NRI North America
CISO - Chief Information Security Officer
NRI North America, Mount Laurel, New Jersey, United States
Overview
Through Core BTS d/b/a NRI's Resource Management Services (RMS), we offer custom talent solutions to help our clients meet their evolving technology and business needs. We help effectively match the right technology professional to their organization, recruiting for contract, contract-to-hire, and direct roles. Our client in the Healthcare industry has an immediate need for a CISO - Chief Information Security Officer to join their team. Please note
that this position is with a client of NRI. Responsibilities
Design and lead an enterprise-grade cybersecurity program aligned with NIST CSF and tailored to the unique risks in healthcare environments. Collaborate with executive leadership to define risk tolerance and report on security posture, emerging threats, and mitigation plans. Establish security policies, procedures, and governance models based on industry standards and best practices. Oversee risk assessments and ensure alignment with HIPAA, HITECH, NIST 800-53, 800-171, and other applicable regulatory frameworks. Oversee risk mitigation strategies, vendor risk management, and the development of a comprehensive third-party security assessment process. Manage audit readiness and lead remediation efforts for internal and external audits (e.g., OCR, HITRUST, SOC 2). Oversee security operations, including identity and access management (IAM), SIEM, vulnerability management, endpoint protection, and cloud security. Lead the development and ongoing testing of incident response, disaster recovery (DR), and business continuity (BC) plans. Coordinate and lead investigations of security incidents, breaches, and potential threats across the enterprise. Lead incident response activities including forensic reviews, root cause analysis, and executive communications. Champion adoption of the NIST Cybersecurity Framework and maturity models (e.g., C2M2, CIS Controls). Evaluate and integrate new security tools and technologies to enhance threat detection and response capabilities. Ensure alignment of cybersecurity strategy with digital transformation initiatives, including EHR systems, telehealth, and cloud migration. Build and lead a high-performing information security team with cross-functional expertise in GRC, SecOps, and cyber risk. Develop a security training and awareness program for employees, clinicians, and contractors. Foster a culture of security accountability and resilience across all levels of the organization. Qualifications
Bachelor’s degree in Information Security, Computer Science, Information Systems, or related field; Master’s degree preferred. 10+ years of progressive leadership experience in information security, including 5+ years as a CISO or equivalent in a large healthcare organization or health system. Demonstrated expertise in applying NIST CSF, NIST 800-53, HITRUST, or similar frameworks in complex healthcare environments. Proven track record of managing enterprise-wide security operations, incident response, and compliance initiatives. Strong understanding of regulatory and compliance requirements in healthcare. Identity and Access Management (IAM) solutions and workflows; Privileged Access Management (PAM) tools and governance. Preferred Certifications
Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) HealthCare Information Security and Privacy Practitioner (HCISPP) Certified in Risk and Information Systems Control (CRISC) HITRUST Certified CSF Practitioner (CCSFP) Key Competencies
Visionary leadership with strategic and operational cybersecurity experience Deep knowledge of healthcare IT systems, including EHRs, HIEs, and clinical workflows Strong understanding of federal and state healthcare regulations Collaborative leadership style with strong interpersonal skills Excellent communication skills with the ability to translate technical risks for executive stakeholders Results-driven with continuous improvement mindset Seniority level
Executive Employment type
Full-time Job function
Information Technology Industries
IT Services and IT Consulting
#J-18808-Ljbffr
Through Core BTS d/b/a NRI's Resource Management Services (RMS), we offer custom talent solutions to help our clients meet their evolving technology and business needs. We help effectively match the right technology professional to their organization, recruiting for contract, contract-to-hire, and direct roles. Our client in the Healthcare industry has an immediate need for a CISO - Chief Information Security Officer to join their team. Please note
that this position is with a client of NRI. Responsibilities
Design and lead an enterprise-grade cybersecurity program aligned with NIST CSF and tailored to the unique risks in healthcare environments. Collaborate with executive leadership to define risk tolerance and report on security posture, emerging threats, and mitigation plans. Establish security policies, procedures, and governance models based on industry standards and best practices. Oversee risk assessments and ensure alignment with HIPAA, HITECH, NIST 800-53, 800-171, and other applicable regulatory frameworks. Oversee risk mitigation strategies, vendor risk management, and the development of a comprehensive third-party security assessment process. Manage audit readiness and lead remediation efforts for internal and external audits (e.g., OCR, HITRUST, SOC 2). Oversee security operations, including identity and access management (IAM), SIEM, vulnerability management, endpoint protection, and cloud security. Lead the development and ongoing testing of incident response, disaster recovery (DR), and business continuity (BC) plans. Coordinate and lead investigations of security incidents, breaches, and potential threats across the enterprise. Lead incident response activities including forensic reviews, root cause analysis, and executive communications. Champion adoption of the NIST Cybersecurity Framework and maturity models (e.g., C2M2, CIS Controls). Evaluate and integrate new security tools and technologies to enhance threat detection and response capabilities. Ensure alignment of cybersecurity strategy with digital transformation initiatives, including EHR systems, telehealth, and cloud migration. Build and lead a high-performing information security team with cross-functional expertise in GRC, SecOps, and cyber risk. Develop a security training and awareness program for employees, clinicians, and contractors. Foster a culture of security accountability and resilience across all levels of the organization. Qualifications
Bachelor’s degree in Information Security, Computer Science, Information Systems, or related field; Master’s degree preferred. 10+ years of progressive leadership experience in information security, including 5+ years as a CISO or equivalent in a large healthcare organization or health system. Demonstrated expertise in applying NIST CSF, NIST 800-53, HITRUST, or similar frameworks in complex healthcare environments. Proven track record of managing enterprise-wide security operations, incident response, and compliance initiatives. Strong understanding of regulatory and compliance requirements in healthcare. Identity and Access Management (IAM) solutions and workflows; Privileged Access Management (PAM) tools and governance. Preferred Certifications
Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) HealthCare Information Security and Privacy Practitioner (HCISPP) Certified in Risk and Information Systems Control (CRISC) HITRUST Certified CSF Practitioner (CCSFP) Key Competencies
Visionary leadership with strategic and operational cybersecurity experience Deep knowledge of healthcare IT systems, including EHRs, HIEs, and clinical workflows Strong understanding of federal and state healthcare regulations Collaborative leadership style with strong interpersonal skills Excellent communication skills with the ability to translate technical risks for executive stakeholders Results-driven with continuous improvement mindset Seniority level
Executive Employment type
Full-time Job function
Information Technology Industries
IT Services and IT Consulting
#J-18808-Ljbffr