PathGroup
Chief Of Information Security And Security Officer (CISO)
All candidates should make sure to read the following job description and information carefully before applying. The Chief Of Information Security And Security Officer (CISO) is responsible for providing leadership and operational excellence in developing and supporting security initiatives and policies. The CISO develops strategies to protect sensitive data, manages security risks, investigates and remediates security incidents, and promotes security awareness and compliance across the organization. The CISO acts as the primary contact for security-related matters and serves as the organization's HIPAA Security Officer. Job Responsibilities Leadership & Strategy : Develop and manage a comprehensive information security and risk management program aligned with business objectives and regulatory requirements. Serve as the organization's HIPAA Security Officer, leading all activities related to the security of protected health information (PHI). Collaborate with executive leadership, legal, compliance, and IT teams to integrate security into all aspects of operations and technology. Lead the organization's Cyber Incident Response plan, coordinating actions, communication, and mitigation efforts with Executive Leadership. Stay current with emerging security trends, conduct research, and recommend improvements to existing processes. Advise and educate executive and management teams on technological and financial security considerations. Governance, Risk & Compliance : Establish, implement, maintain, and audit information security policies, procedures, and controls in accordance with the organization's Compliance Program, federal laws, and industry standards. Conduct regular risk assessments and security audits to identify vulnerabilities and recommend mitigations. Oversee security incident response planning and investigation of security breaches, including documentation and reporting. Work closely with the Chief Information Officer and Privacy Officer to develop and administer security awareness training for employees and contractors. Security Operations : Lead strategic security and incident response planning to align with business goals, deploying, monitoring, maintaining, and upgrading security tools, technologies, and systems. Ensure regular risk assessments, penetration testing, and remediation efforts are conducted timely. Monitor network and system activity for anomalies and trends to prevent and address security incidents promptly. Collaborate with IT to implement secure system configurations and DevSecOps practices. Third-Party, Vendor and Client Management : Evaluate third-party vendors and partners for security and compliance posture. Complete security assessments required by clients or partners. Participate in contract negotiations to ensure security requirements and data protection terms are included. Management : Manage employee hiring, including developing job descriptions, performance expectations, and identifying essential skills and knowledge. Supervise and evaluate employee and team performance, providing coaching and counseling as needed. Coordinate team projects, schedule work, and set priorities. Foster an ethical, non-discriminatory, and safe work environment, ensuring effective communication and resolving employee issues. Perform responsibilities in accordance with industry best practices and regulatory guidelines to protect sensitive data. Abide by the Corporate Compliance Program and all related policies. Non-Essential Functions Management reserves the right to reassign duties as needed. Perform other duties as assigned.
#J-18808-Ljbffr
All candidates should make sure to read the following job description and information carefully before applying. The Chief Of Information Security And Security Officer (CISO) is responsible for providing leadership and operational excellence in developing and supporting security initiatives and policies. The CISO develops strategies to protect sensitive data, manages security risks, investigates and remediates security incidents, and promotes security awareness and compliance across the organization. The CISO acts as the primary contact for security-related matters and serves as the organization's HIPAA Security Officer. Job Responsibilities Leadership & Strategy : Develop and manage a comprehensive information security and risk management program aligned with business objectives and regulatory requirements. Serve as the organization's HIPAA Security Officer, leading all activities related to the security of protected health information (PHI). Collaborate with executive leadership, legal, compliance, and IT teams to integrate security into all aspects of operations and technology. Lead the organization's Cyber Incident Response plan, coordinating actions, communication, and mitigation efforts with Executive Leadership. Stay current with emerging security trends, conduct research, and recommend improvements to existing processes. Advise and educate executive and management teams on technological and financial security considerations. Governance, Risk & Compliance : Establish, implement, maintain, and audit information security policies, procedures, and controls in accordance with the organization's Compliance Program, federal laws, and industry standards. Conduct regular risk assessments and security audits to identify vulnerabilities and recommend mitigations. Oversee security incident response planning and investigation of security breaches, including documentation and reporting. Work closely with the Chief Information Officer and Privacy Officer to develop and administer security awareness training for employees and contractors. Security Operations : Lead strategic security and incident response planning to align with business goals, deploying, monitoring, maintaining, and upgrading security tools, technologies, and systems. Ensure regular risk assessments, penetration testing, and remediation efforts are conducted timely. Monitor network and system activity for anomalies and trends to prevent and address security incidents promptly. Collaborate with IT to implement secure system configurations and DevSecOps practices. Third-Party, Vendor and Client Management : Evaluate third-party vendors and partners for security and compliance posture. Complete security assessments required by clients or partners. Participate in contract negotiations to ensure security requirements and data protection terms are included. Management : Manage employee hiring, including developing job descriptions, performance expectations, and identifying essential skills and knowledge. Supervise and evaluate employee and team performance, providing coaching and counseling as needed. Coordinate team projects, schedule work, and set priorities. Foster an ethical, non-discriminatory, and safe work environment, ensuring effective communication and resolving employee issues. Perform responsibilities in accordance with industry best practices and regulatory guidelines to protect sensitive data. Abide by the Corporate Compliance Program and all related policies. Non-Essential Functions Management reserves the right to reassign duties as needed. Perform other duties as assigned.
#J-18808-Ljbffr