CommonSpirit Health - Englewood, CO

posted 10 days ago

Full-time - Senior
Englewood, CO
501-1,000 employees
Hospitals

About the position

The Chief Information Security Officer (CISO) at CommonSpirit Health is a senior executive responsible for establishing and maintaining a comprehensive information security program within a complex healthcare environment. This role involves aligning security initiatives with business objectives, mitigating risks, and ensuring compliance with regulatory standards. The CISO will lead a high-performing team, foster a culture of security awareness, and stay ahead of emerging threats to protect the organization's critical information and assets.

Responsibilities

  • Develop, implement, and champion a comprehensive information security strategy that aligns with the organization's overall business goals, risk appetite, and regulatory requirements.
  • Provide strategic guidance to the executive leadership team on information security matters, emerging threats, and industry best practices.
  • Foster a culture of security awareness and accountability throughout the organization, promoting education, training, and continuous improvement.
  • Modify and maintain a robust risk management framework to identify, assess, and mitigate information security risks across the enterprise.
  • Ensure compliance with relevant regulations and industry standards, such as HIPAA, HITECH, CIS 18, NIST Cybersecurity Framework, and PCI DSS.
  • Oversee regular security audits, risk assessments, and penetration tests to identify vulnerabilities and track remediation efforts.
  • Evaluate and manage third-party vendors and partners to ensure they meet the organization's security standards and contractual obligations.
  • Conduct regular security assessments of third-party vendors and implement appropriate risk mitigation strategies.
  • Partner with the business and other IT organizations to drive end-to-end architectures that feature security as 'built-in' rather than 'bolted-on.'
  • Verify the implementation and management of security technologies and controls, including intrusion detection and prevention systems, firewalls, endpoint protection, data loss prevention, and identity and access management solutions.
  • Regularly evaluate and maintain incident response and disaster recovery plans to minimize the impact of security breaches and ensure business continuity.
  • Lead the investigation and resolution of security incidents, coordinating with internal and external stakeholders, including law enforcement and regulatory agencies, as needed.
  • Build and lead a high-performing information security team, providing mentorship, coaching, and professional development opportunities.
  • Collaborate effectively with IT, legal, compliance, privacy, and other departments to achieve security objectives and foster a shared responsibility for information security.
  • Manage security budgets and resource allocation, ensuring optimal utilization and return on investment.
  • Stay abreast of emerging technologies, cyber threats, and industry trends to proactively identify and address potential risks.

Requirements

  • Minimum of fifteen (15) years of cybersecurity experience.
  • Minimum of ten (10) years related management/leadership experience.
  • Bachelor's degree in Information Technology, Computer Science, Engineering, or a related discipline required (or an equivalent combination of education and/or experience). Master's degree preferred.
  • Certified Information Systems Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Records Manager (CRM), Certified Information Privacy Professional (CIPP).
  • Experience administering information security programs including risk assessments and forensic research, designing security architectures, developing policies, gathering metrics, and reporting status.
  • Experience in maintaining operational computer and network security, firewall administration, virus protection, intrusion detection and prevention, identity and access management, application security, automated security patching, and vulnerability scanning systems.
  • Ability to translate technical cybersecurity issues/concerns into potential business implications that are meaningful to executive leadership.
  • Understanding and application of advanced principles and best practices of system security design, development, analysis, and testing.
  • Proven success working in a regulated environment within a highly matrixed organization while establishing strong cross-functional relationships.

Nice-to-haves

  • Exceptional communication and interpersonal skills, with the ability to effectively interact with and influence all levels of the organization, including the board of directors.
  • Strong analytical, problem-solving, and decision-making skills, with a focus on data-driven insights.
  • Business acumen and financial literacy, with the ability to translate security risks into business impact and articulate the value of security investments.
  • Deep understanding of the healthcare industry and its unique regulatory, operational, and technological challenges.
  • Ability to stay calm and focused under pressure, particularly during security incidents or crises.

Benefits

  • Medical
  • Dental
  • Vision
  • Paid Time Off
  • Holidays
  • Retirement Program
  • Disability Plans
  • Tuition Reimbursement
  • Adoption Assistance
  • Employee Assistance Program (EAP)
  • Discount Programs
  • Life Insurance Plans
  • Worker Compensation
  • Dress for Your Day Policy
  • Voluntary Benefits
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service