MedStar Health
Description
About
The CISO is responsible for leadership of the cybersecurity program as the organization undergoes a transformation journey.
They are a
dynamic leader with experience in securing a highly distributed global enterprise. The CISO will also play an integral leading role in transformation of the organization, directing internal and outsourced security staff to build-
out cybersecurity
solutions, building out the cybersecurity function, and bridging technical knowledge with business acumen into key areas across the organization.
CISO will report to the CIO.
Responsibilities
Establish and maintain a comprehensive organization-wide information security program to ensure that information and assets are adequately protected against current, future, internal, and external threats
Forge strong alliances with the business, IT and Legal leadership to ensure all requirements to maintain existing commercially as well as industry levels of compliance and cyber risk mitigation are strictly monitored and maintained
Provide in-depth cybersecurity expertise and guidance on execution throughout build-out of product development, Information Technology (IT), and Operational Technology (OT) critical infrastructure
Manage the selection, build-out, and successful implementation of vendor managed services and related solutions across cybersecurity domains (e.g., endpoint security, network security, identity and access, SOC, backup, incident response)
Stay ahead of all global information technology and data privacy rules, regulations, and even societal norms in all countries in which we operate
Recommend changes to existing information security and related policies and the creation of new policies as needed in alignment with the corporate Legal team
Partner with the General Counsel on the definition, implementation, and review of cybersecurity governance and risk management processes, metrics, and results, with focus on continuous improvement
Promote cybersecurity training and awareness program across the organization
Lead response and resolution of system compromises, data security breaches and other security events related to company products and services
Interface and collaborate with other departments (e.g., IT, Legal and LOB) to support further build-out of an effective cybersecurity program
Identify opportunities to implement IT and other security controls that mitigate the chance of ransomware attacks or similar incidents
Serve as a primary subject matter expert in global cybersecurity matters, including interfacing with Client audit/diligence requests and other external-facing matters
Support IT in strategy, development, testing, and maintenance of incident response and disaster recovery plans
Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are following policies and audit requirements
Develop a
best-in-class
cyber security team composed of internal and partner resources
Requirements
Bachelor's degree in a major science or engineering discipline (e.g., Cybersecurity, Information Systems, Electrical, Mechanical, Software, IT) or related field
In-depth, up-to-date, and broad knowledge of the Information Security field is required, including all major communications and computing technologies and trends, including significant domestic and international exposure
10+ years of experience in a cybersecurity focused on Operational Technology and/or Critical Infrastructure, delivering results
5+ years of supervisory experience, particularly managing
a small team and outsourced cybersecurity personnel
CISSP, HCISSP, or CISM certification
Working knowledge of cybersecurity control frameworks, such as ISO 27001,
HiTrust
, NIST 800-53, and IEC 62443
Demonstrated experience in managing the resolution of a cyber event (ransomware, data breach, etc.)
Advanced knowledge of securing cloud infrastructure, such as Amazon AWS
or Microsoft Azure
Experience designing, architecting, implementing the following technologies: SIEM, EDR/MDR, ZTA, SDN
Advanced knowledge of data privacy regulations and associated processes
Ability to work across multiple time-zones and geographical areas (e.g., USA, EU, APAC)
Ability to manage ongoing multiple workstreams, and responsive to critical situations and changing priorities
Excellent written and communication skills
Self-motivated and entrepreneurial spirit
Willingness to learn and adapt to a dynamic environment
Travel, domestic and international, may be as much as 25%
Employment Type: Full-Time
Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process.
This is a remote position in the US. We are open to candidates in various states, with the exception of those residing in the following: AK, DC, DE, ME, NH, NM, OK, HI, MS, MT, NV, NE, ND, SD, VT, WY, WV
Our compensation reflects the cost of labor across several U.S. geographic markets, and we pay differently based on those defined markets. The U.S. pay range for this position is $230,000 - $250,000 annually. Ultimately, in determining pay, we will consider the successful candidate's location, experience, and other job-related factors.
Group benefits currently include a selection of health care plans with prescription drug coverage, dental plan, vision plan, basic and supplemental life insurance, a flexible spending account for medical and dependent care expenses or a health savings account based on plan selection, short/long term disability and 401(k) Savings Plan.
Qualifications Education
Bachelors (required) Experience
Advanced knowledge of data privacy regulations and associated processes (required) Experience designing, architecting, implementing the following technologies: SIEM, EDR/MDR, ZTA, SDN (required) Advanced knowledge of securing cloud infrastructure, such as Amazon AWSor Microsoft Azure (required) Demonstrated experience in managing the resolution of a cyber event (ransomware, data breach, etc.) (required) Working knowledge of cybersecurity control frameworks, such as ISO 27001, HiTrust, NIST 800-53, and IEC 62443 (required) CISSP, HCISSP, or CISM certification (required) 5 years: Years of supervisory experience, particularly managing a small team and outsourced cybersecurity personnel (required) 10 years: Years of experience in a cybersecurity focused on Operational Technology and/or Critical Infrastructure, delivering results (required) In-depth, up-to-date, and broad knowledge of the Information Security field is required, including all major communications and computing technologies and trends, including significant domestic and international exposure (required)
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the
Know Your Rights
notice from the Department of Labor.
