VP, Chief Information Security Officer

Kaiser Permanente Oakland , CA 94604

Posted 2 weeks ago


This position has a wide expanse of relationships internal and external to Kaiser Permanente (KP) and must balance stakeholders representing complex and varied priorities with security imperatives. The CISO must navigate the organization, its regulators, policies, customers, and other important stakeholders while ensuring that KP has the right tools and controls in place to protect its business operations, data, tools and network against a dynamic threat landscape. Additionally, this executive must demonstrate solid leadership, relationship management, and collaboration competencies, understand how to balance and manage risk, and reflect a consistently compliant and policy driven approach to managing the work. The CISO must: Lead the Cyber Security function to prevent data loss and prevent fraud, and ensure the confidentiality, integrity and availability of all KP-s data and systems. Design and implement security architecture. Provide strategic and operational management of the Cyber Security function. Deliver and support program-wide prioritized risk mitigation activities. Lead incident response and management, including investigations and forensics and implementing controls to prevent relapse. Govern security initiatives and controls to ensure the environment is secure and that corporate leadership understands their importance. Design and govern security policies and security guidance. Provide training and awareness to the Kaiser Permanente enterprise. Implement program and process improvements to strengthen the organization-s security posture. Develop and maintain strong strategic relationships with leadership across the KP enterprise and critical external stakeholders, advisors, and security industry groups.

Essential Functions:

  • Builds and maintains a high performing leadership team with robust succession plans by providing strategic leadership and vision, and professional development of technical and business management staff.

  • Leads development of the Cyber Security strategic roadmap ensuring it is strategically aligned to mitigate current and future security risks for KP. Understands the dynamic threat landscape and strategically adjusts and aligns the roadmap on an ongoing basis to ensure it addresses the changing security risk environment.

  • In partnership with the Chief Technology Risk Officer, VP of Technology Risk Management, and Executive Director, IT Compliance, develops and manages cyber security functions that support the identification, management and remediation of prioritized risk and compliance efforts. Serves as advisor on Cyber Security to senior leadership. Develops and presents strategic risk recommendations.

  • Leads department-wide cyber security strategic and operational planning efforts to integrate into TRO-s multi-year financial and strategic planning efforts. Ensures plans comply with program guidelines and objectives and includes a high degree of stakeholder engagement and achieves threat/risk management goals, operational efficiencies, and clear organizational direction for the Cyber Security function, TRO, and the KP enterprise.

  • Partners with other TRO functions to provide metrics/dashboard reporting for key business management initiatives, and/or other ad hoc information requests to report Cyber Security data and metrics. Strategically advises and shares metrics and analysis with stakeholder groups to optimize visibility of Cyber Security risks and areas of improvement across the KP enterprise.

  • In partnership with the Chief Technology Risk Officer and the TRO Executive Leadership team, ensures Cyber Security is strategically and effectively engaged with stakeholder communities and is meeting stakeholder expectations.

  • In partnership with the Office of the Chief Technology Risk Officer, develops communication approaches and strategies, determines presentation focus and emphasis, and provides inputs to board-level presentations to report on the status of Cyber Security. Primary audiences include the IT Executive Committee, KP business leaders, business operations governance bodies, and other key audiences, as needed.

  • Plans and leads designated people processes and organization performance reporting, and goal setting on behalf of Cyber Security, including performance management, process coordination, talent reviews, etc.

  • Develops long term resource and employee development strategies to ensure workforce is equipped and available to support the execution needs of Cyber Security.

Basic Qualifications:


A proven senior IT security leader who has demonstrated leadership(minimum 10 years) in building and managing teams in a large, client-focused, complex IT environment; possesses business and financial acumen as well as high emotional intelligence and people leadership skills.

  • Proven experience leading an IT Security organization, a broad and detailed understanding of security centric technology and tools, security risk management, threat landscape and threat mitigation strategies

  • A strong knowledge of regulatory compliance including PCI, HIPAA, SOX, NIST, GLBA. Experienced in leading a security organization through security assessments performed by regulators, customers, SOC1 and SOC2 assessments, and/or to assess the cyber maturity of the organization.

  • High degree of business acumen including risk management, budgeting, forecasting, executive communications, collaboration, and strategic relationship building. Strong process and policy orientation - with an emphasis on leading by enabling others to understand their accountabilities and enabling them to perform their work with guidance and coaching.

  • Proven experience building and managing a highly effective organization and developing high-performance teams that are geographically dispersed.

  • Proven experience in strategically managing project and portfolio lifecycles and the alignment of these to strategic company- wide roadmaps and ability to identify and prioritize strategic imperatives to ensure alignment with corporate strategy.

