This position has a wide expanse of relationships internal and external to Kaiser Permanente (KP) and must balance stakeholders representing complex and varied priorities with security imperatives. The CISO must navigate the organization, its regulators, policies, customers, and other important stakeholders while ensuring that KP has the right tools and controls in place to protect its business operations, data, tools and network against a dynamic threat landscape. Additionally, this executive must demonstrate solid leadership, relationship management, and collaboration competencies, understand how to balance and manage risk, and reflect a consistently compliant and policy driven approach to managing the work. The CISO must: Lead the Cyber Security function to prevent data loss and prevent fraud, and ensure the confidentiality, integrity and availability of all KP-s data and systems. Design and implement security architecture. Provide strategic and operational management of the Cyber Security function. Deliver and support program-wide prioritized risk mitigation activities. Lead incident response and management, including investigations and forensics and implementing controls to prevent relapse. Govern security initiatives and controls to ensure the environment is secure and that corporate leadership understands their importance. Design and govern security policies and security guidance. Provide training and awareness to the Kaiser Permanente enterprise. Implement program and process improvements to strengthen the organization-s security posture. Develop and maintain strong strategic relationships with leadership across the KP enterprise and critical external stakeholders, advisors, and security industry groups.
Builds and maintains a high performing leadership team with robust succession plans by providing strategic leadership and vision, and professional development of technical and business management staff.
Leads development of the Cyber Security strategic roadmap ensuring it is strategically aligned to mitigate current and future security risks for KP. Understands the dynamic threat landscape and strategically adjusts and aligns the roadmap on an ongoing basis to ensure it addresses the changing security risk environment.
In partnership with the Chief Technology Risk Officer, VP of Technology Risk Management, and Executive Director, IT Compliance, develops and manages cyber security functions that support the identification, management and remediation of prioritized risk and compliance efforts. Serves as advisor on Cyber Security to senior leadership. Develops and presents strategic risk recommendations.
Leads department-wide cyber security strategic and operational planning efforts to integrate into TRO-s multi-year financial and strategic planning efforts. Ensures plans comply with program guidelines and objectives and includes a high degree of stakeholder engagement and achieves threat/risk management goals, operational efficiencies, and clear organizational direction for the Cyber Security function, TRO, and the KP enterprise.
Partners with other TRO functions to provide metrics/dashboard reporting for key business management initiatives, and/or other ad hoc information requests to report Cyber Security data and metrics. Strategically advises and shares metrics and analysis with stakeholder groups to optimize visibility of Cyber Security risks and areas of improvement across the KP enterprise.
In partnership with the Chief Technology Risk Officer and the TRO Executive Leadership team, ensures Cyber Security is strategically and effectively engaged with stakeholder communities and is meeting stakeholder expectations.
In partnership with the Office of the Chief Technology Risk Officer, develops communication approaches and strategies, determines presentation focus and emphasis, and provides inputs to board-level presentations to report on the status of Cyber Security. Primary audiences include the IT Executive Committee, KP business leaders, business operations governance bodies, and other key audiences, as needed.
Plans and leads designated people processes and organization performance reporting, and goal setting on behalf of Cyber Security, including performance management, process coordination, talent reviews, etc.
Develops long term resource and employee development strategies to ensure workforce is equipped and available to support the execution needs of Cyber Security.
A proven senior IT security leader who has demonstrated leadership(minimum 10 years) in building and managing teams in a large, client-focused, complex IT environment; possesses business and financial acumen as well as high emotional intelligence and people leadership skills.
Proven experience leading an IT Security organization, a broad and detailed understanding of security centric technology and tools, security risk management, threat landscape and threat mitigation strategies
A strong knowledge of regulatory compliance including PCI, HIPAA, SOX, NIST, GLBA. Experienced in leading a security organization through security assessments performed by regulators, customers, SOC1 and SOC2 assessments, and/or to assess the cyber maturity of the organization.
High degree of business acumen including risk management, budgeting, forecasting, executive communications, collaboration, and strategic relationship building. Strong process and policy orientation - with an emphasis on leading by enabling others to understand their accountabilities and enabling them to perform their work with guidance and coaching.
Proven experience building and managing a highly effective organization and developing high-performance teams that are geographically dispersed.
Proven experience in strategically managing project and portfolio lifecycles and the alignment of these to strategic company- wide roadmaps and ability to identify and prioritize strategic imperatives to ensure alignment with corporate strategy.
Strong team player able to partner with other IT functional units to deliver substantive added value to business planning and operations.
Systems-thinking - quickly assimilates the connections and relationships across functions and entities for both internal and external constituencies; plans appropriately for the future.
Client Service and Results Driven: focuses and aligns actions and decisions on ways to enhance service, client, and stakeholder experiences and objectives; is motivated and committed to achieving results on behalf of commitments to clients; inspires same in staff; balances resources to produce desired outcomes; tracks and monitors performance.
Team Focus: acts and makes decisions as part of a whole; assembles and effectively leads direct reports and/or partnership teams; exceptional facilitator of teamwork and decision-making in virtual and in-person settings.
Communication: delivers the right messages and information to appropriate audiences both verbally and in writing; inspires/interacts effectively across all levels in the organization; keeps stakeholders informed; adapts communication style to needs of audience.
Collaboration/Influencing: Actively gathers appropriate maximum level of participation and input to decision-making and fosters same within team; works through others to see/recognize new perspectives to reach best outcomes; strong matrix management and influencing skills.
Strategy: thinking/planning/providing vision of the future and develops actionable plans to achieve vision.
Change Leadership: sees breakthrough possibilities, dispels established mental and operational -maps-, effectively communicates vision of possibilities, and leads change planning to ensure that changes take hold.
Analytics: understands and actively seeks use of metrics and critical thinking to distill situations, guide messages and make decisions.
Accountability: owns delivering service and meeting business objectives.
Resource Management: proactively plans, forecasts, and achieves operating and capital short-term and long-term goals.
Commercial/Business Acumen: Ability to understand business drivers and work with stakeholders to manage cost and value drivers
Bachelor's degree required
License, Certification, Registration
Master-s degree desired in computer science, business, law, or any other related subject
Professional certifications such as the Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) are also desired.
Primary Location: California,Oakland,Ordway One Kaiser Plaza Scheduled Weekly Hours: 40 Shift: Day Workdays: Mon-Fri Working Hours Start: 8:00 AM Working Hours End: 5:00 PM Job Schedule: Full-time Job Type: Standard Employee Status: Regular Employee Group/Union Affiliation: Salaried, Non-Union, Exempt Job Level: Executive/VP Job Category: Information Technology Department: Technology Risk Office Travel: Yes, 20 % of the Time Kaiser Permanente is an equal opportunity employer committed to a diverse and inclusive workforce. Applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), age, sexual orientation, national origin, marital status, parental status, ancestry, disability, gender identity, veteran status, genetic information, other distinguishing characteristics of diversity and inclusion, or any other protected status.
External hires must pass a background check/drug screen. Qualified applicants with arrest and/or conviction records will be considered for employment in a manner consistent with federal and state laws, as well as applicable local ordinances, including but not limited to the San Francisco and Los Angeles Fair Chance Ordinances.
Click here for additional requirements >
Share This Job