Director, Business Information Security Office - BISO

Surescripts serves the nation through simpler, trusted health intelligence sharing, in order to increase patient safety, lower costs and ensure quality care .

We deliver insights at critical points of care for better decisions - from streamlining prior authorizations to delivering comprehensive medication histories to facilitating messages between providers.

Job Summary

The Director Business Information Security Officer (BISO) reports to the VP, Chief Information Security Officer (CISO) and acts as the primary liaison between Surescripts business units and the Information Security team.

The BISO is responsible for understanding the unique business needs and risks of the organization and aligning them with security strategies and initiatives.

The BISO will develop and implement security policies, manage risk, and ensure compliance with regulatory requirements. They will play a crucial role in fostering a culture of security awareness and ensure that security measures are integrated into business processes.

They will be responsible for day-to-day operations to support and augment the CISO's overall responsibilities. The BISO plays a key leadership role in supporting not only the business but external customers as well.

The BISO ensures business decisions are not obstructed by cybersecurity but instead are made using sound security principles and supporting corporate security policies and plans.

In addition, the BISO will help assess risk & provide guidance for the organization during merger and acquisition activities.

Responsibilities

Serve as the CISO representative when the CISO is not available, including making decisions usually made by the CISO.

Work closely with Information Security leadership overseeing Identity and Access Management, Fraud and Crisis Management, merger and acquisition (M&A) activities and any new business initiatives.

Proactively gather and share pertinent information to effectively lead / engage in daily information security operations.

Lead the development and execution of crisis management plans and procedures.

Perform security due diligence for mergers, acquisitions, divestitures, and any new business initiatives.

Collaborate with external health care technology vendors, pharmacy partners, law enforcement, governmental entities and / and IT teams to ensure secure e-prescribing processes are being followed.

Assist with creating the Information Security department budget, monitor expenditures and ensure alignment with the overall department budget.

Enforce and influence strong security culture set forth by the CISO, ensuring uniformity across business units and employees.

Foster strong relationships with internal business partners and external entities to maintain a strong network.

Review customer contracts for appropriate information security language and requirements in partnership with Commercial Legal and Procurement.

Hold security leadership and teams accountable to consistently learn and share advanced knowledge and practices that promote excellence with the information security teams.

Advise on enterprise-wide process and technology security recommendations.

Maintain an up-to-date level of knowledge relating to security threats, vulnerabilities and mitigations set forth to reduce the corporate attack surface.

Lead security projects and ensure they are delivered on time and within budget.

Proactively identify and remove complexity and obstacles that hinder efficient security controls enterprise wide.

Stay abreast of new laws, regulations, and standards, and assess their impact on the business.

Serve as a trusted advisor to the business on information security matters.

Lead or participate in security projects and initiatives.

Qualifications

Basic Requirements :

Bachelor's degree in business administration, information assurance or related technical field

10+ years of related, progressive experience in cybersecurity management with at least 8+ years in an operationally focused security practitioner role.

5+ years' experience working with business leadership and with fiscal responsibilities.

5+ years of experience managing people.

Experience in mergers and acquisitions (M&A).

Experience in crisis management.

Strong written and verbal communication skills across all levels of the organization.

Ability to effectively manage stress in a constantly changing environment.

Driven to build a strong, cohesive team and positive enterprise-wide security culture.

Proven high-level of integrity, trustworthiness, and confidence, as well as ability to represent the company and security leadership with the highest level of professionalism.

Strategic vision and ability to influence others.

Strong project management and organizational skills.

Proven experience with National Institute of Technology (NIST) standards or California Consumer Privacy Act (CCPA) or Health Information Portability and Accountability Act (HIPAA) or HITRUST or SOC2

Demonstrated understanding and comprehension of a wide range of cybersecurity solutions.

Must be able to travel within the U.S. up to 25% (as needed).

Preferred Qualifications :

Master's degree or other advanced degree (MBA, information assurance, computer science, etc.).

8+ years of related security systems administration.

Relevant certification such as CISSP, CISM, CRISC, CISA, or similar.

Experience in similar role with large, complex organization.

Experience in the healthcare industry.

LI-REMOTE

Surescripts embraces flexibility through its Flexible Hybrid Work model for most positions. This model allows employees to work virtually while still utilizing our offices as collaboration centers.

With alignment and agreement from your leadership, you can come and go from the office as needed .

What You're Like

You're technical. Analytical. Imaginative. Maybe you're building your own crypto-mining rig-or not. Either way, your mind works to anticipate vulnerabilities and protect the company and its information against those vulnerabilities.

You do the right thing because it's the right thing without seeking to point fingers or brag. And of course, you're always willing to keep learning.

What We're Like

We're a team of friendly folks who do serious work. Our best work is done by rising to the occasion under stress, but we keep each other cool under pressure.

We're a tight team but we also look for ways to partner across the business. Our style is casual and laid back, but we shoulder our responsibility to protect patient data from sophisticated adversaries, which sometimes means delivering a difficult truth.

What the Work is Like

Our challenge is to protect our customers' data and our company. This requires anomaly analysis, risk reviews, pen testing of our controls, red-teaming and tabletops, policy and procedure work, documentation, and audits.

We also engineer and maintain our security products and tools. It's not always a typical 9-to-5 gig, of course, but then again, you work in information security, so you already know that.

Why Wait? Apply Now

We're a midsize company. This means you're not just another employee ID number. Here, you can build real relationships and feel supported by truly awesome people with diverse backgrounds and talents in an innovative and collaborative work culture.

We strive to create an environment where you can b e yourself, share your ideas and work your way. We offer opportunities for employee development, as well as competitive compensation packages and extensive benefits.

At Surescripts, base pay is one part of our Total Rewards Package (which may also include bonus, benefits etc.) and is determined within a range.

The base pay range for this position is $197,800 - $241,800 per year. Your base pay may vary within or outside of this range depending on a number of factors, including (but not limited to) your qualifications, skills, experience, and location.

Benefits include, but are not limited to, comprehensive healthcare (including infertility coverage), generous paid time off including paid childbirth and parental leave and mental health days , pet insurance, and 401(k) with company match and immediate vesting.

To learn more, review the Keep You and Yours Healthy , Balancing Work and Life , and Where Talent Takes Shape links under the Better Benefits.

Better Work. Better Life section of our careers site.

Physical and Mental Requirements

While performing duties of this job, an employee may be required to perform any, or all of the following : attend meetings in and out of the office, travel, communicate effectively (both orally and in writing), and be able to effectively use computers and other electronic and standard office equipment with, or without, a reasonable accommodation.

Additionally, this job requires certain mental demands, including the ability to use judgement, withstand moderate amounts of stress and maintain attention to detail with, or without, a reasonable accommodation.

Surescripts is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate on the basis of race, color, religion, age, national origin, ancestry, disability, medical condition, marital status, pregnancy, genetic information, gender, sexual orientation, parental status, gender identity, gender expression, veteran status, or any other status protected under federal, state, or local law.