Chief Information Security Officer (CISO) - Healthcare

Apply for this position Please mention DailyRemote when applying
timePosted 4 days ago location United States salarySalary undisclosed
Before you apply - make sure the job is legit.

Attempting to apply for jobs might take you off this site to a different website not owned by us. Any consequence as a result for attempting to apply for jobs is strictly at your own risk and we assume no liability.

Job Description

Quick Notes from the Hiring Manager before reading below We are looking for someone who has HiTRUST experience and can continue to drive that in this opportunity. Experience achieving compliance ndash HIPAA, EHNAC, SOC12, PCI Experience developing a security team Must have Healthcare experience Experience driving security programs within a healthcaresoftware organization Please apply if the details above sounds like you. Chief Information Security Officer (CISO) At an enterprise level, BlueSky seeks an experienced, energetic, engaging and visionary leader who wants to become part of an exciting, vibrant community of information technology professionals supporting the enterprise mission providing a comprehensive, high-quality product and service that engages through secure and reliable technology. The CISO position reports to the CIO, is a member of the leadership team, and serves a key role in company leadership, working closely with senior leaders, and the corporate community. The CISO is an advocate for the enterprise total information security needs and is responsible for the development and delivery of a comprehensive information security strategy to optimize the security posture of the company. The CISO will have experience within the healthcare industry and specifically a HITRUST certified environment. They will lead efforts for HITRUST certification. The CISO leads the development and implementation of a security program that leverages enterprise-wide resources, facilitates information security governance, advises senior leadership on security direction and resource investments, and designs appropriate policies to manage information security risk. The complexity of this position requires a leadership approach that is engaging, imaginative, and collaborative, with a sophisticated ability to work with other leaders to set the best balance between security strategies and other priorities at the corporate level. Summary of Responsibilities Responsible for the strategic leadership of the information security program. Provide guidance and counsel to key members of the corporate leadership team, working closely with senior managers and directors in Information Technology, Claims Integrity, Payments and Network Solutions business leaders, defining objectives for information security, while building relationships and goodwill. Work with leadership to oversee the formation and operations of an enterprise information security organization that is organized toward a common goal in information security. Manage enterprise-wide information security governance processes, chair the Information Security Advisory Committee and lead Information Security Liaisons in the establishment of an information security program and project priorities. Lead information security planning processes to establish an inclusive and comprehensive information security program for the entire enterprise in support of information systems and technology. Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services and create maturity models and a roadmap for continual program improvements. Policy, Compliance and Audit Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation. Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the information and technology systems. Work with Internal Audit, General Counsel, Privacy Office and Compliance Officer and outside consultants as appropriate on required security assessments and audits. Coordinate and track all information technology and security related audits including scope of audits, business units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the enterprise in its best light. Provide guidance, evaluation and advocacy on audit responses. Develop a strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal external auditors, HITRUST, PCI, SOC 2 Type 2, HIPAA, and FISMA. Outreach, Education and Training Work closely with IT leaders, technical experts, business unit leaders across enterprise on a wide variety of security issues that require an in-depth understanding of the IT environment in their units. Create education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities. Work with Network Managers, Information Security Liaisons and technical organizations to build awareness and a sense of common purpose around security. Pursue security initiatives to address unique needs in protecting identity theft, mobile social media security and online reputation program. Risk Management and Incident Response Keep abreast of security incidents and act as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise. Convene Ad Hoc Security Committee (Red Team) as appropriate and provide leadership for breach response and notification actions for the enterprise. Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk. Examine impacts of new technologies on the enterprise information security program. Establish processes to review implementation of new technologies to ensure security compliance. Minimum Qualifications 10+ years of experience in Healthcare Information Security and HITRUST 5+ years in a Security leadership role or Security Officer position CISSP or other Information Security certification preferred