Children's Hospital of Philadelphia · 5 hours ago
Information Security Specialist Principal
Philadelphia, PA
Full-time
Hybrid
Lead/Staff
$127K/yr - $168K/yr
12+ years expChildren’s Hospital of Philadelphia (CHOP) is seeking a proven leader in enterprise vulnerability program management to design and operate a comprehensive vulnerability lifecycle across clinical, corporate, and cloud environments. The role involves partnering with IT, cloud, and application teams to translate scan results into actionable remediation plans and ensuring compliance with NIST, HIPAA, and organizational risk frameworks.
Child CareHealth CareHospitalMedicalNon Profit
Responsibilities
Works independently to initiate assignments and draws upon extensive professional knowledge and experience to make independent judgments regarding analysis, evaluation, development, and implementation of enterprise long-term solutions and operating initiatives to ensure that enterprise architectural objectives are aligned with organizational needs and strategic goals
Optimizes information management approaches through an understanding of evolving business needs and technology capabilities and ensures that projects do not duplicate functionality or diverge from each other and business and DTS strategies
Shapes, designs, and plans specific service lines in product area and manages the risks associated with information and DTS assets through appropriate standards and security policies
Functions as the Subject Matter Expert (SME) to maintain an understanding of CHOP DTS business and clinical applications and the relationship to InfoSec and compliance solutions; assist Hospital stakeholders in understanding information protection needs that support the Hospital's business
Works with other architects to provide a consensus based enterprise solution that is scalable, adaptable and in synchronization with ever changing business needs and takes ownership of a particular solution offering
Works with highly matrixed team of DTS personnel to support enterprise architecture and information security operations including, but not limited to, architecture and InfoSec principles around identity & access management models, cloud identify management providers, security information and event monitoring, and data loss prevention, perimeter (e.g. firewalls, IPS, web filtering), cloud and virtualization environments and network security (host-based firewalls, anti-virus, disk encryption)
Support and/or lead activities around InfoSec standards for business continuity and change management activities (e.g., table tops and change review board) and educates DTS Hospital management on security issues (e.g., Identity and Access Management (IAM), Role Based Access Control (RBAC) models)
Qualification
Required
Bachelor's Degree - Required
At least twelve (12) years industry related experience, including experience in one to two IT disciplines (such as technical architecture, network management, application development, middleware, information analysis, database management or operations) in a multitier environment. Required
At least six (6) years experience with information security, regulatory compliance and risk management concepts. Required
At least three (3) years experience with Identity and Access Management, user provisioning, Role Based Access Control, or control self-assessment methodologies and security awareness training. Required
Experience with Cloud and/or Virtualization technologies. Required
Demonstrates specialized & comprehensive knowledge in Information security management practices, disciplines, regulations, industry standards, related frameworks, project management principles, and methodologies, security engineering concepts, security operations model; industry standards around architecture principles
Demonstrates exceptional skills in managing multiple projects and priorities in order to meet strategic goals and timelines
Exhibits the ability to plan, manage and implement highly complex enterprise architecture and security implementations, enhancements or modifications that require in-depth knowledge across multiple technical areas and business segments
Exhibits exceptional understanding of emerging regulatory and healthcare issues in order to develop internal and external checks and controls to ensure proper governance, security and quality of information assets
Demonstrates exceptional troubleshooting and collaborative skills required to identify, analyze and resolve complicated security issues
Demonstrates advanced proficiency in creating detailed documentation, perform budget planning and oversight, and providing input on CHOP infrastructure strategic planning, technology standards, and information security and risk practices
Exhibits ability to communicate effectively with clients, colleagues, vendors, management and the ability to translate complex technical solutions into non-technical requirements documents
Performs planning, development, implementation, and delivery of enterprise architecture and engineering principles for new, existing and future strategic and operational activities
Demonstrates the ability to provide technical expertise and consultation to the CIO, CTO, CISO, executive leadership and other business and clinical leaders
Preferred
Bachelor's Degree Computer Science, Information Systems, or related field - Preferred
At least three (3) years in working with matrixed high performance teams. Preferred
Certified Information Systems Security Professional (CISSP) - Information Systems Audit and Control Association (ISACA) - upon hire - Preferred
HealthCare Information Security and Privacy Practitioner (HCISPP) - Information Systems Audit and Control Association (ISACA) - upon hire - Preferred
Certified in Cybersecurity - Information Systems Audit and Control Association (ISACA) - upon hire - Preferred
Systems Security Certified Practitioner (SSCP) - Information Systems Audit and Control Association (ISACA) - upon hire - Preferred
Certified Information Security Manager (CISM) - Information Systems Audit and Control Association (ISACA) - upon hire - Preferred
Certified Information Systems Auditor (CISA) - Information Systems Audit and Control Association (ISACA) - upon hire - Preferred
Certified in the Governance of Enterprise IT (CGEIT) - Information Systems Audit and Control Association (ISACA) - upon hire - Preferred
Certified in Risk and Information Systems Control (CRISC) - Information Systems Audit and Control Association (ISACA) - upon hire - Preferred
CompTIA Security+ - CompTIA - upon hire - Preferred
GIAC Security Essentials (GSEC) - GIAC Certifications - upon hire - Preferred
Certified Ethical Hacker (CEH) - EC-Council - upon hire - Preferred
Certificate of Cloud Security Knowledge (CCSK) - Cloud Security Alliance (CSA) - upon hire - Preferred
Certificate of Cloud Auditing Knowledge (CCAK) - Cloud Security Alliance (CSA) - upon hire - Preferred
Company
Children's Hospital of Philadelphia
Since its start in 1855 as the nation's first hospital devoted exclusively to caring for children, The Children's Hospital of Philadelphia has been the birthplace for many dramatic firsts in pediatric medicine.
10001+ employees
H1B Sponsorship
Children's Hospital of Philadelphia has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (175)
2024 (170)
2023 (140)
2022 (115)
2021 (70)
2020 (53)
Funding
Current Stage
Late StageTotal Funding
$33.35MKey Investors
UnitedHealthcare Community PlanNational Cancer InstituteBill & Melinda Gates Foundation
2025-12-10Grant· $1.7M
2025-09-29Grant· $1M
2025-06-18Grant· $1M
Leadership Team
Ron Keren
Senior Vice President and Chief Medical Officer
Adam Resnick
Director of the Center for Data Driven Discovery in Biomedicine (D3b)
Recent News
Company data provided by crunchbase