Jobs · Information Technology · Arizona

Chief Information Security Officer

Information TechnologyFull-time

General Statement of Duties

The Chief Information Security Officer (CISO) is the executive leader responsible for all cybersecurity and data protection needs across HOPCo. This leader is tasked with proactively ensuring all systems, networks, methods of storing and moving data, are secured in a manner that is robust and protects member personal health information and all other sensitive or business confidential information and assets. The CISO will protect HOPCo from “bad actors” seeking to undermine the HOPCo business or access protected data. This leader will stay aware of all new threats, to proactively monitor, detect, and mitigate. This leader will work with HOPCo Compliance to ensure all HOPCo employees understand the role they play in protecting HOPCo assets and data. The CISO is responsible for all security standards, policies, and enforcement across HOPCo. This includes accountability for the security standards enforced with all third parties upon which HOPCo depends. This also includes the security profiles for all clinical sites owned or managed by HOPCo. This leader plays a critical role in making certain HOPCo is prepared to continue to function in the event of a ransomware attack or natural disaster. The CISO is also tasked with gaining and maintaining HiTrust certification for HOPCo and ensuring ongoing compliance with regulatory requirements like HIPAA and GDPR.

Essential Functions

  • Develop and execute on a plan to gain and maintain HiTrust certification
  • Own ongoing compliance with data protection regulations like HIPAA and GDPR
  • Stay aware and current on all government policies related to data protection
  • Stay aware of the developing cybersecurity threat landscape using regular NIST alerts (or equivalent) and filter noise from actual threats to the HOPCo ecosystem
  • Monitor the HOPCo systems for suspicious activity
  • Establish cybersecurity policies and protocols
  • Establish data privacy policies and protocols
  • Partner with Compliance to maintain and deliver regular cybersecurity and data privacy training to all employees
  • Enforce HOPCo cybersecurity and data privacy policies with all third parties
  • Initiate and sponsor regular cybersecurity audits, including penetration tests, to identify vulnerabilities
  • Audit all audit findings, establishing a prioritized path to mitigation
  • Report the state of cybersecurity threats and readiness to the CTO, CEO, and board on a regular basis
  • Select and implement appropriate monitoring tools
  • Develop an annual budget and business case tied to security investment needs
  • Establish a plan to protect HOPCo against ransomware attacks and to ensure the business can continue uninterrupted in the event of an attack
  • Work with other IT and business leaders to establish a robust Disaster Recovery Business Continuity Plan
  • Manage prioritization and execution priority on all cybersecurity and data privacy work
  • Manage MSSP vendors, including the selection and financial arrangement of using vendors
  • Work with the CTO to manage the security-related budget
  • Hire, manage, and coach security team members
  • Manage security assessments of HOPCo for customers and potential customer audits
  • Ensure HOPCo Access Management processes and policies are robust and followed

Education

  • Bachelor’s Degree required (Computer Science preferred)
  • CISSP or equivalent security professional certification

Experience

  • 10+ years in various roles leading IT cybersecurity and data privacy teams and processes within healthcare

Knowledge

  • Expert knowledge and insight into threat vectors, ransomware risks, and data privacy regulations
  • Expert knowledge of available monitoring and threat-detection tools
  • Familiarity with IAM toolsets including Active Directory and Okta

Skills

  • Strong negotiation skills for keeping organizational focus on needed investments, while keeping the bigger HOPCo business picture in mind
  • Expert knowledge and insight into cybersecurity threat vectors and ransomware risks
  • Current and thorough knowledge regarding data privacy and protection regulations (HIPAA, GDPR, etc.)
  • Expertise in technical infrastructure, network architecture, and data movement
  • Expertise in data storage, cloud technologies, database configuration, data protection techniques
  • Expertise in system monitoring and threat detection toolsets and techniques

Abilities

  • Ability to successfully manage multiple projects simultaneously
  • Ability to communicate complex information in a clear and concise manner to managers and executives
  • Ability to practice good judgment and discretion
  • Ability to act with integrity
  • Ability to engage and foster strong partnerships

Similar jobs

Security Officer

DK SecurityMuskegon, MI· Yesterday
Management$20/hrapply on joblinkapply.com

Security Officer

Northeast Regional Medical CenterKirksville, MO· 2 days ago
Information Technologyapply on fa-evxo-saasfaprod1.fa.ocs.oraclecloud.com

Security Officer

BayCare Health SystemMorton County, ND· 1 wk ago
apply on css-baycarehs-prd.inforcloudsuite.com

Security Officer

Roseshire Gaming ParlorRichmond, VA· 1 wk ago
Information Technology$17/hrapply on jobs.churchilldowns.com

Security Officer

Angel Of The Winds Casino ResortArlington, WA· 1 wk ago
Management$23/hrapply on angelofthewinds.hire.trakstar.com

Security Officer

Crouse HealthSyracuse, NY· 1 wk ago
OTHR$20–$24.24/hrapply on pm.healthcaresource.com