One of our customers has an immediate opening for a Chief Information Security Officer. The CISO is responsible for establishing and maintaining an enterprise-wide information security management program to ensure that information assets are adequately protected.
This position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and align with and support the risk posture of the enterprise. Must have experience as a CISO within the healthcare field.
The CISO position requires a visionary leader with sound knowledge of business management and a working knowledge of information security technologies. The CISO will proactively work with business until to implement proactive that meet defined policies and standards for information security. He or she will also oversee a variety of IT relation risk management activities.
The ideal candidate is a thought leader, a consensus builder, and an integrator of people and processes. While the CISO is the leader of the security program, he or she must also be able to coordinate disparate drivers, constraints and personalities, while maintaining objectivity and a strong understanding that security is just one of the business activities.
It cannot be undertaken at the expense of the enterprises ability to deliver on its goals and objectives. Ultimately, the CISO is a business leader and should have a track record of competency in the field of information security or risk management, with eight to ten years of relevant experience, including four years in a significant leadership role.
BA in Computer Science, Business Administration or a technology-related field related field. A master's degree in Healthcare Administration, Business Administration, or related field is preferred.
Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials is desired.
Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and ones from NIST.
Minimum of eight to ten years of experience in a combination of risk management, information security and IT jobs. At least four must be in a senior leadership role. Employment history must demonstrate increasing levels of responsibility.
Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
Project management skills: financial/budget management, scheduling and resource management.
Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
Experience with contract and vendor negotiations.
Knowledge and Skills:
Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes Oxley Act, Health Insurance Portability and Accountability Act (HIPAA) and Payments Card Industry/Data Security Standard.
Must be a critical thinker, with strong problem-solving skills.
Poise and ability to act calmly and competently in high-pressure, high-stress situations.
Excellent written and verbal communication skills, interpersonal and collaborative skills.
Ability to communicate security and risk-related concepts to technical and nontechnical audiences.
High level of personal integrity, as well as ability to professionally handle confidential matters, and show an appropriate level of judgment.
IEC 27001, ITIL, COBIT and ones from NIST.
CISSP, CISM, CISA, ISO/IEC27001
Corus Group, LLC