Chief Information Security Officer
NextHealth Technologies is seeking a Chief Information Security Officer (CISO), responsible for the design and execution of an information security strategy focused on mitigating risk for a system containing Protected Health Information (ePHI) data. You will drive to deliver change across the system to ensure security is an enabler to NHT’s mission. This includes developing and maintaining a security management program that governs the creation, administration and oversight of enterprise-wide information security activities. As part of the information security program, the CISO also is responsible for the development, implementation, and management of areas including enterprise information security services, cyber resilience, information security governance and information security risk management.
In this position, you will:
- Serve in a leadership role responsible for security compliance, security communications across multiple offices
- Responsible for building a strategic and comprehensive information security program that defines, develops, maintains and implements controls, policies and processes that enable consistent, effective information security practices for systems containing Protected Health Information (ePHI)
- Member of the leadership team that initiates, facilitates, and promotes activities to foster information security awareness within the organization
- Responsible for evaluating security trends, evolving threats, risks and vulnerabilities and remediates and/or applies tools to mitigate risk as necessary
- Responsible for owing the security roadmap to ensure the security program continues to meet the requirements of regulatory compliance in accordance with current security protocols, standards and methodologies including, but not limited to, HIPAA security, HITRUST, NIST CSF, 42 CFR, and other applicable security and privacy laws that may apply
- Proactively develop, communicate, and implement a security roadmap
- Maximize the effectiveness of installed security systems and cloud-based infrastructure and lead the assessment, evaluation, and implementation of new technologies and enterprise security processes as appropriate
- Identify information security protection goals, objectives and metrics consistent with the overall mission of the information security management program
- Set expectations, assign accountabilities, and measure performance against expectations in all key functional areas
- Oversee information security risk management program, including internal and third-party risk
- Implement and oversee the effective management of technical and administrative controls and provide executive leadership of cross-functional response teams (e.g., Security, IT, Legal, Compliance) to investigate and remediate security incidents.
- Collaborate with stakeholders to ensure critical business processes can be maintained even when a cyber-attack may impact availability of systems and other technical resources.
- Provide leadership over the development, deployment and oversight of a business continuity management program with ties to disaster recovery program.
Above all, we are looking for a servant leader whose personal and professional background demonstrates a genuine passion for the mission and core values of NHT. To be successful, you must be an experienced, “hands on” security leader interested in a dynamic, fast paced environment. You must be willing to roll up your sleeves and be a utility player. Plus, you should enjoy collaborating with the team but also be a self-starter who doesn’t rely on direction to add value.
- Bachelor degree in business administration, computer science or related field; or an equivalent combination of education and/or experience. A Master’s degree in business administration, healthcare administration or related field is preferred.
- 10+ years of progressive experience that includes designing and implementing an enterprise information security strategy and program, HITRUST and NIST highly preferred
- Possess an information security related certification such as: Certified Information System Security Professional (CISSP), Certified Information System Security Manager (CISM), Certified Information Systems Auditor (CISA), or comparable certification.
- Proven track record in the information security space in highly regulated environments, a background in healthcare is a plus.
- Expertise in information security, technology, and risk management is essential. Equally significant and critical qualifications include business and financial acumen, the ability to thrive in a dynamic service-oriented environment, excellent leadership abilities and management skills with a proven record of functional transformation, change mastery and management, and budget and resource management. Be a strategic thinker and results-oriented leader driven by enabling the business though a risk-management and customer-centric approach.