Apria Healthcare

  • Director, Information Technology (IT) Security

    Requisition ID
    # of Openings
    Information Technology
    Location : Location
    US-CA-Lake Forest
    Full/Part Time
  • Job Summary

    With over 300 locations across the US, Apria Healthcare’s mission is to improve the quality of life for our 1.8 million patients at home by providing home respiratory services and select medical equipment to help them sleep better, breathe better, heal faster, and thrive longer. Additional information can be found at www.apria.com.


    Under the general guidance of the Chief Information Security Officer (CISO), the Director of Information Security provides management of IT Security Department’s programs and will lead its members that strongly supports Information Security.  The role is responsible for continued development and maintenance of a comprehensive information security program for the entire corporation in which the program entails the overall management of various security risks.  In addition, the role will liaison with all business and IT groups in delivering a wide range of strategic IT and business solutions as well as other business groups such as HR, Legal, Corporate Compliance, etc. and with senior organization leadership in support of the Apria’s compliance to various statutory and regulatory requirements.



    • Works closely with CISO in managing the IT Security department including staff, budget, and project portfolio. Manages the development and implementation of Information Security Programs to ensure the ongoing practice of security as a process within Apria.  
    • Works closely with all IT groups as a subject matter expert in information security technology and practices. Present to senior IT leadership on security topics and activity and develop partnership across multiple IT disciplines and work with other directors and senior managers on strategic technology issues.  
    • Works closely with Apria’s CIO and CISO in formulating Apria’s IT security strategies and determines technology and process requirements to implement such strategies. Assesses Apria’s IT environment against industry best practices and benchmarks to determine the weaknesses and vulnerabilities of the information security infrastructure, implementing security measures to decrease exposure to attack and/or penetration.  
    • Understands the criticality of business processes with reference to Apria’s policies and processes. Conducts security risk assessments to proactively identify and minimize the probability of risk occurrences. 
    • Maintains up-to-date knowledge and awareness of industry trends related to Information Security and assess its impact on Apria’s business operations. Understands public policy and regulatory trends related to privacy and security. 
    •  Performs other duties as required.



    • This position manages all aspects of the department and is responsible for the performance management, hiring, and discipline of staff within the department.

    Minimum Required Qualifications



    Education and/or Experience

    • A minimum of eight (8) years of progressively increasing responsibility and achievement in the Information Technology area with at least five (5) years in information security matters (policy, architecture, technology, etc.), including demonstrated experience with developing and administering an information security program.
    • A minimum of three (3) years consecutive personnel management experience required with demonstrated ability to lead, motivate, and support a professional team.
    • A Bachelor’s Degree in a related technical or business discipline is required; an advanced degree is preferred. Specific experience in the health care industry with specific regulatory compliance experience is desirable.
    • Knowledge and working experience with disaster recovery, business continuity, vulnerability assessment, penetration testing, incident response, industry security standards and practices, web application security, security audit/review processes and applying corporate and federally mandated policies.
    • Demonstrated ability to be a respected information security advisor to senior IT management as well as to IT operations, operating groups, technical staff, and project management, and the skills to interface across several channels to proactively assist in defining solutions, direction, specifications and architectural principles.
    • In-depth, up-to-date and broad knowledge of the IT Security field is required, including all major communications and computing technologies and trends, including significant domestic and international exposure.
    • Experience managing large-scale projects in a team-oriented cross-organizational environment. This level of experience to have been gained by several years of increasing levels of project responsibilities and accomplishments in several areas of information systems organizations.
    • Knowledge and experience with information security standards such as NIST, ISO, COBIT, and associated security controls.
    • Knowledge and experience with ITIL and IT Service Management is preferred.
    • Knowledge and experience in IT risk and compliance management programs related to IT Audit, 3rd Party Risk Management, and Security and Privacy Regulations.


    Certificates, Licenses, Registrations or Professional Designations

    • An industry recognized security certification (e.g., CISSP, CISM, GIAC, CISA) is required.



    • Strong leadership and excellent project management background.
    • Excellent interpersonal, oral/presentation and written communications skills in both technical and non-technical language.
    • Conceptual and analytical thinker, able to understand, analyze and synthesize complex business and technology issues and strategies.
    • Ability to lead information risk assessments and perform control selection activities.
    • A demonstrated ability to lead diverse teams to consensus in a timely manner including mentoring and growing a team and organization in security.
    • Ability to work collaboratively and effectively with a broad range of constituencies is essential.
    • Team builder/player and able to work effectively with others with a demonstrated cultural awareness for interactions in multicultural, multi-national, and multi-vendor settings.
    • Broad information technology background particularly in IT architecture, systems and software development, disaster recovery, and operations.
    • Strong judgment and decision making skills with the ability to demonstrate understanding of the organization’s infrastructure and the business impact of information security recommendations.
    • Flexible and adaptable process-oriented work style; strong demonstrated work ethic; personal time management skills and can work independently and in teams with minimal direction but willingness to seek advice/assistance.
    • Demonstrated work ethic that emphasizes customer focus, quality and continuous improvement.


    Language Skills

    • English (reading, writing, verbal).


    Mathematical Skills

    • College level mathematical proficiency, with a strong ability to understand, interpret and develop spreadsheet data.



    This is a stationary position that requires frequent sitting or standing, repetitive wrist motions, grasping, speaking, listening, close vision, color vision, and the ability to adjust focus.  It also may require occasional lifting, carrying, walking, climbing, kneeling, bending/stooping, twisting, pulling/pushing, walking, bending, stooping, and reaching above the shoulder.  Employees in this position must be physically able to efficiently perform the essential functions of the position. Reasonable accommodations will be provided to assist or enable qualified individuals with disabilities to perform the essential functions of the position, upon request.



    Work is performed in an office setting with exposure to moderate noise. 



    Occasional travel as required.



    The essential duties and responsibilities, physical requirements, and work environment described above are representative of those typically required for this position but may vary depending on staffing and business needs at specific locations. The inclusion or omission of a specific duty or physical requirement is, therefore, not determinative of whether that function is essential to a specific individual’s position.

    EEO Statement

    As an EOE/AA employer, Apria Healthcare is committed to providing all applicants and employees with equal access to employment opportunities, regardless of sex, race, age, color, national origin, disability, pregnancy, religion, genetic information, sexual orientation, transgender status, gender identity, marital status, veteran status, or any other characteristic protected by federal, state, or local law.  Apria Healthcare shall abide by the requirements of 41 CFR 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals on the basis of protected veteran status or disability, and require affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified protected veterans and individuals with disabilities. AA/EOE, M/F/Disability and Vet


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed