Chief Information Security Officer

Healthcare Outcomes Performance Co. (HOPCo)•Phoenix, AZ

2d•Onsite

About The Position

The Chief Information Security Officer (CISO) is the executive leader responsible for all cybersecurity and data protection needs across HOPCo. This leader is tasked with proactively ensuring all systems, networks, methods of storing and moving data, are secured in a manner that is robust and protects member personal health information and all other sensitive or business confidential information and assets. The CISO will protect HOPCo from “bad actors” seeking to undermine the HOPCo business or access protected data. This leader will stay aware of all new threats, to proactively monitor, detect, and mitigate. This leader will work with HOPCo Compliance to ensure all HOPCo employees understand the role they play in protecting HOPCo assets and data. The CISO is responsible for all security standards, policies, and enforcement across HOPCo. This includes accountability for the security standards enforced with all third parties upon which HOPCo depends. This also includes the security profiles for all clinical sites owned or managed by HOPCo. This leader plays a critical role in making certain HOPCo is prepared to continue to function in the event of a ransomware attack or natural disaster. The CISO is also tasked with gaining and maintaining HiTrust certification for HOPCo and ensuring ongoing compliance with regulatory requirements like HIPAA and GDPR.

Requirements

Bachelor’s Degree required (Computer Science preferred); CISSP or equivalent security professional certification.
10+ years in various roles leading IT cybersecurity and data privacy teams and processes within healthcare
Exceptional written and verbal communication skills. Ability to communicate complex technical topics effectively to executive audiences.
Experience within a HiTrust certified organization and involvement in ongoing adherence
Experience implementing security programs within complex environments
Experience directly managing third parties to implement security tools and protocols
Demonstrated experience as successful influential leader across matrixed teams
Experience leading, hiring and coaching a team that includes internal and external team members
Expert knowledge and insight into threat vectors, ransomware risks, and data privacy regulations
Expert knowledge of available monitoring and threat-detection tools
Familiarity with IAM toolsets including Active Directory and Okta
Strong negotiation skills for keeping organizational focus on needed investments, while keeping the bigger HOPCo business picture in mind
Expert knowledge and insight into cybersecurity threat vectors and ransomware risks
Current and thorough knowledge regarding data privacy and protection regulations (HIPAA, GDPR, etc.)
Expertise in technical infrastructure, network architecture, and data movement
Expertise in data storage, cloud technologies, database configuration, data protection techniques
Expertise in system monitoring and threat detection toolsets and techniques
Excellent listening, analytical, and communication skills
Analytical thinking and problem-solving skills, with acute attention to detail, accuracy and accountability balanced with sound business judgment.
Exceptional interpersonal skills
Ability to successfully manage multiple projects simultaneously
Ability to communicate complex information in a clear and concise manner to managers and executives
Ability to practice good judgment and discretion
Ability to act with integrity
Ability to engage and foster strong partnerships

Responsibilities

Develop and execute on a plan to gain and maintain HiTrust certification
Own ongoing compliance with data protection regulations like HIPAA and GDPR
Stay aware and current on all government policies related to data protection
Stay aware of the developing cybersecurity threat landscape using regular NIST alerts (or equivalent) and filter noise from actual threats to the HOPCo ecosystem
Monitor the HOPCo systems for suspicious activity
Establish cybersecurity policies and protocols
Establish data privacy policies and protocols
Partner with Compliance to maintain and deliver regular cybersecurity and data privacy training to all employees
Enforce HOPCo cybersecurity and data privacy policies with all third parties
Initiate and sponsor regular cybersecurity audits, including penetration tests, to identify vulnerabilities
Assess all audit findings, establishing a prioritized path to mitigation
Report the state of cybersecurity threats and readiness to the CTO, CEO, and board on a regular basis
Establish dashboards and metrics to monitor current state and improvement over time
Select and implement appropriate monitoring tools
Develop an annual budget and business case tied to security investment needs
Establish a plan to protect HOPCo against ransomware attacks and to ensure the business can continue uninterrupted in the event of an attack
Work with other IT and business leaders to establish a robust Disaster Recovery Business Continuity Plan
Manage prioritization and execution priority on all cybersecurity and data privacy work
Manage MSSP vendors, including the selection and financial arrangement of using vendors
Work with the CTO to manage the security-related budget
Hire, manage, and coach security team members
Manage security assessments of HOPCo for customers and potential customer audits
Ensure HOPCo Access Management processes and policies are robust and followed