  • Strong team player able to partner with other IT functional units to deliver substantive added value to business planning and operations.

  • Systems-thinking - quickly assimilates the connections and relationships across functions and entities for both internal and external constituencies; plans appropriately for the future.

  • Client Service and Results Driven: focuses and aligns actions and decisions on ways to enhance service, client, and stakeholder experiences and objectives; is motivated and committed to achieving results on behalf of commitments to clients; inspires same in staff; balances resources to produce desired outcomes; tracks and monitors performance.

  • Team Focus: acts and makes decisions as part of a whole; assembles and effectively leads direct reports and/or partnership teams; exceptional facilitator of teamwork and decision-making in virtual and in-person settings.

  • Communication: delivers the right messages and information to appropriate audiences both verbally and in writing; inspires/interacts effectively across all levels in the organization; keeps stakeholders informed; adapts communication style to needs of audience.

  • Collaboration/Influencing: Actively gathers appropriate maximum level of participation and input to decision-making and fosters same within team; works through others to see/recognize new perspectives to reach best outcomes; strong matrix management and influencing skills.

  • Strategy: thinking/planning/providing vision of the future and develops actionable plans to achieve vision.

  • Change Leadership: sees breakthrough possibilities, dispels established mental and operational -maps-, effectively communicates vision of possibilities, and leads change planning to ensure that changes take hold.

  • Analytics: understands and actively seeks use of metrics and critical thinking to distill situations, guide messages and make decisions.

  • Accountability: owns delivering service and meeting business objectives.

  • Resource Management: proactively plans, forecasts, and achieves operating and capital short-term and long-term goals.

  • Commercial/Business Acumen: Ability to understand business drivers and work with stakeholders to manage cost and value drivers


Bachelor's degree required

License, Certification, Registration


Additional Requirements:


Preferred Qualifications:

Master-s degree desired in computer science, business, law, or any other related subject

Professional certifications such as the Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) are also desired.

Primary Location: California,Oakland,Ordway One Kaiser Plaza Scheduled Weekly Hours: 40 Shift: Day Workdays: Mon-Fri Working Hours Start: 8:00 AM Working Hours End: 5:00 PM Job Schedule: Full-time Job Type: Standard Employee Status: Regular Employee Group/Union Affiliation: Salaried, Non-Union, Exempt Job Level: Executive/VP Job Category: Information Technology Department: Technology Risk Office Travel: Yes, 20 % of the Time Kaiser Permanente is an equal opportunity employer committed to a diverse and inclusive workforce. Applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), age, sexual orientation, national origin, marital status, parental status, ancestry, disability, gender identity, veteran status, genetic information, other distinguishing characteristics of diversity and inclusion, or any other protected status.

External hires must pass a background check/drug screen. Qualified applicants with arrest and/or conviction records will be considered for employment in a manner consistent with federal and state laws, as well as applicable local ordinances, including but not limited to the San Francisco and Los Angeles Fair Chance Ordinances.

Load More

Click here for additional requirements >

Share This Job

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Chief Information Security Officer

