VP, Chief Information Security Officer

About The Position

Requirements

• Bachelor's degree preferred.
• CISSP or CISM certification required.
• 15 years of Information Technology experience, including 8+ years in information security.
• 5 years of experience leading or managing a technical team.
• Healthcare industry experience is required.
• Strong knowledge of HIPAA, HITECH, HITRUST, PCI, and PII compliance.
• Experience with IT Security Governance and Security Operation Centers.
• Strong working knowledge of Cyber Security frameworks like NIST, HITRUST, and ISO 27000's.
• Thorough understanding of Active Directory, Network Security, Systems Security, and Application Security.
• Excellent written and oral communication skills.

Nice To Haves

• GIAC Intrusion Analyst or Security Essentials Certification.
• Ethical Hacking training.

Responsibilities

• Establish and implement the information security strategy and policies.
• Conduct regular security assessments to identify and mitigate risks.
• Chair the Security Governance Committee to review security risks and mitigation strategies.
• Develop and enforce information security policies and procedures.
• Lead the response to information security incidents and maintain an incident response plan.
• Oversee the management of information security vendors and third-party service providers.
• Evaluate and recommend security enhancements and technology solutions.
• Ensure compliance with healthcare regulations, including HIPAA.
• Coordinate with internal and external auditors for regulatory audits.
• Develop and manage the information security budget.
• Stay updated on the latest information security trends and technologies.
• Foster a culture of continuous improvement in information security practices.
• Plan for incident-specific responses and disaster recovery planning.
• Monitor compliance with State and Federal regulations regarding information security.
• Respond to data security breaches and develop tracking/reporting systems.
• Ensure all users receive appropriate information security training and awareness training.
• Audit and assess system security vulnerabilities and develop remediation plans.
• Create system hardening standards and oversee their deployment.
• Develop and maintain a risk management matrix mapping known risks to IT controls.

Benefits

• Base Pay Range: $285,000 to $335,000 annually
• Annual employee bonus program
• Robust Wellness Program
• Generous paid-time-off (PTO)
• 11 paid holidays per year, 1 floating holiday, birthday off, and 2 volunteer days
• Excellent 401(k) Retirement Saving Plan with employer match
• Robust employee recognition program