Director of Global IT Security in Mechanicsville, VA at Owens & Minor, Inc.

Date Posted: 6/18/2018

Job Snapshot

Job Description



In conjunction with the CIO, this role is responsible for the governance and oversight of the access, availability, and integrity of global business data assets, client data, and intellectual property. Ensures the  business is appropriately protected globally against risks associated with cyber-attacks on external and internal resources. Works with the CIO to develop the global enterprise information security strategy and is responsible for security programs. Communicates periodically with executive leadership committee and educates the workforce and agent partners about global threats, vulnerabilities, and risks.


1.       Establishes and maintains sustainable governance structures for oversight, development and implementation of global IT security strategies, policies, standards and procedures.

2.       Identifies and defines projects required to maintain and improve O&M's global security posture.  Develops and presents required documentation including business cases, options analyses with cost/benefit, proposals, project charters, project milestones and estimates for timeframes, budget and resources.

3.       Working with leadership defines and implements the global IT security vision, strategies and goals for the governance, security, risk management and compliance framework and activities.

4.       Stays abreast of relevant security regulations, laws and technologies and adjusting policies as required.  Drives continuous improvement in this space.

5.       Interacts routinely with the technology infrastructure and application areas to drive implementation of security best practices (both internal & external)

6.       Works with the IT Leadership Team to develop, select and coordinate IT security projects, products and architecture to provide reliable and cost-effective, risk based solutions that meet defined business requirements across the global organization.

7.       Works with the IT Leadership Team to evaluate emerging technologies and business opportunities, and their associated security, assessing potential infrastructure and IT operational impact and operational risk.

8.       Provides oversight to the creation, revocation and maintenance of global system access privileges (IDs and passwords); leads initiatives to strengthen access controls globally across operating systems and business units'  application data

9.       Develops and implements a global security awareness program for all leaders and employees to gradually increase the understanding of O&M's security program, the underlying risks and employees' responsibility towards protecting O&M's information assets.

10.   Works with the business units globally to address security related exposures, investigations and incidents that potentially impact business operations (e.g. - Fraud, phishing, hacking , or virus incidents). Establishes an enterprise information security incident response team to address real-time incidents on a 24x7 basis. Monitors compliance with policies, standards, guidelines and procedures.  Identifies risks, completes periodic deficiency analyses and initiate appropriate follow-up actions.

11.   Manages and administers global enterprise-wide IT security functions.

12.   Develops and reviews, on an ongoing basis, existing IT security policies, standards, guidelines and procedures ensuring compliance with the global strategy and direction.

13.   Defines metrics, implements monitoring systems and processes, measures IT security performance, and reports regularly to the CIO and stakeholders.

14.   Serves as the primary liaison and coordinator within O&M in the definition, implementation and communication of IT security policies, standards, guidelines and procedures.

15.   Serves as primary contact and liaison for internal and external IT audit entities.  Leads audit responses and collaborate with Stakeholders to define response expectations, timeframes and requirements.

16.   Coordinates the development and maintenance of disaster recovery and business continuity plans for IT systems and ensures business risks are addressed.

17.   Manages and directs Information Security staff.  Leads, directs and manages the development of Information Security plans to support O&M's goals.  Establishes workload priorities, assign tasks and direct employees in completing their assigned duties.


1.      Performs additional duties as directed.



  • Bachelor's Degree in Computer Science, Information Technology or related field of study; Master's Degree preferred
  • Minimum of fifteen years in progressing IT roles; minimum of eight years direct supervisory experience; healthcare industry experience preferred
  • In depth knowledge of best security practices and risk management strategies

  • Global IT security experience/exposure is highly preferred Healthcare industry experience preferred

  • Experience with applicable regulatory and standards frameworks (e.g., SOX, GLBA, SSAE16, PCI, ISO2700x, etc.)


  • Articulates complex information security concepts to senior executives and non-technical employees clearly while accurately portraying real risks and threats to the company
  • Leads the information security team to achieve the information security strategy; proactively influences peers and senior leaders in other business units to build a strong security culture
  • Balances the risk between security controls in a strongly-regulated and complex IT environment against the needs for fast revenue growth in a highly competitive industry
  • Understands the threats against the company -- who they are, how they operate, what motivates them -- and how to allocate the right level of resources to counter them
  • Thinks creatively about simple, practical, elegant, cost-effective solutions for defending our customers against increasingly aggressive and sophisticated cyber attackers
  • Demonstrated ability to work under pressure and maintain composure during high-stress situations
  • Understands the concepts and considerations required to prepare for and lead a security incident response effort
  • Advanced understanding in one or more of the following areas: Platform Security, Data Security, Network Security, Perimeter Security, Physical Security, Security Assessment Tools, Security Monitoring Tools, and Managed Security Services
  • Advanced understanding in one or more of the following areas: Security Governance Standards, Business Continuity Planning, Enterprise Risk Management, Computer Security Incident Response, and Security Compliance Audits
  • Strong people and team/relationship building skills including facilitation, mediation and conflict resolution.  Demonstrated ability to develop and cultivate a dynamic, progressive team.
  • Demonstrated ability to work independently and as part of a team.
  • Demonstrated ability to communicate effectively, both verbally and in writing, in a clear and concise manner, to a variety of audiences.
  • Strong commitment to customer service.  Demonstrated ability to work with customers and key partners.  Inherent ability to project a positive image with both customers and colleagues.
  • Extensive knowledge of business continuity planning, auditing, and risk management.
  • Extensive knowledge of IT security & privacy standards, technologies, practices and theories.
  • Demonstrated ability to develop information strategy for large, decentralized organizations and to make standards-based architecture recommendations and facilitate implementation


  • Ability to travel up to 50%

Not Ready To Apply?

Joining our Talent Network will enhance your job search and application process. Whether you choose to apply or just leave your information, we look forward to staying connected with you.