Chief Information Security Officer

Renown Health Reno, Nevada
information security security officer security information security information systems management procedures technical officer leadership assessment team
October 10, 2021
Renown Health
Reno, Nevada
Position Purpose

Reporting to the Chief Information Officer (CIO), the Chief Information Security Officer (CISO) with a dotted line to Chief Compliance Officer provides vision and leadership for developing and supporting security initiatives. The CISO directs the planning and implementation of enterprise IT system, business operation, and facility defenses against security breaches and vulnerability issues. This individual is also responsible for auditing existing systems, while directing the administration of security policies, activities, and standards. The incumbent establishes and maintains a comprehensive company wide information security program to insure that information assets are adequately protected against current, future, internal and external threats. The position is responsible for identifying, directing, coordinating, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements while enabling the company to develop an anticipatory response to minimize information security risk. The Chief Information Security Officer position acts as the key liaison and focal point in the company for all information security communications and projects. The CISO manages the relationship between Renown and all managed services partners.

Nature and Scope

Provides executive leadership, vision and managerial oversight in the development and implementation of security strategies to define policies and processes that enable consistent, effective information security practices and minimize risk. Determines projects and priorities for all information security issues. Establishes short and long-range business plans to achieve the necessary security to protect organization assets.

Leads strategic security planning to achieve business goals by prioritizing defense initiatives and coordinating the evaluation, deployment, and management of current and future security technologies using a risk-based assessment methodology.

Develops and communicates security strategies and plans to executive team, staff, partners, customers, and stakeholders.

Assists with the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements.

Develop, implement, maintain, and oversee enforcement of policies, procedures, and associated plans for system security administration and user system access based on industry standard best practices.

Establishes a security program for Renown Health incorporating regulatory standards and methodologies and provides reporting to ensure that standards are followed.

Oversees daily security activities to manage risk at an appropriate level, ensure effective response to incidents, and optimize secure data access and utilization.

Directs the communication and dissemination of organization information security standards, and advises senior executives regarding internal or external data security potential threats. Acts as advocate and primary liaison for the companys security vision via regular written and in-person communications with the companys executives, department heads, and end users.

Manages information security team to proactively analyze and directly respond to internal and external threats to system stability including unauthorized access such as vulnerability assessments, record attempts; minimizes/mitigates risk to information and systems.

Deploys integrated risk management approach to create executive level perspectives and status reports regarding all security risks we may encounter including: risks in physical security, access and control issues, data security and contingency planning.

Establishes and enforces a process to ensure that all users receive appropriate information security training to perform duties along with periodic information security awareness training; insures appropriate levels of information security awareness and personal responsibility.

Provides leadership, direction and oversight to the security team. Manage the human resources activities of Information Security in accordance with established policies and procedures.

Develops, tracks, and controls the security services annual operating and capital budgets for purchasing, staffing, and operations.

Minimum Requirements:

Expertise in technical and business environment, familiarity with national security standards, experience with business continuity, disaster recovery, auditing, risk management, vulnerability assessments, contract/vendor negotiations, and cyber-security and incident management.

Extensive knowledge of information security technologies, markets and vendors including firewall, intrusion detection, assessment tools, encryption, certificate authority, web, and application development.

Experience in and assessment methodologies, procedures and best practices that relate to information networks, systems, and applications

Experience in application security, database technologies used to store enterprise information, directory services, financial information, and information systems auditing.

Experience in identity and access management, security program policies, processes, standards, requirements and procedures and various supporting security technologies.

Ability to apply in-depth critical and analytic thinking skills to unique problems and projects to provide effective assessment and solution generation

Ability to communicate technical issues to non-technical employees.

Experience to leading large and complex projects to plan, manage and coordinate diverse company-wide technical projects.

Preferred Requirements:

Healthcare and insurance industries work experience.

Enterprise-wide administration expertise.

Leadership experience managing direct reports with a focus on building a high performance team in a rapid growth mode.

Combination of education, experience and training must qualify the candidate as an information security expert.

This position does not provide direct patient care.

Disclaimer

The foregoing description is not intended and should not be construed to be an exhaustive list of all responsibilities, skills and efforts or work conditions associated with the job. It is intended to be an accurate reflection of the general nature and level of the job.

Minimum Qualifications

Requirements - Required and/or Preferred

Name

Description

Education:

Bachelors in Information Technology, Business or similar required.

Masters Degree in Information Technology, Business or similar preferred.

Must have working-level knowledge of the English language, including reading, writing and speaking English.

Experience:

Ten years of experience working in a medium to large Information Systems department required.

Five years of management experience in an information systems department required.

Oversight of large IT project experience desired.

Strong relevant technical knowledge is strongly preferred.

Experience managing customer relationships preferred.

License(s):

None

Certification(s):

Required to have 2 of the following certifications: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Systems/Security Manager (CISM), Certified Risk and Information Systems Control (CRISC).

Computer / Typing:

Must be proficient with Microsoft Office suite, including Outlook, PowerPoint, Excel and Word, and have the ability to use the computer to complete online learning requirements for job-specific competencies, access online forms and policies, complete online benefits enrollment, etc.

Report this job

Similar jobs near me

Related articles