Executive Director

Upon start, candidate must reside in CA, CO, CT, GA, HI, IL, MD, OR, VA, WA, or District of Columbia.

Job Summary:

This position, reporting to the Vice President and Chief Information Security Officer of Kaiser Permanente, is responsible for leading and managing the Cyber Risk Defense Center organization. This organization provides 24x7x365 detection and response for cyber security threats, protecting KP's global operations. Directs a team of 60 information security professionals who are responsible for operational delivery of cyber threat monitoring. In addition, this position is responsible for developing and managing strong strategic relationships with senior leadership levels in the National Privacy, Ethics, and Compliance Organization, Legal, Enterprise Business Services, Information Technology, and the Permanente Medical Groups. This position has a very wide expanse of key relationships across Kaiser Permanente. This executive must demonstrate solid leadership, relationship management, and collaboration competencies.

Essential Responsibilities:

1. Sponsors the development of the Cyber Risk Defense Center strategic roadmap ensuring that it is aligned to mitigate current and future security risks for Kaiser Permanente's global operations. Aligns the roadmap with Kaiser Permanente's acquisition strategies.
2. Leads incident response processes associated with the Computer Security Incident Response Plan and Breach Playbook. Conducts test exercises across organizational lines, and continually improves response capabilities.
3. Leads development and dissemination of security intelligence, both internal and external. Oversees countermeasures development and deployment.
4. Leads investigative processes to include e-Discovery collections. Supports Privacy, Ethics, and National Compliance with internal investigations.
5. Leads analytical teams that monitor for cyber threats and processes for escalation.
6. Leads data science and engineering to develop and tune use cases that trigger responses in the Cyber Risk Defense Center.
7. Develops, designs, and implements metrics/dashboard reporting for key business management initiatives, and/or other ad hoc needs to support Cyber Risk Defense Center business objectives and strategic imperatives. Strategically advises and/or distributes/shares reports with stakeholder groups to optimize visibility of Cyber Risk Defense Center leadership and the Cyber Risk Defense Center's role to contribute to businesses of KP.
8. Ensures Cyber Risk Defense Center is strategically and effectively engaged with stakeholder communities and is meeting stakeholder expectations. Plans, designs, and conducts stakeholder satisfaction inquiries, and integrates learnings into future planning and stakeholder engagement to ensure maximum effectiveness of Cyber Risk Defense Center.
9. Develops communication approaches and strategies, determines presentation focus and emphasis, and prepares executive-level presentations in support of the Chief Information Security Officer. Primary audiences include the IT Executive Committee, KP business leaders, Executive Sponsor Group, business operations governance bodies, and other key audiences, as needed.
10. Plans and leads designated people processes and organization performance reporting, and goal setting on behalf of the Cyber Risk Defense Center, including performance management, process coordination, and talent reviews.
11. Develops a high performing leadership team by providing strategic leadership and vision, and professional development of technical and business management staff.
12. Develops long term resource and employee development strategies to ensure workforce is equipped and available to support the execution needs of the Cyber Risk Defense Center.
13. Leads major security incidents and cross-KP exercises.
14. Runs steering committee subgroups for Privacy & Security and presents findings and recommendations to the Privacy & Security committee.
15. Serves on the steering groups to drive cyber process and technical integration.
16. Works directly with the Chief Information Security Officer to develop strategy, prioritize investments, and develop roadmaps for both Core and investment programs.
17. Provides executive level decision making on cyber risk along with advisory service to TRO customers.
18. Develops cross-cyber and KP-IT processes that make security more effective.
19. Develops key performance indicators, service level objectives and other operational metrics to continually measure and improve cyber security.