives including information ownership, classification, accountability and protection. Serve as a resource and provides expert counsel on security matters. Develop and enhance an information security management framework Liaise with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures. Create and manage a unified and flexible control framework to integrate and normalise the wide variety and ever-changing requirements resulting from global laws, standards and regulations. Ensure that security programmes are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings. Liaise among the information security team and corporate compliance, audit, legal and HR management teams as required. Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation. Monitor the external threat environment for emerging threats, and advise relevant stakeholders Relationship Management Facilitate cyber security and business alignment and communication through a cyber-security steering committee or advisory board ha and DHB staff support, contribute to, and realise demonstrable value in being a part of an security steering group. Coordinate the use of external cyber security resources will ensure that a consistent approach is being applied across the agency Customer and stakeholder expectations are managed in line with the organisation s capability to deliver. 080713; Template Manager of Managers 4

Develop and maintain effective relationships with customers, colleagues, suppliers and other stakeholders to foster and encourage collaboration. Positive feedback from customers, stakeholders and colleagues recognising effectiveness and contribution. Build effective client relationships through understanding their business models and by identifying their business drivers and key performance indicators (KPI) This role and customers you engage with understand each other s objectives and pro-actively seek each other s advice through regular and effective engagement. Create and manage a seamless, flawless and valuable end user experience Regular contact is maintained with all clients including visits to client sites as necessary Drive collaboration through governance by bringing the right stakeholders into the decision-making process Divisional Support Engage with the other members of ha Senior management to integrate end-to-end services delivery. Activity support members of ha IS leadership team to achieve the collective set of objectives. Contribute to general planning, management and reporting activities. Attend and report at leadership team meetings as required Provide input to strategic planning activities ha IS team is coherent and achieves its goals as a team. This is also apparent in the way our teams collaborate to achieve end-to-end service excellence. ha IS contribution to ha planning and reporting activities is outstanding. Divisional operational information is shared. Financial Management Manage financial performance in line with relevant budgets and targets and in accordance with organisational policies and processes Support the CIO and IT Leadership Team with business analysis and advice Provide input to the annual divisional budget planning process Identify areas and opportunities to drive efficiency, cost savings and support continued growth Operational expenditure and capital expenditure are managed to budget Annual plans are in place and are managed within agreed parameters and organisational policies Benefits and savings targets met or exceeded Active measurement, monitoring and improvement of financial performance Budgets are prepared within the agreed time frame and are regularly reviewed and recast as agreed Analysis reports are timely and provide information and options to address issues and challenges 080713; Template Manager of Managers 5

Professional Development Accept responsibility for own professional development Annually agree professional development plan with your Manager Liaise with all customers (internal and external) as required in a helpful and polite manner Development and training plans are in place Knowledge sharing among team members Spirit of co-operation with other work areas/departments is maintained Risk Management Manage all business risks and mitigation plans assigned to you and maintain accurate and up to date risk registers Pro-actively seek opportunities to align strategy, risks and controls to optimise business performance Adhere to the company s risk appetite and business risk management policies Assist the Executive Team to identify, evaluate, mitigate, monitor, manage and report all significant risks and internal control weaknesses in a timely, accurate and consistent manner Create and embed a culture of strong ethical behaviour, quality and continuous improvement Health, Safety and Wellbeing Early warning systems in place (no surprises ) which protect company from unforeseen events and which notifies risks promptly to the ELT Key risks are identified and the control environment is optimised to: improve effectiveness, reduce costs and enhance business performance Opportunity risks are identified and exploited and risk discussions are embedded in operational planning, resource allocation etc. Activities related to regulatory, compliance and audit related matters are efficient and effective Support healthalliance health, safety and wellbeing culture and recognize individual responsibility for Workplace Health and Safety under the Health and Safety Employment in Act 1992 Support healthalliance health, safety and wellbeing culture by: Ensuring a safe working environment and safe working practices Planning, organising and managing Health and Safety activities directed at preventing harm in the workplace Reading and understanding healthalliance Health and Safety policies and relevant procedures and applying to own work activities Identifying, reporting & managing hazards where appropriate Assisting in identifying Health and Safety Representatives for your area. 080713; Template Manager of Managers 6

