Director of IS Security (Onsite position, NOT remote)

LMC Careers  
Full Time
Day Shift 
Monday - Friday, 8:00am - 5:00pm


Consistently named best hospital, Lexington Medical Center dedicates itself to providing quality health services that meet the needs of its communities. Ranked #2 in the state and #1 in the Columbia metro area by U.S. News & World Report, Lexington Medical Center is the only hospital named one of the Best Places to Work in South Carolina.


The 607-bed teaching hospital anchors a health care network that includes five community medical centers and employs more than 8,000 health care professionals. The network includes a cardiovascular program recognized by the American College of Cardiology as South Carolina’s first HeartCARE CenterTM and an accredited Cancer Center of Excellence affiliated with MUSC Hollings Cancer Center for research and education. The network also features an occupational health center, the largest skilled nursing facility in the Carolinas, an Alzheimer’s care center and nearly 80 physician practices.  Its postgraduate medical education programs include family medicine and transitional year.


Job Summary

Under the general direction of the Chief Information Officer (CIO), the Information Services Security Director establishes, plans and administers the overall policies and goals of the Information Services Department (ISD); assess the current information systems organization and technology and work collaboratively with the executive management team to ensure an organizational structure, systems infrastructure, governance, and business direction to guide future information technology investments; maximize the effectiveness of installed systems and foster an environment of continual process improvement. Exercise agility to react quickly to changes in external regulations and technology advances.

Minimum Qualifications

Minimum Education: Bachelor’s Degree in Information Services or related field
Minimum Years of Experience: 5 Years of direct experience in IT management in a medium to large healthcare organization
Substitutable Education & Experience (Optional): None.
Required Certifications/Licensure: Must be willing to obtain certification in Epic training and HIMSS if needed
Required Training: Must exhibit efficiency, collaboration, candor, and results orientation. Ability to exercise good judgment and political astuteness;

Demonstrated ability to structure, drive, and manage projects with complex multi-disciplinary issues to closure with minimal direction;

Excellent written/oral communication skills required. Must be able to work effectively with diverse groups of people and communicate effectively with all levels of hospital staff, physicians, vendors and consultants (Excellent communication, interpersonal and organizational skills);

Excellent analytical and problem solving skills;

Proficient with the technologies and best practices for the design and deployment of information security procedures;

A thorough knowledge of all processes and systems related to data security;

Knowledge of the interoperable Health Information Technology (HIT) as it relates to the implementation of HIE solutions including electronic data exchange protocols.

Essential Functions

  • Works with the CIO and other IS Directors to develop work plans defining tasks, target dates, level of efforts, resources required, skills required, etc.
  • Works with the CIO and other IS Directors to appropriately assign and monitor the performance of IS team members on approved projects.
  • Works with the CIO and other IS Directors to actively participate in decision-making with CIO and other IS Directors to change or modify policies, systems, resource allocations etc., in order to remove barriers and meet customer needs.
  • Works with the CIO and other IS Directors to work with CIO and other IS Directors on recruitment initiatives, as well as developing an offering of reward options (tangible, intangible, monetary and non-monetary) for retaining top performers.
  • Works with CIO to develop and ensure compliance with corporate standards and IT methodology, uses for system/application selection, implementation, upgrades, service pack releases, support, and maintenance.
  • Coordinate and lead interviews for candidates interested in open positions and participate in interviewing candidates for other open IS positions.
  • Assists the CIO in determining the financial, personnel, and equipment resources needed for IS team training.
  • Assists CIO in the selection of new applications, acquisition, and implementation planning
  • Maintains a high level of awareness and recognition of situations that are possible risk issues and works diligently to mitigate or eliminate risks whenever possible.
  • Manages and leads multiple interrelated projects concurrently as well as manage daily operations.
  • Oversees the educational program for all major software applications or new technology.
  • Facilitates relationship with vendors to understand their service offerings and the value they could bring to LMC.
  • Chairs or Co-chairs the LMC Security Committees.
  • Provides periodic reports for the Audit and Compliance Committee of the Board of Directors as to the status of information security.
  • Serves as the HIPAA Security Officer as required in the HIPAA Security Regulations.
  • Works closely with the LMC Privacy Officer and HIPAA Program Management Office to ensure that the information security environment supports the local, regional and national privacy policies.
  • Communicates with key organization personnel to ensure that reporting standards, compliance, regulations and integration reporting needs are met. Regularly communicates in a timely manner the progress, issues, and results of assigned projects to CIO, other IS Directors, and customers / IS stakeholders.
  • Plans, develops, and oversees the implementation of security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level.
  • Establish and maintain a system that fosters appropriate, demonstrable, and coordinated security policies, procedures and practices that are compliant with related law, regulation, policy and professional standards.  Serve as an internal information security consultant to LMC.
  • Keeps abreast of new developments and trends in the healthcare information technology in order to make recommendations to the CIO and other IS Directors.
  • Understands all basic functions performed with LMC’s major IS inventory and actively researches ways to improve related services to customers.

