Information Security Officer
Posted on Jun 10, 2022 by Request Technology
Reporting to the VP of IT and CIO, the Information Security Officer is responsible managing the Information Security team and for establishing and managing the corporate cybersecurity program to ensure IT implementation and administration adheres to cybersecurity best practice controls. The Information Security Officer (ISO) monitors the organization's IT systems to look for threats to security and establishes protocols for identifying and neutralizing threats. The ISO will be an integral part of the Information Technology organization reporting directly to the CIO to help improve and communicate the maturity levels of information security, the state of cybersecurity and IT risk practices across the healthcare system.
A key element of the ISO's role is working with executive management to determine acceptable levels of risk for the organization. This position is responsible for establishing and maintaining a corporate-wide information security management program to ensure that IT information assets, such as computer infrastructure, network, and data are adequately protected. Collaborates and coordinates with Corporate Compliance all activities related to cybersecurity assessments, projects, and audits.
- Leads the Information Security team that is responsible for development and implementation of the security architecture including all hardware, software, and professional services engagements to ensure the IT and network infrastructure is designed with best security practices in mind.
- Oversees the day-to-day activities of assigned staff including general functions of supervision, staffing, scheduling, orientation and training, continuing education, workflow assignments.
- Co-Chairs the Information Security Executive Committee (ISEC) and coordinates the activities of ISEC so that security decisions do not interrupt business processes while maintaining the confidentiality, integrity, and availability of digital information.
- Provide Real Time analysis of immediate threats and investigate through extensive forensics all cybersecurity threats. Determines what went wrong in a breach, dealing with those responsible and develops plans to avoid repeats of the same crisis.
- Acts proactively to eliminate threat by ensuring that proper controls and technologies are in place, such as intrusion detection, prevention systems, firewalls, and other Security technologies.
- Owns and manages the Incident Response Plan and the DR plan to ensure the availability of computer resources across the organization to eliminate or minimize business disruption. Maintains incident response playbooks. Prepares and coordinates security incident response training exercises and participates in crisis response training.
- Knowledge of laws and regulations including but not limited to: Health Insurance Portability Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), and Sarbanes-Oxley (SOX).
- Expert knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, SANS, and NIST.
- Collaborates and liaise with the Corporate Compliance Office to ensure that data privacy requirements are included where applicable.
- Provides guidance, manages, and mentors the Information Security team in implementing and supporting the cybersecurity architecture and technologies.
To qualify you must have:
- Bachelor's degree required with emphasis on management, computer science, or related field; Masters Degree preferred.
- Security certifications: CISSP, CISA, CISM and/or CRISC preferred or commitment to obtain within one year of hire.
- Minimum of 5-8 years of progressive experience in information security and privacy.
- 3-5 years supervisory/management experience required.
- Experience in the implementation and management of an organization's cybersecurity program.
- Experience with Cloud computing/Elastic computing across virtualized environments.
- Extensive experience developing Security Architecture technology frameworks.
- Experience with Mobile and remote device management tools.
- Extensive experience in implementing security technology stacks for Networks, Client Server environments, NG Firewalls, IPS systems, Identity management systems, and DATA security among others.
- Strong communication skills, writing skills and executive presence are critical component of this role.
- Experience in identifying and tracking cybersecurity metrics to identify key risk indicators and mitigation plan.
- Proficiency in MS Office: Word, Excel, PowerPoint.
- Strong, organizational, critical thinking and problem-solving skills.