General Model a culture of innovation by leading changes to processes, practices and systems that align with company values. As an employee you are required to familiarise yourself with and comply with all our policies, including but not limited to our Code of Conduct. Consistently displays the principles of the organisation and holds staff accountable for their behaviour Adheres to and observes all organisational policies, methodologies and practices Other duties as required in addition to or as a result of changing circumstances, that contributes to achieving the purpose of the role. Qualification, Experience and Training Requirements What is the typical background required to competently perform the responsibilities of the job? Essential is the minimum acceptable level for entry. Preferred indicates the desirable level, but may also expand on the nature, eg: industry related, level of previous supervisory experience Essential Preferred Bachelor s or Master s Degree in Computer Science, Information Systems, or other related field. Or equivalent work experience. 10 to 15 years of IT and business/industry work experience 4 years of leadership experience in managing multiple, large, cross-functional teams or projects Proven experience of leading a review of an existing IT function and then defining and delivering a programme of improvements to its internal processes, structures and capability. Competent knowledge of Prince2 methodology in order to complement project managers within the design stages of the project lifecycle Deep understanding of health information system standards. Experience in current IT service delivery with strong knowledge of ITIL v3 framework and experience in its practical application in mid to large sized companies. Awareness and understanding of industry standard security issues and processes. Awareness and Understanding of Business Continuity principles Awareness and understanding of Data Protection law and regulations. Demonstrable and practical experience at a senior level, in public or private sector, of working with senior colleagues to deliver transformational change to business processes and systems, to deliver cost savings and service improvements for customers 080713; Template Manager of Managers 7

Competencies for the role Decision Quality Planning Strategic Agility Process Management Total Quality Management Conflict Management Drive for Results Interpersonal Savvy Customer Focus Makes good decisions (without considering how much time it takes) based upon a mixture of analysis, wisdom, experience, and judgement; most of his/her solutions and suggestions turn out to be correct and accurate when judged over time; sought out by others for advice and solutions. Accurately scopes out length and difficulty of tasks and projects; sets objectives and goals; breaks down work into the process steps; develops schedules and task/people assignments; anticipates and adjusts for problems and roadblocks; measures performance against goals; evaluate results. Sees ahead clearly; can anticipate future consequences and trends accurately; has broad knowledge and perspective; is future oriented; can articulately paint credible pictures and vision of possibilities and likelihoods; can create competitive and breakthrough strategies and plans. Good at figuring out the processes necessary to get things done; knows how to organise people and activities; understands how to separate and combine tasks into efficient work flow; knows what to measure and how to measure it; can see opportunities for synergy and integration where others can t; can simplify complex processes; gets more out of fewer resources. Is dedicated to providing organization or enterprise wide common systems for designing and measuring work processes; seeks to reduce variances in organization processes; deliver the highest quality products and services which meet the needs and requirements of internal and external customers; is committed to continuous improvement through empowerment and management of data; leverages technology to positively impact quality; is willing to re-engineer processes from scratch; is open to suggestions and experimentation; creates a learning environment leading to the most efficient and effective work processes. Steps up to conflicts, seeing them as opportunities; reads situation quickly; good at focussed listening; can hammer out tough agreements and settle disputes equitably; can find common grounds and get cooperation with minimum noise. Can be counted on to exceed goals successfully; is constantly and consistently one of the top performers; very bottom-line oriented; steadfastly pushes self and others for results. Relates well to all kinds of people-up, down, and sideways, inside and outside the organization; builds appropriate rapport; build constructive and effective relationships; uses diplomacy and tact; can diffuse even high-tension situations comfortably. Is dedicated to meeting the expectations and requirements of internal and external customers; get first-hand customer information and uses it for improvements in products and services; acts with customers in mind; establishes and maintains effective relationships with customers and gain their trust and respect. 080713; Template Manager of Managers 8

Integrity and Trust Is widely trusted; is seen as a direct, truthful individual; can present the unvarnished truth in an appropriate and helpful manner; keeps confidences; admits mistakes; doesn t misrepresent him/herself for personal gains. Note: The position description needs to be reviewed by both parties annually. Signed as current and agreed: Manager Employee 080713; Template Manager of Managers 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information