#J-18808-Ljbffr
About
The CISO is responsible for leadership of the cybersecurity program as the organization undergoes a transformation journey.
They are a
dynamic leader with experience in securing a highly distributed global enterprise. The CISO will also play an integral leading role in transformation of the organization, directing internal and outsourced security staff to build-
out cybersecurity
solutions, building out the cybersecurity function, and bridging technical knowledge with business acumen into key areas across the organization.
CISO will report to the CIO.
Responsibilities
Establish and maintain a comprehensive organization-wide information security program to ensure that information and assets are adequately protected against current, future, internal, and external threats
Forge strong alliances with the business, IT and Legal leadership to ensure all requirements to maintain existing commercially as well as industry levels of compliance and cyber risk mitigation are strictly monitored and maintained
Provide in-depth cybersecurity expertise and guidance on execution throughout build-out of product development, Information Technology (IT), and Operational Technology (OT) critical infrastructure
Manage the selection, build-out, and successful implementation of vendor managed services and related solutions across cybersecurity domains (e.g., endpoint security, network security, identity and access, SOC, backup, incident response)
Stay ahead of all global information technology and data privacy rules, regulations, and even societal norms in all countries in which we operate
Recommend changes to existing information security and related policies and the creation of new policies as needed in alignment with the corporate Legal team
Partner with the General Counsel on the definition, implementation, and review of cybersecurity governance and risk management processes, metrics, and results, with focus on continuous improvement
Promote cybersecurity training and awareness program across the organization
Lead response and resolution of system compromises, data security breaches and other security events related to company products and services
Interface and collaborate with other departments (e.g., IT, Legal and LOB) to support further build-out of an effective cybersecurity program
Identify opportunities to implement IT and other security controls that mitigate the chance of ransomware attacks or similar incidents
Serve as a primary subject matter expert in global cybersecurity matters, including interfacing with Client audit/diligence requests and other external-facing matters
Support IT in strategy, development, testing, and maintenance of incident response and disaster recovery plans
Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are following policies and audit requirements
Develop a
best-in-class
cyber security team composed of internal and partner resources
Requirements
Bachelor's degree in a major science or engineering discipline (e.g., Cybersecurity, Information Systems, Electrical, Mechanical, Software, IT) or related field
In-depth, up-to-date, and broad knowledge of the Information Security field is required, including all major communications and computing technologies and trends, including significant domestic and international exposure
10+ years of experience in a cybersecurity focused on Operational Technology and/or Critical Infrastructure, delivering results
5+ years of supervisory experience, particularly managing
a small team and outsourced cybersecurity personnel
CISSP, HCISSP, or CISM certification
Working knowledge of cybersecurity control frameworks, such as ISO 27001,
HiTrust
, NIST 800-53, and IEC 62443
Demonstrated experience in managing the resolution of a cyber event (ransomware, data breach, etc.)
Advanced knowledge of securing cloud infrastructure, such as Amazon AWS
or Microsoft Azure
Experience designing, architecting, implementing the following technologies: SIEM, EDR/MDR, ZTA, SDN
Advanced knowledge of data privacy regulations and associated processes
Ability to work across multiple time-zones and geographical areas (e.g., USA, EU, APAC)
Ability to manage ongoing multiple workstreams, and responsive to critical situations and changing priorities
Excellent written and communication skills
Self-motivated and entrepreneurial spirit
Willingness to learn and adapt to a dynamic environment
Travel, domestic and international, may be as much as 25%
Employment Type: Full-Time
Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process.
This is a remote position in the US. We are open to candidates in various states, with the exception of those residing in the following: AK, DC, DE, ME, NH, NM, OK, HI, MS, MT, NV, NE, ND, SD, VT, WY, WV
Our compensation reflects the cost of labor across several U.S. geographic markets, and we pay differently based on those defined markets. The U.S. pay range for this position is $230,000 - $250,000 annually. Ultimately, in determining pay, we will consider the successful candidate's location, experience, and other job-related factors.
Group benefits currently include a selection of health care plans with prescription drug coverage, dental plan, vision plan, basic and supplemental life insurance, a flexible spending account for medical and dependent care expenses or a health savings account based on plan selection, short/long term disability and 401(k) Savings Plan.
Qualifications Education
Bachelors (required) Experience
Advanced knowledge of data privacy regulations and associated processes (required) Experience designing, architecting, implementing the following technologies: SIEM, EDR/MDR, ZTA, SDN (required) Advanced knowledge of securing cloud infrastructure, such as Amazon AWSor Microsoft Azure (required) Demonstrated experience in managing the resolution of a cyber event (ransomware, data breach, etc.) (required) Working knowledge of cybersecurity control frameworks, such as ISO 27001, HiTrust, NIST 800-53, and IEC 62443 (required) CISSP, HCISSP, or CISM certification (required) 5 years: Years of supervisory experience, particularly managing a small team and outsourced cybersecurity personnel (required) 10 years: Years of experience in a cybersecurity focused on Operational Technology and/or Critical Infrastructure, delivering results (required) In-depth, up-to-date, and broad knowledge of the Information Security field is required, including all major communications and computing technologies and trends, including significant domestic and international exposure (required)
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the
Know Your Rights
notice from the Department of Labor.
#J-18808-Ljbffr