Aecom Technology Corporation

Posted 3 weeks ago

VIEW JOBS 9/5/2020 12:00:00 AM 2020-12-04T00:00 United States of America - Texas, Houston Job Summary AECOM is seeking a Chief Information Security Officer to lead AECOM's Global Information Security and Governance, Risk and Compliance (GRC) program. This role is responsible for all areas of information security and compliance across the global organization. The successful candidate can be based in ANY major metropolitan city in the United States. About AECOM At AECOM, we believe infrastructure creates opportunity for everyone. Whether it's improving your commute, keeping the lights on, providing access to clean water or transforming skylines, our work helps people and communities thrive. We take on the most complex challenges and pioneer innovative, iconic solutions that push the limits of what's possible - the world's longest cable-stayed bridge, record-breaking sports events, the largest greenfield port development mega project, life-sustainingand disaster recovery programs, and the tallest tower in the Western Hemisphere. On projects spanning transportation, buildings, water, governments, energy and the environment, we deliver professional services throughout the project lifecycle. We are proud to be recognized for excellence: * Fortune 's World's Most Admired Companies - 2014-2020 * #1 in Transportation and General Building in Engineering-News Record 's 2019 "Top 500 Design Firms" and #1 2019 "Top 200 Environmental Firms" * VIQTORY 2020 Military Friendly® Gold Employer * Perfect score on the Human Rights Campaign Foundation's Corporate Equality Index for 2017-2019 This person will be a member of the global Chief Information Officer's (CIO) direct staff and serve as a critical member of our global IT leadership team. Our global information technology (IT) department is seeking talented leaders who can help further elevate our company's performance. The IT department supports our internal employees, projects and many of the technologies our clients rely on. Secure and compliant systems and data are critical to AECOM's ability to win business. We have created global Centers of Excellence (COE) to deliver our core technology of which information security and GRC are one. MAJOR TASKS AND RESPONSIBILITIES MAY INCLUDE: * Develop and drive AECOMs global information security strategy * Continue the maturity and growth of AECOMs security posture across the enterprise * Responsibility across AECOMs security engineering, architecture and operations, including leading the deployment and maintenance of the end to end security technology stack through internal and external partners to include all aspects of network and data * Responsible for ongoing vulnerability management and alignment with AECOM's patching standards * Establish and govern policies, standards and controls * Responsible for the security operations center (SOC) including threat intelligence, monitoring, hunting and forensics, as well as incident response and crisis management functions * Must have the ability to think proactively and impart that posture throughout the security team * Overall responsibility for the global Governance Risk and Compliance group ensuring regulatory standards of compliance are established and maintained. These include ITAR, DFARS, SOX and HIPPA regulations * Lead the efforts to ensure AECOM is compliant with global data protection and data privacy standards * Engage with AECOM's employee populations to help educate and raise awareness to matters of cyber security * Work closely with other business functions to include HR, legal, corporate communications, physical security, ethics and compliance, and global resilience to ensure cyber security is embedded into enterprise processes outside of IT * Provide regular updates on the cyber security landscape to the CIO and other IT leaders, as well as the board of directors and other leadership committees * Provide presentations and updates to other Executives across the company * Manage capital and operational budgets across the department KNOWLEDGE, SKILLS, ABILITIES, AND COMPETENCIES * Passion for security and technology and ability to leverage into value creation * Strong leadership and management skills with enthusiastic, confident and inspiring style * Proven technical experience in all facets of predicting, preventing, detecting and responding to cyber or information security vulnerabilities * Experience with state-of-the-art defense-in-depth architectures * Experience with regulatory requirements and building security programs to align with NIST 800-171 * Demonstrated skill in partnering with 3rd parties to include government agencies and technology firms in both preventative and reactionary actions and strategies * Strong interpersonal skills. Able to influence and navigate difficult situations and inspire your teams * Ability to bring people together to create detailed strategies for security across the company * Demonstrated experience perceiving threats facing an organization, understanding how they can be transformed into attacks and safeguarding the organization against breach or significant interruption * Must a have a mindset of anticipation and resilience * Advanced communication and presentation skills with demonstrable experience in working with executive management to advance key objectives * Has demonstrated cross-cultural effectiveness * Ability to manage global complexity, changing priorities and conditions * Willing to travel occasionally Minimum Requirements * Bachelor's Degree computer science, management information systems, business administration or related discipline desired; 16+ years of related experience or demonstrated equivalency of experience and/or education, including 8 years of leadership * Technologist and subject matter expert (SME) across information security domains * Experience in strategic planning and budgeting * Knowledge of national and international security-related regulations and frameworks such as ISO, SOX, GDPR, DFARS and NIST * Experience in program or project management * Due to the nature of this work, US Citizenship is required Preferred Qualifications M.S. Degree 15+ years of professional experience in information security, risk management, and privacy roles What We Offer When you join AECOM, you become part of a company that is pioneering the future . Our teams around the world are involved in some of the most cutting-edge and innovative projects and programs of our time, addressing the big challenges of today and shaping the built environment for generations to come. We ensure a workplace that encourages growth, flexibility and creativity, as well as a company culture that champions inclusion, diversity and overall employee well-being through programs supported by company leadership. Our core values define who we are, how we act and what we aspire to, which comes down to not only delivering a better world , but working to "make amazing happen" in each neighborhood, community and city we touch. As an Equal Opportunity Employer, we believe in each person's potential, and we'll help you reach yours. Job Category Information Technology Business Line Corporate Business Group Corporate Country United States of America Position Status Full-Time Requisition/Vacancy No. 239905BR Additional Locations US - Beltsville, MD - 8000 Virginia Manor Road, US - Chelmsford, MA - 250 Apollo Drive, US - Chicago, IL - 303 E Wacker Drive, US - Greenwood Village, CO - 6200 South Quebec Street, US - Los Angeles, CA - 300 S Grand Ave, US - Oakland, CA - 1333 Broadway Clearance Required No Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Aecom Technology Corporation Oakland CA

VP, Chief Information Security Officer

Kaiser Permanente