Director of Information Services Risk/Controls - Security

Position: Director of Information Services Risk/Controls - Security

Job ID: 144953

Location: US-TX-Houston

Department: IS - Administration

Talent Area: Information Services

Full/Part Time: Full-Time

Regular/Temporary: Regular

Shift: 8a - 5p

About Texas Children's Hospital

Since 1954, Texas Children’s has been leading the charge in patient care, education and research to accelerate health care for children and women around the world. When you love what you do, it truly shows in the smiles of our patient families, employees and our numerous accolades such as being consistently ranked as the best children’s hospital in Texas, and among the top in the nation by U.S.News & World Report as well as recognition from Houston Business Journal as one of this city’s Best Places to Work for ten consecutive years.   Texas Children’s comprehensive health care network includes our primary hospital in the Texas Medical Center with expertise in over 40 pediatric subspecialties; the Jan and Dan Duncan Neurological Research Institute (NRI); the Feigin Center for pediatric research; Texas Children’s Pavilion for Women, a comprehensive obstetrics/gynecology facility focusing on high-risk births; Texas Children’s Hospital West Campus, a community hospital in suburban West Houston; and Texas Children’s Hospital The Woodlands, a second community hospital opening in 2017. We have also created the nation’s first HMO for children, established the largest pediatric primary care network in the country and a global health program that is channeling care to children and women all over the world. Texas Children’s Hospital is also academically affiliated with Baylor College of Medicine, one of the largest, most diverse and successful pediatric programs in the nation.   To join our community of 13,000 dedicated team members, visit for career opportunities. You can also learn more about our amazing culture at


We are searching for a Director of Information Security in Risks / Controls – someone who works well in a fast-paced hospital setting. In this position, you’ll establish and maintain a corporate-wide information security management program to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the organization.


This role requires that you influence change in an organization, and do it at many levels with your leadership and experience. We are looking for someone who has “been there before”, and can demonstrate a technical knowledge as well as a managerial flare. Can you make collaborative change where it counts? This role will work in the medical center at our Feigin Building.


Think you’ve got what it takes?

Responsibilities :

  • Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization
  • Develop, maintain and publish up-to-date information security policies, standards and guidelines
  • Oversee the approval, training, and dissemination of security policies and practices
  • Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation
  • Provide direction, support and in-house consulting for development and implementation plans and procedures for business continuity and disaster recovery
  • Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings
  • Develop and enhance an information security management framework including log management, review of controls, review of output from security monitoring applications and devices
  • Facilitate a metrics and reporting framework to measure the capability of the security framework
  • Create, communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers
  • Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls
  • Monitor the external threat environment for emerging threats, and react accordingly


  • Bachelor’s Degree required in Computer Sciences/MIS
  • Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is preferred
  • Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard
  • Ten to fifteen years of experience in a combination of risk management, information security and IT jobs
  • At least eight years must be in an information security role
  • At least five years in an IT leadership role – preferably in information security
  • Information Technology Infrastructure Library (ITIL) certification is preferred
  • Knowledge of Budgeting and Variance Analysis, Regulatory Standards/Regulations, Hospital operations and Data analysis
  • Have excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences
  • Has proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment
  • Has a managerial skill needed for providing limited supervision for one or more functions within a department
  • A high degree of analytic ability and inductive thinking is required to devise new, non-standard approaches to highly intricate, technically complex problems
  • Requires regular contacts with internal persons of importance and influence involving considerable tact, discretion and persuasion in obtaining desired actions and/or the handling of difficult personal relationships

Apply Now

Current Texas Children’s employees – Please click here to login.

Create Profile or Log In Search Careers