Chief Information Security Officer - Remote Opportunity

Position Title: Chief Information Security Officer Remote Opportunity

Position Overview: We seek an experienced and highly skilled Chief Information Security Officer (CISO) to join our growing organization with 180 distributed healthcare facilities including Surgical Hospitals Ambulatory Surgical Centers and Clinics. As the CISO you will lead and implement our comprehensive information security strategy to protect the confidentiality integrity and availability of sensitive patient data and critical systems across a distributed environment throughout the organization. This position will be crucial in safeguarding our healthcare and corporate environment against cyber threats ensuring compliance with healthcare data regulations and fostering a culture of security awareness among our colleagues.

As the senior most cybersecurity leader this position will play an instrumental role in driving organizational cybersecurity and related risk posture through all levels and will require a strong ability to influence and communicate with precision to a diverse range of audiences from providers executive management board of directors etc.

Responsibilities:

Information Security Strategy and Governance:

• Partner with Audit Compliance Finance Treasury etc. to create a unified alliance promoting information security and governance practices.
• Develop and maintain a robust information security strategy and framework tailored to the healthcare industrys unique challenges and regulatory requirements.
• Collaborate with executive leadership to align information security initiatives with overall business objectives and risk tolerance.
• Establish and oversee information security governance processes including risk assessment vulnerability management incident response and compliance tracking.

Cybersecurity Operations:

• Manage the daytoday operations of the information security team ensuring the implementation and maintenance of security controls technologies and best practices.
• Conduct regular security assessments vulnerability scans and penetration tests to identify and address potential security weaknesses.
• Lead incident response efforts coordinating with internal teams and external stakeholders to mitigate security incidents and minimize their impact.

Regulatory Compliance and Risk Management:

• Continuously calibrate the organizational controls including policies and procedures with evolving healthcare data privacy laws regulations and industry standards such as HIPAA PCI NIST CSF disclosures etc. to ensure the organizations compliance with these requirements.
• Firm Understanding of IT SOX controls is a requirement to ensure compliance.
• Assess and manage information security risks working with various departments and facilities to develop and execute risk treatment plans.

Security Awareness and Training:

• Implement a comprehensive security awareness and training program for all employees to enhance their understanding of security best practices and their role in protecting patient information.
• Foster a culture of security awareness emphasizing the importance of safeguarding sensitive data and reporting potential security incidents.

Governance Risk and Compliance:

• Assess the security posture of thirdparty vendors and service providers to ensure they meet healthcare industry standards and comply with relevant regulations.
• Establish and enforce vendor risk management policies and procedures to minimize potential security risks associated with thirdparty relationships.
• Conduct routine HIPAA and infrastructure/cyber risk assessments across healthcare facilities and create plans to improve upon risk and communicate progress to management continuously.

Security Incident Response and Recovery:

• Maintain incident response plans to address various types of security incidents such as data breaches malware attacks and system intrusions.
• Coordinate and lead incident response activities working closely with IT legal and communication teams to ensure timely and effective response and recovery.

Business Continuity:

• Lead the development implementation and maintenance of enterprisewide business continuity strategies to ensure resilience against cyber threats and operational disruptions.
• Collaborate with IT risk management and business units to assess critical systems and data dependencies define recovery time objectives (RTOs) and recovery point objectives (RPOs) and ensure alignment with organizational risk tolerance.
• Conduct regular business continuity planning (BCP) tests audits and tabletop exercises; analyze outcomes and drive continuous improvement in preparedness and response capabilities.

Qualifications and Experience:

• Bachelors degree in Computer Science Information Security or a related field; advanced degrees are advantageous.
• Minimum of 810 years of experience in information security with at least 5 years in a leadership or management role within the healthcare industry.
• Indepth knowledge of healthcare data privacy laws and regulations (e.g. HIPAA PCI NIST) and experience in implementing and maintaining compliance programs.
• Proven track record of developing and executing comprehensive information security strategies within complex healthcare environments by influencing stakeholders from all levels.
• Strong understanding of cybersecurity technologies tools best practices and emerging threats and vulnerabilities.
• Excellent communication and leadership skills with the ability to articulate complex security issues to nontechnical stakeholders.

Required Experience:

Chief