Chief Information Security Officer

CorVel Corporation•Irvine, CA

2d•$37,394 - $55,997

About The Position

The Chief Information Security Officer (CISO) is a senior-level management position responsible for overseeing CorVel’s organization’s information security and privacy. This person plays a crucial role in the organization, closely collaborating with the Legal, Executive Leadership, Information Technology, and Software Engineering teams to establish and achieve strategic information security and privacy objectives. The CISO will lead, develop, and implement security and privacy policies and procedures, manage security technologies, and oversee security audits and awareness training. The ideal candidate will have extensive experience in information security, including experience with security risk management, incident response, and forensics. The vision for CorVel security, privacy, and compliance efforts is to build programs that: Exemplify the highest levels of quality and integrity Drive highly cooperative efforts to address the highest risks efficiently Allocate resources to the maximum reduction in risk Inspire and foster a culture of security and privacy across the CorVel organization Being CISO at CorVel requires someone pragmatic who values business enablement and cooperative leadership and oversight. The position works in partnership with a highly qualified and lean Security & Privacy team at CorVel whose goal is to protect data assets and enable business.

Requirements

10+ years of experience in information security
5+ years of project leadership experience
Specific experience with one or more of the following areas: penetration testing, application security, vulnerability management, security risk management, security and privacy incident management
Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs
Deep knowledge and experience with relevant IT and security technologies
Experience with HIPAA, HITRUST, SOC1,2,3, SOX, NIST 800-53/CSF, or other relevant frameworks
Notable cloud security experience
Outstanding written and spoken communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences

Nice To Haves

Certification of CCISO, CISSP, CISM, SANS, GIAC, CISM

Responsibilities

Serve as the company’s lead information security officer, overseeing all security and privacy initiatives, policies, and procedures
Develop and implement information security strategies, including vulnerability assessments, penetration testing, and cybersecurity awareness and training
Perform risk assessment and vulnerability analysis including teal-time analysis and triage of emergent threats
Keeping abreast of developing security threats and advising management on appropriate countermeasures
Promote the company’s information security reputation and serve as a security subject matter expert, supporting IT and development teams, the Board of Directors, and customer meetings as required
Develop and maintain the Company's Security Policies, Procedures and standards including evaluation and compliance with security measures, Disaster Recovery and Emergency operating procedures, Security Incident Response and process protocols including Incident Reporting and Sanctions and Testing of security procedures, mechanisms, and measures
Maintain appropriate security measures and mechanisms to guard against unauthorized access to electronically stored and /or transmitted data and protect against reasonably anticipated threats and hazards
Oversee and/or assist in performing ongoing security monitoring of organization information systems, including assessing information security risk periodically as well as conducting functionality and gap analyses to determine the extent to which key business areas and infrastructure comply with statutory and regulatory requirements
Lead internal security risk management program across the enterprise supporting security, privacy, audit, and compliance activities
Program management: Keeping ahead of security needs by implementing programs or projects that mitigate risks
Security architecture: Planning, buying, and rolling out security hardware and software, and ensuring IT and network infrastructure is designed with best security practices in mind
Drive 3 party supplier risk management program
Manage critical security programs, including application security, business continuity, vulnerability management, and penetration testing programs
Respond to customer and prospect security information requests

Benefits

CorVel uses a market based approach to pay and our salary ranges may vary depending on your location. Pay rates are established taking into account the following factors: federal, state, and local minimum wage requirements, the geographic location differential, job-related skills, experience, qualifications, internal employee equity, and market conditions. Our ranges may be modified at any time.
For leveled roles (I, II, III, Senior, Lead, etc.) new hires may be slotted into a different level, either up or down, based on assessment during interview process taking into consideration experience, qualifications, and overall fit for the role. The level may impact the salary range and these adjustments would be clarified during the offer process.
A list of our benefit offerings can be found on our CorVel website: CorVel Careers | Opportunities in Risk Management [https://www.corvel.com/company/careers/]
In general, our opportunities will be posted for up to 1 year from date of posting, or until we have selected candidate(s) to fulfill the opening, whichever comes first.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume