Chief Information Security Officer
720 Harrison Ave. 8th floor Boston, Massachusetts 02118
Under the direction of the CIO the Chief Information Security Officer (CISO) is responsible for planning, coordinating and implementing information security operations. The CISO will lead or participate in the development, enforcement, and maintenance of policies, procedures, measures, and mechanisms to protect the confidentiality, integrity and availability of information and to prevent, detect, contain, and correct information security breaches by aligning information security standards and compliance with statutory and regulatory requirements.
The CISO will also work with other IT leaders, including the Sr. Director of Technology to ensure that infrastructure design and implementation meets the security requirements of both the IT security team, corporate compliance, and corporate privacy officers. The CISO is also responsible for the development, maintenance, and execution of an annual security testing program as well as overseeing security evaluations on prospective vendors/partners.
The CISO also monitors security and privacy trends and coordinates with risk management, legal, human resources, Health Information Management, and compliance departments to keep abreast of relevant laws and legislation (locally and nationally) to ensure that the security and privacy programs are updated when appropriate to maintain ongoing compliance.
The CISO champions information security efforts across the organization and serves as a content expert and educator for IT and other departments.
ESSENTIAL RESPONSIBILITIES / DUTIES:
- Responsible for Information Security Program (ISP) development and implementation including
- Identify protection goals, objectives and metrics consistent with organizations strategic plan
- Incident response program development
- Security awareness program development
- Determine the acceptable level of information security risk in conjunction with senior management. Advise management on information security risks and appropriate course of action.
- Conducts threats and vulnerability assessments to properly analyze the risks to information security and determines appropriate measures to effectively manage those risks
- Work with management to prioritize security initiatives and spending based on appropriate risk management methodology
- Manage the investigation of security breaches or potential breaches and assist with disciplinary and legal matters associated with such breaches
- Work with outside consultants as appropriate for independent security audits
- Participate in the evaluation, selection and implementation of security products and technologies
- Develop enterprise education and communication plan.
- Maintain deep knowledge of legal requirements and market standards of information security
Seven plus years of experience in a large (over 2, 000 end users) Healthcare IT Enterprise required.
KNOWLEDGE AND SKILLS:
- Should have experience with auditing, and risk management, as well as contract and vendor negotiation.
- Must have a solid understanding of information technology and information security.
- Strong verbal and written communication skills.
- Ability to articulate highly technical information into real world business impact at a senior management level and, conversely, ability to translate senior management business initiatives into actionable technical designs.
- Must understand the unique requirements of security in a healthcare setting.
- Familiarity with current Cybersecurity management frameworks