Chief Information Security Officer

Chief Information Security Officer - CISO

Summary :

Conexess Group is aiding a healthcare client in their search for a CISO. This is a % remote full time role and candidates interested must be able to work on W.

Reporting to the Chief Technology and Information Officer (CTIO), the Chief Information Security Officer (CISO) ensures the information and data of the company and its clients are secure from threats.

The CISO serves as both ambassador and quarterback, with a keen understanding of technology, strategic mindset, and excellent communication skills to proactively convey the importance of security to everyone in the organization.

The CISO has the primary responsibility and authority to assess, enhance, manage, and deliver the enterprise-wide, comprehensive information security and risk management strategy, ensuring the integrity and confidentiality of information that is owned, controlled, or processed by the organization, its partners, and business associates.

The CISO leads the implementation of an information security program that prioritizes cross-functional collaboration, facilitates information security governance, advises senior leadership on security direction and resource investments, and designs appropriate policies and programs to manage information security risk.

Serving as a consultant and subject matter expert, the CISO is responsible for building relationships and goodwill to lead, manage, and hold organization-wide resources accountable for establishing and meeting the expectations set out in the Information Security Standards.

Duties and Essential Functions :

Strategic planning Work with organizational leadership to enhance and implement the comprehensive Information Security Management System aligned with business goals;

understand, document and adjust risk tolerance; recommend and deliver the roadmap to mitigate potential threats.

• Program management Lead, build, and manage information security professionals including recruitment, onboarding, coaching, performance reviews, and metrics.
• Establish and prioritize goals, objectives, strategies, and tactics to achieve the company's security vision; recommend resources needed for information security including budget, staff, and partners;

track and trend performance to progress program maturity.

• Risk management Identify, assess, and prioritize potential security risks, including evaluation of new technologies, assessing vulnerabilities, and avoiding emerging threats.
• Security awareness Proactively educate management, workforce members, clients, vendors, and the Board about security issues and program developments and best practices;

source training materials and deploy awareness campaigns to reduce risk of human error.

• Policy development and operations Analyze, create, communicate, enforce, and update information security policies and procedures to guide the company.
• Security architecture Design, collaborate, implement, and optimize security systems to protect our systems and networks, including firewalls, encryption, and other safeguards;

evaluate and monitor system security backup and recovery procedures in partnership with technology team leads.

• Incident response Should the company experience a security breach, lead the incident response team through investigation, compliance with state and federal regulations, coordination with law enforcement, and taking steps to prevent future incidents.
• Compliance Working with the Compliance and Legal departments, ensure the company complies with relevant laws, regulations, and industry standards for information security, including regular internal and third-party audits to assess and verify compliance.
• Vendor management Ensure that third-party vendors meet the company's security standards, make recommendations to mitigate risks, and audit compliance to contractual requirements.
• Alignment Align security measures with overall business goals, thinking strategically to develop long-term security plans, while driving incremental improvements near-term.
• Collaboration Work closely with clinical, operational, and technical stakeholders to integrate security measures into all aspects of the business, leading the strategy, planning, implementation, and assessment of all information security activities.
• Serve as a member of the Technology Leadership Team, Department Head, and as the primary representative for security with company leadership, vendors, clients, and other executives.

Supervisory Responsibilities :

• Manages Information Security staff
• Responsible for recommending security initiatives for budgeting

Education and / or Experience :

• Bachelor's degree in information technology, computer science, cybersecurity, or related field
• Master's or is a plus
• A combination of education and experience providing solid preparation for the role will be considered
• A minimum of years of progressive experience in information security, with experience as an information security analyst, security consultant, or information technology manager
• Experience leading and reporting on key initiatives to leadership, from managers and directors to clients to the C-Suite and Board
• Experience managing security programs and teams in the clinical services, telemedicine, or medical device industry preferred
• Experience leading cybersecurity integration and security posture unification for mergers and acquisitions
• One or more industry-recognized certification, including Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Healthcare Certified Information Security and Privacy Practitioner (HCISPP), Certified Ethical Hacker (CEH)

Knowledge, Skills, and Abilities :

• Leadership Strong leadership and visible management abilities to oversee security initiatives across the company, including the ability to lead, manage, and hold cross-functional teams accountable for change management
• Industry experience Knowledge of the healthcare industry, the business context in which the company operates, and how security measures can support and enhance overall business objectives
• Communication - Ability to build a culture of security awareness within the company, conveying complex security concepts and initiatives to non-technical stakeholders in an engaging, collaborative way, and providing counsel in situations requiring judgement, timing, and sensitivity
• Technical proficiency Expert understanding of cybersecurity technologies and a commitment to continuous learning, staying up to date on the latest threats, trends, and best practice trends to inform decision-making
• Compliance familiarity with HIPAA, HITECH, GDPR, PCI, and relevant laws, regulations, and other industry standards to ensure the company remains compliant
• Risk management Expertise in risk management, understanding principles and ability to assess and prioritize risks to develop effective security strategies
• Management Expert in cybersecurity operations with a proven track record of building and managing high-performing security organizations through constant improvement and a willingness to be a player-coach
• Analysis Natural problem solver with excellent analytical skills, including collecting, analyzing, and interpreting data

Work Environment : (travel, physical demands, and conditions)

• Remote based environment
• High growth, fast paced organization
• Prolonged periods of sitting at a desk and working on a computer
• Occasional extended hours

LI-JB