Skip to main content

This job has expired

You will need to login before you can apply for a job.

VP, Chief Information Security Officer

Employer
Information Bodenseekreis
Location
Scottsdale
Salary
Competitive
Closing date
11 Aug 2024
View moreView less

Brief Description
Vitalant is currently seeking a Vice President, Chief Information Security officer (CISO). In this role, you will assume leadership of our enterprise–wide Information Security Program. Your key responsibilities will include developing, implementing, and enforcing security policies to safeguard critical data and sensitive information. Dive into assessing technical risks, shaping security governance, and defining the necessary security awareness/training. You'll also be at the forefront of incident management, leading a dedicated team focused on security and data governance.

At Vitalant, your impact is vital. As the VP, CISO, you'll be the guardian of people, processes, and technology, ensuring regulatory compliance and upholding the confidentiality, integrity, and availability (CIA) of our information and assets. You will engage in meaningful conversations with business leaders where you'll strike a balance between business goals, security priorities, regulations, and stakeholder expectations to address security risks and minimize potential harm. This is not just a job; it's a chance for you to make a real impact on our organization's security landscape shaping the future of our life–saving mission.

This position will work in the Scottsdale, AZ National Headquarters 3 days a week and work from home 2 days a week

Duties and Responsibilities

• Provides effective leadership to achieve prominent levels of service, quality,financial results, and other criteria in accordance with policies, goals, andobjectives.
• Hires, supervises, trains, and evaluates performance of assigned personnel.Identifies and effectively resolves personnel issues.
• Develop and execute an enterprise–wide security framework based on federaland state laws, risk, and compliance. Drives roadmaps that mitigate riskthrough the right balance of controls and operational flexibility.
• Responsible for the development of security polices ensuring adherence tostandards, guidelines, and procedures to ensure ongoing maintenance ofsecurity and compliance with Information Security standards andregulations
• Provide information, presentations and support to the Senior ManagementTeam and Board to ensure the understanding of security beyond a"compliance – only" view to provide analysis of strategic objectives orproposals in light of security risks and compliance obligations.
• Prepare the organization for a healthcare certification; HITRUST, ISO, etc., toensure customer and vendor confidence in the organizational overall securitypractices.
• Establishes and chairs a security and data governance team comprised oflegal, IT and privacy leaders to guide the organization's security program anduse and sharing of information and data to ensure compliance with applicablelaws and regulations, evaluate and anticipate risks with proposed strategicinitiatives or projects and develop mitigation measures where feasible.
• Oversees and provides direction on the classification, ownership, andretention of data and information as well as clarifying accountability for dataand information. Direct the development of policies to include data andinformation in both electronic and non–electronic format for compliance withHIPAA, HITECH, and any other state or federal law impacting organization'suse of personal or financial data, including but not limited to data of donors,patients, vendors, customers, collaborators, and employees.
• Represent the organization internally and externally on information securitymatters; leads, or participates in relevant committees, projects, and securityinitiatives.
• Works closely and collegially with the CIO and Information Technologyleadership team, general counsel, privacy counsel, privacy officer andenterprise risk.
• Responsible for development and delivery of enterprise security trainingprograms for initial and ongoing training for all enterprise employees,contract employees and others, including HIPAA compliant training for HIPAAcovered healthcare components of organization. Updates training as often asneeded to meet environment changes and regulatory requirements.
• Partners with Information Technology on selection and implementation ofcomputer information security systems and tools.
• Responsible for the enforcement of information security and data protectionpolicies ensuring adherence to standards, guidelines, and procedures.Coordinates and conducts assessments, including regular HIPAA RiskAssessments where applicable, to ensure compliance with the security anddata policies are maintained at all levels of the organization.
• Maintains current knowledge of applicable federal and state informationsecurity regulations including but not limited to FDA, HIPAA, HITECH, PCI andother applicable federal and state regulations and accreditations standardsgoverning security of data, particularly sensitive proprietary, financial, andpersonal data. Provides analysis of pending new regulations in informationsecurity for assessment and implementation for compliance.
• Responsible for the development and execution of performance indicators forsecurity measurements and routine metrics to assist the organization inidentifying potential security risks and providing recommendations formitigation, including, third party evaluations, and impact analysis.
• Reviews vendor contracts and consents needed to implement projects inpartnership with the organization's procurement and information securityfunction.
• Participates in cyber liability insurance program analysis and identified liabilityrisks and recommends mitigation measures.
• Responsible for security incident management reporting and tracking.
• Develops and administers annual budget in compliance with requirements oforganization and ensures adherence.

Qualifications:

Requirements

Knowledge/ Education
• Bachelor's degree from accredited college/university with a major ininformation technology, computer science, information security or relatedstudy required.
• Master's degree in science, technology (preferred) or equivalent.
• Experience in security operation and incident response teams required.
• Strong knowledge of Security industry standards and regulations, includingrequired assessments, reporting and data management required. Internal andExternal IT auditing concepts, techniques, methods, and procedures required. 6.Familiarity with major IT computing platforms, security concepts, generalcontrols, and application auditing required.

Licenses/ Certifications
Certified Information Security Systems Professional (CISSP) required.

Experience
• Ten years of progressive IT professional experience required. Seven years ofthe required experience must be in managing mid–sized to large IT securityoperations.• Two years of experience performing complex professional auditing, informationsecurity, or information systems assessments and auditing; including lead responsiblyfor supervision of staff or contract staff required.
• Proven record with leading security incident or breach assessment, mitigation andresponse and demonstrated ability to anticipate, assess, and manage threats,including cyber threats, to the enterprise, risks to enterprise information, andmanagement of those risks and responses to exploits to the enterprise required.
• Experience with cyber security insurance programs and cyber liability risk assessment,mitigation, and claims required.

Skills/Abilities
• Must possess the skills and abilities to successfully perform all assigned duties andresponsibilities.
• Business enabling mindset.
• Strong analytical and critical thinking skills.
• Excellent interpersonal, negotiation and conflict resolution skills.
• Must be able to act with integrity, professionalism, and confidentiality.
• Excellent written and verbal communications with experience presenting to executivesand leadership teams.

We know how to fine–tune corporate security because we've led effective and efficient Fortune 500–level security programs. The SEC helps businesses find the best balance of risk mitigation, cost and innovation.

Want insight delivered to your inbox? Subscribe to Security Insight newsletter.

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert