Director Business Information Security Officer

About The Position

Requirements

• Bachelor's degree in business administration, information assurance, or related technical field
• 10+ years of related, progressive experience in cybersecurity management with at least 8+ years in an operationally focused security practitioner role.
• 5+ years’ experience working with business leadership and with fiscal responsibilities.
• 3+ years’ experience working with product and/or data teams to ensure that security is woven into each product based on company policies and standards.
• 3+ years of experience handling tough conversations with customers.
• 3+ years of people management/leadership experience.
• Strong written and verbal communication skills across all levels of the organization.
• Driven to build a strong, cohesive team and positive enterprise-wide security culture.
• Proven high integrity, trustworthiness and confidence, and ability to represent the company and security leadership with the highest level of professionalism.
• Ability to effectively manage stress in a constantly changing environment.
• Strategic vision and ability to successfully collaborate with and influence others.
• Strong project management and organizational skills.
• Proven experience with National Institute of Technology (NIST) standards or California Consumer Privacy Act (CCPA) or Health Information Portability and Accountability Act (HIPAA) or HITRUST or SOC2
• Demonstrated understanding and comprehension of a wide range of cybersecurity solutions.

Nice To Haves

• Master’s or other advanced degree (MBA, information assurance, computer science, etc.)
• 8+ years of related security systems administration.
• Relevant certification/s such as CISSP, CISM, CRISC, CISA, or similar.
• Experience with agile methodology and ability to negotiate to get work prioritized.
• Experience using AI for business improvements.
• Experience in a similar role with large, complex organization/s.
• Experience in the healthcare industry.

Responsibilities

• Serve as a trusted advisor to the business on information security matters.
• Work closely with Information Security leadership overseeing Identity and Access Management, Fraud and Crisis Management, merger and acquisition activities and any new business initiatives.
• Keep abreast of current activity within the IAM and Fraud and Crisis teams and partner with team members for success.
• Foster strong, collaborative relationships with internal business partners and external entities to maintain a strong network.
• Enforce and influence strong security culture set forth by the CISO, ensuring uniformity across business units and employees.
• Advise organization on enterprise-wide process and technology security recommendations.
• Proactively gather and share pertinent information to effectively lead/engage in daily information security operations.
• Lead the development and execution of crisis management plans and procedures.
• Collaborate with external health care technology vendors, pharmacy partners, law enforcement, governmental entities and / and IT teams to ensure secure e-prescribing processes are being followed.
• Assist with creating the Information Security department budget, monitoring expenditures, and ensuring alignment with the overall department budget.
• Review customer contracts for appropriate information security language and requirements in partnership with Commercial Legal and Procurement.
• Hold security leadership and teams accountable to consistently learn and share advanced knowledge and practices that promote excellence with the information security teams.
• Maintain an up-to-date level of knowledge relating to security threats, vulnerabilities, and mitigations set forth to reduce the corporate attack surface.
• Lead security projects and ensure they are delivered on time and within budget.
• Proactively identify and remove complexity and obstacles that hinder efficient security controls enterprise wide.
• Stay abreast of new laws, regulations, and standards, and assess their impact to the business.
• Perform security due diligence for mergers, acquisitions, divestitures, and any new business initiatives.
• Serve as the CISO representative when the CISO is not available, including making decisions usually made by the CISO.

Benefits

• comprehensive healthcare (including infertility coverage)
• generous paid time off including paid childbirth and parental leave and mental health days
• pet insurance
• 401(k) with company match and immediate vesting