Vice President, Chief Information Security Officer (CISO)
Cone Health
Greensboro, NC
information security
security
officer
ciso
security
information security
management
regulatory
assets
health
ciso
legal
compliance
Apply with Tarta Assistant 🤖
Unleash the power of automation for your job search (Paid option) Apply Manually(Free)
I have time, I'll manually find and apply for jobs
Unleash the power of automation for your job search (Paid option) Apply Manually(Free)
I have time, I'll manually find and apply for jobs
90% of users say Tarta.ai Assistant helps them save time applying for jobs.
Not a member? Click
here to subscribe.
October 16, 2022
Cone Health
Greensboro, NC
Overview:
Qualifications:
| The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the digital environment in which we operate. The CISO is responsible for evaluating and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives. Proactively works with organizational leaders and partners to implement practices that meet policies and standards for information security and will be responsible for implementing and running the enterprise information security program. Serves as the process owner of the appropriate second-line assurance activities not only related to confidentiality, integrity and availability, but also to the safety, privacy and recovery of information owned or processed by Cone Health in compliance with regulatory requirements. A key element of the CISO's role is working with executive management to determine acceptable levels of risk for the organization. Therefore, must be knowledgeable about both internal and external business environments and ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory and contractual obligations. |
Talent Pool: Leadership
Responsibilities:| 1.Security Operations and Policies Enforcement: Lead the information security function across the organization, ensuring consistent information security management that is supportive of the business goals. Manage and maintain ongoing information security awareness training for all employees. Lead a security champion program to mobilize employees in all locations. Determine information security model and approach with risk management approaches and compliance to non-digital risk areas. Communicate with external agencies (law enforcement, advisory bodies) that have identified threats in order to maintain a strong security posture for the organization. Maintain a secure process for managing and containing information security incidents that will protect assets, intellectual property, regulated data and the reputation of Cone Health. Collaborate with compliance staff and privacy officer to ensure all information owned, collected and controlled by Cone Health is stored and handled in accordance with laws and regulatory and privacy requirements. Assist with the identification of non-IT managed IT services and facilitate a corporate IT onboarding program to bring these services in scope of the IT function. Ensure risk is reduces to an appropriate level and ownership of this information security risk is clear and documented. Build the internal networks between the information security team and organizational executives, as well as nurture the external networks of industry peers, vendors and partners. Oversee technology dependencies outside of direct organizational control by reviewing contracts and providing alternative management of risks. Facilitate the development of asset inventories to include those within the cloud services and in other parties within the organization. -------------------------------------------------- 2.Framework Development: Develop and maintain an information security management framework that is unified and flexible in integrating the wide variety of standard and regulated requirements. Develop and maintain document, metric and reporting frameworks to ensure up-to-date information, policies, standards, guidelines and to measure efficiency and effectiveness of programs. Work with business units to facilitate information security risk assessments and management processes that empower the business units to own and accept the risk level they deem appropriate for their area. Create a process for the assessment and mitigation of risk related to security organization, consisting of vendors, consumers, third parties and others. -------------------------------------------------- 3.Strategic Leadership: Develop and implement a strategic, comprehensive information security program to ensure confidentiality, integrity, safety and privacy. This includes the recovery of information assets that is owned or processed by Cone Health. Develop organizationally aligned vision and strategy for information security that enables the organization to reach business objectives and strategic priorities. -------------------------------------------------- 4.Management Functions: Manage, monitor and report the budget and discrepancies for the information security function. Manage direct reports and dotted line reports, to include hiring, training, staff development and performance management. Establish security governance process and practices -------------------------------------------------- |
| EDUCATION: |
| REQUIRED: Bachelor's degree in Information Security, Computer Science, Management of Information Systems or related field PREFERRED: Master's degree in Information Security, Computer Science, Management of Information Systems or related field |
| EXPERIENCE: |
| REQUIRED: 7 years appropriate background in multiple IT and Cybersecurity areas such as networking, architecture, security design, incident response, systems architectures, risk management 5 years managing or directing and IT and/or security operation 5 years demonstrable experience in implementing strategic plans and managing an information security program 5 years knowledge and demonstrated experience of relevant legal and regulatory requirements, such as HITRUST, SOC-2, HITECH, HIPAA Privacy & Security and other CMS regulations and guidelines PREFERRED: |
| LICENSURE/CERTIFICATION/REGISTRY/LISTING: |
| REQUIRED: PREFERRED: Professional security management certifications (CISSP, CISA, or CISM) |
Report this job