This Job has been reposted by the company. Refer to Job ID 683469.
Company is seeking a full-time, talented Vice President, Chief Information Security Officer to drive our security program including information assets and associated technology, applications, systems, infrastructure and processes to adequately protect the digital ecosystem in which we operate. The ideal candidate is a driver, with a passion for physical and logical security and a determination to beat the nefarious by staying ahead of industry standards for security while striving to maintain good and efficient user experiences for our customers. This is a role for a visionary leader with sound knowledge of business and security management, hands on skills in security processes and tools, and the ability to build a highly effective security team. Further, this leader must have the skills to effectively lead across the entire company on behalf of the CEO and shareholders to ensure security prevention, detection, investigation, compliance, and resolution processes are rigorously followed. He or she must have detailed knowledge of cybersecurity technologies, the cyberthreat landscape, and a robust network of security industry contacts to ensure the protection of Company 's employees, customers and assets.
Company is the industry-leading healthcare payments company and our mission, 'We simplify healthcare payments ' says it all. Built around the values of integrity, accountability, collaboration and empowerment, the Company team delivers provider payments, premium payments, quality incentive communications and patient payment products to the health plan and provider markets. A rapidly growing, profitable, private '"equity backed innovator, Company is looking for a VP, Chief Information Security Officer to lead Company 's growing security organization.
The Vice President, Chief Information Security Officer position will provide leadership of the information security program company-wide including risk-based strategic planning and implementation which incorporates administrative, technical, and physical risk controls. This role will oversee all management, operations, strategy, direction, growth and execution of the Security hands-onfunctions at Company. You will be setting the direction and culture for Company 's security principles, practices and standards, reporting directly to the CEO. This position will interact with the C-Suite and Board.
- Ownership of security controls and processes in support of cyber-resilience. This includes: Unified Threat Management, CASB, SEIM, malware, data loss prevention, anti-phishing, cloud messaging and malware controls.
- Provide active monitoring and governance to ensure that third-party technology partners adhere and align to Company 's relevant security policies, standards and practices.
- Ownership of the relevant information security control processing including all information security (technical, process) activities across all domains of information security; access control, connectivity/communications, security operations, AD security and event management.
- Support for strategic initiatives including the application and infrastructure establishment and simplification, transparency and value.
- Educate and communicate to key stakeholders of new threats, industry trends and applicable laws related to security.
- Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and continuously increase the maturity of the security program.
- Develop short and long-term Information Systems strategies related to infrastructure, security, support and applications that will improve the efficiency of associates.
- Ensure business continuity and enterprise risk factors are integrated in the design and operation IT Systems
- Manage and optimize the financial budget.
- Develop optimized technologies and processes for the integration of acquired companies.
- Develop and launch visual management techniques within IT that will lead to improving support, decreasing application downtime and lead to completing of projects on time
- Lead and manage key governance components including relevant regulatory and contractual compliance, policy and security awareness and training.
- Provide direction and guidance to IT Operations and manage escalation process with security service providers.
- Drive incident response readiness including periodic updates of the Global Incident Response Plan, implementation of tabletop training exercises and management of third-party forensics support.
- Stay current on cybersecurity threat trends and intelligence.
- Keep up to date on new and evolving security technologies and services available in the market.
- Intelligent and persuasive leader and manager with good interpersonal, verbal and written communication and presentation skills.
- Demonstrated experience designing a comprehensive security program for SaaS applications and Corporate environments including Security Assessments, Red/Blue/Purple Team Penetration Tests, Risk Management, Threat Intelligence, Vulnerability management, Incident and Response, Security Training, Privacy and Compliance Programs.
- Direct experience managing complex information technology programs within the financial and/or healthcare SaaS space.
- Accomplished and effective change manager with leadership responsibility and ability to implement and drive adoption of risk management program as required for Company.
- Direct knowledge of industry best practices (NIST, ISO, SANS, COBIT, CERT), Legislative and Regulatory and Industry Compliance Requirements (SOX, PCI, HIPAA, HiTech, HiTrust, EHNAC, etc )
- Managed across vendor solutions and consultants, ensuring vendor performance and deliverables meet specifications for security and compliance
- Directed members across the organization, ensuring alignment of resources across functions.
- Creative, innovate and thorough approach with the ability to work autonomously.
- Ability to focus on high quality work while under pressure
- Logical, analytic and rational
- Strong risk management background in a healthcare financial organization
- Ability to manage aggressive time frames and communicate effectively to peers and management
- English (oral and written) is a must
Experience and Education:
- Bachelor 's Degree; Master 's level degree preferred
- CISSP or GIAC, CCSP (Certified Cloud Security Professional) preferred; and CIPP (Certified Information Privacy Professional preferred
- Minimum 10 years work experience in IT, including at least 5 in Information Security leadership
- Well versed in PCI DSS compliance, ISO 27001, 27002 standards and the Cloud Security Alliance Cloud Controls Matrix
- Must be able to pass the FBI 's background checks to join Infragard