Senior Information Systems Security Officer (ISSO)
Fortune 10 Health Company
This position is for highly critical visible project responsible for overseeing all aspects of information security operations, information security programs/projects, information security & technology risk assessments, and information security reporting. Performs all duties in accordance with the company's policies and procedures, all U.S. state and federal laws and regulations, wherein the company operates.
Cyber security leaders who manage security for systems and developing solutions for the healthcare industry.
We are searching for a seasoned ISSO with a passion for cyber security, excellent communication skills, and a leadership mindset to manage the latest threats and related laws and policies governing information security.
This is a Sr. position - must be able to understand end to end security, compliances, controls, etc..
• Five (5)+ years of Information Security experience is required; including three (3) years of FISMA related experience.
• Bachelor's Degree in an Information Security, Cybersecurity, Computer Science or equivalent. Master's Degree in a related field a plus.
• Hold in good standing at least one of the following certifications:
o Certified Information Systems Security Professional (CISSP)
o Certified Information Systems Manager (CISM)
o Certified Cloud Security Professional (CCSP)
• Experience with Data Exchanges
• Strong presentation, oral, and written communication skills
• Ability to balance security needs with mission/business needs.
• Specialized knowledge and experience with the implementation of the NIST Special Publication (SP) 800 family of publications, particularly those associated with the Risk Management Framework.
• Specialized knowledge and experience with evaluating system, network, or infrastructure security controls against requirements such as FISMA, NIST, MARS-E, HIPPA, SSA and IRS standards.
• Knowledge and experience with incident management and vulnerability management.
• Strong understanding of how to manage risk profile for large organizations required to meet federal privacy and security requirements while maintaining a tolerable risk level.
• Strong understanding of security architectures, operating systems, databases, networks, applications, and security tools.
• Knowledge and experience with information security and assurance principles (e.g., Defense-in-depth) and associated supporting technologies and architectures.
• Ability to assess and weigh current and evolving security threats in an operational environment
• Responsible for overseeing all aspects of information security operations, information security programs/projects, information security & technology risk assessments, and information security reporting. Performs all duties in accordance with the company's policies and procedures, all U.S. state and federal laws and regulations, wherein the company operates.
• Responsible for maintaining security with an objective to provide confidentiality, integrity, and availability of sensitive data within systems.
• Assist with alignment of information technology (IT) security priorities with the security strategy, information security budget, staffing, and contracting.
• Identify and evaluate security program implications of new technologies or technology upgrades.
• Oversee and manage compliance with state and federal security and privacy standards.
• Primary liaison to customers on all security, privacy, and compliance matters.
• Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.
• Monitor, evaluate, and report effectiveness of cybersecurity safeguards to ensure the appropriate level of protection at an acceptable risk.
• Ensure security improvement actions are evaluated, validated, and implemented as required.
• Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.
• Coordinate and participate in the continuous monitoring program of audits/assessments, penetration testing and vulnerability scanning.
• Oversee vulnerability and POA&M management, remediation, and reporting to leadership and customers.
• Lead efforts to obtain and maintain authorizations to operate.
• Oversee and ensure remediation's and incident response activities are met in accordance with Service Level Agreements.
• Set up and own processes for continued compliance for items such as RBAC compliance.
• Review change requests and provide Security oversight; ensure compliancy as outlined in the SOW (e.g. FedRAMP)