Chief Information Security Officer
About the role
The Chief Information Security Officer (CISO) will lead Availity’s enterprise cybersecurity, security assurance, and technology risk programs. Reporting directly to the Chief Technology Officer, the CISO will protect Availity, its customers, and the highly sensitive healthcare information entrusted to its platforms.
Responsibilities
Develop and execute a multi-year cybersecurity strategy aligned to business strategy, customer commitments, technology direction, and risk tolerance.
Set the enterprise security vision, priorities, policies, standards, operating model, and accountability across technology, product, engineering, business, and corporate functions.
Ensure security is built into application development, cloud architecture, data platforms, APIs, AI capabilities, and other core technology capabilities.
Own Availity’s enterprise security audit and assurance strategy, including continuous readiness for customer, external, regulatory, and internal audits.
Lead major healthcare assurance programs, including HITRUST, SOC examinations, customer security audits, and remediation of significant findings.
Simplify, standardize, and automate the control environment, including automated control monitoring and reusable audit evidence across cloud environments.
Track findings, exceptions, risks, evidence requirements, owners, deadlines, and remediation commitments with clear executive visibility.
Serve as the principal cybersecurity advisor to the CTO, executive leadership team, and Board of Directors.
Establish a consistent security model across multiple cloud providers, including identity, workloads, applications, networks, data, logging, detection, and privileged access.
Secure Availity’s highly virtual and international operating model, including teams outside the United States that appropriately access or support systems containing PHI and sensitive healthcare data.
Ensure international operations are incorporated into audits, control testing, incident response, training, and risk management.
Ensure Availity can rapidly detect, investigate, contain, communicate, and recover from security incidents.
Prepare Availity for the next three to five years of cybersecurity risk, including AI security, machine and workload identity, software supply chain risk, automation, and cyber resilience.
Build, develop, and retain a high-performing global security leadership team and succession pipeline.
Represent Availity as a trusted security executive with major health plans, providers, partners, auditors, regulators, and industry forums.
Qualifications
Significant executive cybersecurity leadership experience, with substantial cybersecurity leadership experience in healthcare.
Demonstrated experience protecting PHI and other regulated healthcare data in a large-scale, cloud-based healthcare technology environment.
Direct executive accountability for major healthcare security audits, certifications, customer assessments, and regulatory examinations.
Personal leadership of multiple HITRUST assessment or certification cycles and multiple SOC examination cycles.
Experience leading complex healthcare customer security audits and assessments, including remediation of significant findings and prevention of repeat findings.
Experience establishing continuous audit readiness, automating control monitoring, and automating audit evidence collection.
Experience operating security programs across multiple cloud providers and securing highly distributed, virtual, and international teams.
Experience establishing controls for cross-border access to healthcare information and systems containing PHI or other sensitive healthcare data.
Board and executive-level communication experience, including presentation of security posture, audit results, risks, incidents, findings, and remediation status.
Strong knowledge of cloud security, software security, identity, data protection, security operations, incident response, and cyber resilience.
Proven ability to build and lead high-performing security organizations across multiple countries.
Preferred Qualifications
Security leadership experience in a large healthcare technology company serving health plans and healthcare providers.
Experience with healthcare transaction networks, regulated healthcare data exchanges, large API ecosystems, and major healthcare customers.
Experience consolidating overlapping security frameworks into a common control environment and materially reducing recurring audit time and cost.
Experience implementing continuous control monitoring across multiple cloud providers.
Experience with AI security and governance, acquisition integration, and security teams distributed across the United States and India.
Pay
TBD
Schedule
Remote, US