Chief Information Security Officer

Unclassified - Huntington, WV

posted 3 months ago

Full-time - Executive
Huntington, WV

About the position

The Chief Information Security Officer (CISO) at Marshall Health Network (MHN) is a pivotal role that reports directly to the Chief Information Officer (CIO). As a member of the CIO leadership team, the CISO is responsible for advocating the organization's comprehensive information security needs and developing a robust information security strategy to enhance the security posture of the enterprise. This executive position involves strategic leadership in information services, working closely with senior administration and various stakeholders to define objectives for information security while fostering relationships across the organization. The CISO will lead the development and implementation of an enterprise-wide information security program, ensuring that it aligns with the clinical, revenue cycle, academic, research, and administrative information systems and technology. This role requires establishing governance processes, setting annual and long-range security goals, and creating metrics and reporting mechanisms to track progress. The CISO will also stay informed about regulatory changes and security issues at both state and national levels, participating in discussions that shape policy and practice. In addition to strategic planning, the CISO will mentor team members within the Information Security Office, implement professional development plans, and represent MHN on various committees and boards. The role also involves leading efforts to assess and evaluate the adequacy of security controls, coordinating audits, and ensuring compliance with relevant legislation. The CISO will create education and awareness programs to promote best practices in security and will act as the primary control point during significant security incidents, leading the response efforts as necessary.

Responsibilities

  • Responsible for the strategic leadership of MHN information security program.
  • Provides guidance and counsel to the CIO and key members of the leadership teams.
  • Works with organizational leadership to oversee the formation and operations of an enterprise-wide information security organization.
  • Manages enterprise-wide information security governance processes and chairs the Information Security Steering Committee.
  • Leads information security planning processes to establish a comprehensive information security program.
  • Establishes annual and long-range security and compliance goals, defines security strategies, metrics, and reporting mechanisms.
  • Stays abreast of information security issues and regulatory changes at the state and national level.
  • Provides leadership philosophy for the Information Security Office to create a strong bridge between organizations.
  • Mentors the Information Security Office team members and implements professional development plans.
  • Represents MHN on committees and boards associated with the enterprise and in national and regional consortiums.
  • Leads the development and implementation of effective policies and practices to secure protected and sensitive data.
  • Leads efforts to assess, evaluate, and make recommendations regarding the adequacy of security controls.
  • Coordinates and tracks all information technology and security-related audits.
  • Works with organization's leadership to build cohesive security and compliance programs.
  • Develops a strategy for dealing with increasing audits and compliance checks.
  • Works closely with IT leaders and technical experts on security issues.
  • Creates education and awareness programs on security issues and best practices.
  • Pursues security initiatives to protect identity theft and online reputation.
  • Keeps abreast of security incidents and acts as primary control point during significant incidents.
  • Develops, implements, and administers technical security standards and services.
  • Provides leadership in assessing and evaluating information security risks.
  • Examines impacts of new technologies on MHN's overall information security.
  • Leads an outsourced Cybersecurity Team and outsourced SOC.

Requirements

  • Bachelor's degree in Information Security, Computer Science, or a related field.
  • Certifications such as CISM, CISSP, C-CISO, or CHISL are required.
  • Master's degree in Information Security, Computer Science, or a related field preferred.
  • Ten (10) years of experience in information security, with significant experience in a leadership or managerial role, preferably in a health care setting.
  • Expert skills in managing information security and mitigating security risk.
  • Excellent oral and written communication skills, including the ability to present to senior leadership and Boards.
  • Strong understanding of cybersecurity technologies, tools, and best practices.
  • Demonstrated knowledge of managing outsourced cybersecurity teams and vendor relationships.
  • In-depth knowledge of cybersecurity regulations, compliance frameworks, and industry standards, such as NIST and HITRUST.
  • Excellent communication, leadership, and problem-solving skills.
  • Demonstrated knowledge of financial forecasting and budget management.

Nice-to-haves

  • Experience in a health care setting is preferred.
  • Knowledge of effective training and communication strategies.
  • Strong writing and editing skills.
  • Experience in exhibiting excellent interpersonal skills.
  • Ability to think outside the box and solid problem-solving skills.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service