VP, Chief Information Security Officer
This job is no longer active.
View similar jobs.
POST DATE 11/28/2018
END DATE 8/20/2019
Hackensack Meridian Health
The VP, Chief Info Security Officer is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the innovative, industry leading digital ecosystem in which Hackensack Meridian Health operates. The VP, Chief Info Security Officer is responsible for identifying, evaluating and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while driving and enabling the bleeding edge clinical, research and business objectives of Hackensack Meridian Health.
The VP, Chief Info Security Officer position requires a high energy, visionary people leader with sound knowledge of organizational management and a knowledge of cybersecurity technologies covering the corporate network as well as the broader digital ecosystem. The VP, Chief Info Security Officer will proactively work with operating units and partners to implement practices that meet agreed-on policies and standards for information security. (S)he should understand IT and must oversee a variety of cybersecurity and risk management activities related to IT to ensure the achievement of organization outcomes where the process is dependent on technology. The VP, Chief Info Security Officer will be responsible for implementing and running the enterprise information security program.
The VP, Chief Info Security Officer should understand and articulate the impact of cybersecurity on the digital business of healthcare, and be able to communicate this to the board of directors and other senior stakeholders. (S)he serves as the process owner of the appropriate second-line assurance activities related to confidentiality, integrity and availability of information owned or processed by Hackensack Meridian Health in compliance with applicable law, regulation, policy, procedure and best-practices requirements. The VP, Chief Info Security Officer understands that securing information assets and associated technology, applications, systems and processes in the wider ecosystem in which the organization operates is as important as protecting information within the organization's perimeter. A key element of the VP, Chief Info Security Officer 's role is working with executive management to determine acceptable levels of risk for the organization.
The CISO must be knowledgeable about both internal and external healthcare environments, and ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory and contractual obligations. The ideal candidate is a thought leader, a people leader, and someone relentlessly focused on getting to Yes.. (S)he is an integrator of people, process and technology. While the VP, Chief Info Security Officer is the leader of the information security program, (S)he must also be able to coordinate disparated demands, constraints and personalities, while maintaining objectivity and a strong understanding that cybersecurity is foundational for the organization to deliver on its goals and objectives. Ultimately, the VP, Chief Info Security Officer is a leader, and should have a track record of thought leadership in the information security field.
* Develop and implement a world-class information security program that enables the digital objectives of Hackensack Meridian Health while ensuring the Confidentiality, Integrity and Availability of our digital assets.
* Be recognized as a healthcare information security expert in the United States.
* Facilitate an information security governance structure through the implementation of a hierarchical governance program, including the formation of an information security steering committee.
* Provide regular reporting on the current status of the information security program to senior business leaders and committees of the board of directors.
* Work with purchasing and legal to ensure that information security requirements are included in contracts.
* Create and manage a targeted information security awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences.
* Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management.
* Provide clear risk mitigating directives for projects with components in IT, including the mandatory application of controls.
* Lead the security champion program to mobilize employees in all locations.
* Lead the information security function across the enterprise to ensure consistent and high-quality information security management in support of organizational goals.
* Determine the optimal information security approach and operating model in consultation with key stakeholders.
* Manage the budget for the information security function.
* Manage the cost-efficient information security organization, consisting of direct reports and outsourced resources.
* Develop an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensure senior stakeholder buy-in and mandate.
* Work effectively with operating units to facilitate information security risk assessment and risk management processes, and empower them to own and accept the level of risk they deem appropriate for their specific risk appetite.
* Develop and enhance an up-to-date information security management framework based on COBIT/Risk IT and National Institute of Standards and Technology (NIST) Cybersecurity Framework.
* Develop and maintain a document framework of continuously up-to-date information security policies, standards and guidelines. Oversee the approval and publication of these information security policies and practices.
* Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the information security, and review it with stakeholders at the executive and board levels.
* Build and nurture external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks.
* Liaise with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.
* Create a risk-based process for the assessment and mitigation of any information security risk in the ecosystem consisting of supply chain partners, vendors, consumers and any other third parties.
* Work with the compliance staff to ensure that all information owned, collected or controlled by or on behalf of Hackensack Meridian Health is processed and stored in accordance with applicable laws and other global regulatory requirements.
* Collaborate with the data privacy officer to ensure that data privacy requirements are included where applicable.
Meridian Health is committed to the principles of equal employment opportunity and affirmative action and will not discriminate in the recruitment or employment practices on the basis of race, color, creed, national origin, ancestry, marital status, gender, age, religion, sexual orientation, gender identity/expression, disability, veteran status and any other category protected by federal or state law.