Duties & Responsibilities

  • Establishes, implements, and monitors compliance in all aspects of the information systems security to include policies and procedures to regularly reviews records of information system activity, such as audit logs, assess reports and security incident tracking reports; to ensure the appropriate handling of electronic protected health information by clearinghouse operations associated with LMC operations; that record and examine activity in information systems that contain or use electronically protected health information; to ensure LMC’s Business Associates comply with electronic protected health information in their possession.
  • Establishes, maintains and monitors appropriate utilization by all persons who have access to systems within the organization to include policies and procedures that foster appropriate training and awareness related to information security, primarily by using the typical units and means used for training the workforce in LMC; to ensure all members of the workforce and information systems have appropriate access to electronic protected health information and any other confidential business information; to ensures that  a unique name and/or number is required for any individual or system that gains access to electronic information systems that maintain protected health information; for providing access to electronic protected health information in the event of an emergency; for ensuring the person or entity seeking access to electronic protected health information is the one claimed; that provides for sanctions and or disciplinary action against workforce members who fail to comply with security policies and procedures.
  • Establishes, maintains, and monitors policy and processes regarding the maintenance and retrieval of data to include procedures to create and maintain retrievable exact copies of electronic protected health information; to restore any loss of electronic data; to address the final disposition of electronic protected health information and/or the hardware or electronic media on which it is stored; to address the removal of electronic protected health information from electronic media before the media are made available for re-use.
  • Identify and respond to any suspected or known security incidents and mitigate, to the extent practicable, harmful effects of security violations that are known.
  • Establish and maintain a system that fosters appropriate and effective disaster recovery and contingency plans for information systems within LMC. Implement and monitor compliance with policies and procedures, as needed, to enable continuation of critical operations and provide for the protection of electronic private health information while operating in an emergency mode.
  • Directs and leads the enterprise change management process to include incident management, request demand, and production control.
  • Along with the Controller, directs and coordinates external financial auditing process.
  • Performs a thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic protected health information.
  • Responsible for all processes, activities, and systems that serve to ensure appropriate access to protect the confidentiality and integrity of patient, provider, employee, student and other business information in compliance with law, regulations, policies and standards of LMC and other regulatory agencies.
  • Responsible for managing and supervising the execution and use of security measures to protect data and for managing and supervising the conduct of personnel in relation to the protection of electronically stored or transmitted data.
  • Performs all other duties as assigned.


We are committed to offering quality, cost-effective benefits choices for our employees and their families:

  • Day ONE medical, dental and life insurance benefits 
  • Health care and dependent care flexible spending accounts (FSAs)
  • Employees are eligible for enrollment into the 403(b) match plan day one.  LHI matches dollar for dollar up to 6%.
  • Employer paid life insurance – equal to 1x salary
  • Employee may elect supplemental life insurance with low cost premiums up to 3x salary 
  • Adoption assistance
  • LHI provides its full-time employees employer paid short-term disability and long-term disability coverage after 90 days of eligible employment
  • Tuition reimbursement
  • Student loan forgiveness

Equal Opportunity Employer
It is the policy of LMC to provide equal opportunity of employment for all individuals, and to remain compliant with applicable state and federal laws and regulations. LMC strives to provide a discrimination-free environment, and to recruit, select, on-board, and employ all employees without regard to race, color, religion, sex, age, disability, national origin, veteran status, or pregnancy, childbirth, or related medical conditions, including but not limited to, lactation. LMC endeavors to upgrade and promote employees from within the hospital where possible and consistent with the employee’s desires and abilities and the hospital’s needs.

Nearest Major Market: Columbia
Nearest Secondary Market: South Carolina