VP, Global Cybersecurity

| Greater Boulder Area | Remote | Hybrid
Sorry, this job was removed at 11:31 a.m. (MST) on Friday, October 1, 2021
Find out who's hiring in Greater Boulder Area.
See all Cybersecurity + IT jobs in Greater Boulder Area
Easy Apply
By clicking Apply Now you agree to share your profile information with the hiring company.

General Summary:The VP, Global Cybersecurity (the "Cybersecurity VP") is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected in the digital ecosystem in which we operate. The position is charged with identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives. The position will provide leadership and oversight for the strategy, operations, administration and governance of information security, cyber security, security systems and information security operations of the current and growing needs of the global business and healthcare landscape. The Cybersecurity VP should understand and articulate the impact of cybersecurity on (digital) business and be able to communicate this to the board of directors and other senior stakeholders. The role orchestrates multiple functional teams and provides multi-faceted leadership and represent GHX's Cybersecurity program in support of GHX's business mission.This position reports to the GHX CIO.Key ResponsibilitiesEstablish Governance and Build Knowledge

  • Facilitate an information security governance structure through the implementation of a governance program, including the cross-functional security team
  • Provide regular reporting on the current status of the information security program to the Chief Security Officer (CSO), enterprise risk teams, senior business leaders and the board of directors, thus supporting business outcomes.
  • Create and manage a targeted information security awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences.
  • Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management.
  • Provide clear risk mitigating directives for projects with components in IT, including the mandatory application of controls.

Lead the Organization

  • Lead the information security function across the company to ensure consistent and high-quality information security management in support of the business goals.
  • Determine the information security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of nondigital risk areas.
  • Manage the budget for the information security function, monitoring and reporting discrepancies.
  • Manage the cost-efficient information security organization, consisting of direct reports and dotted line reports (such as individuals in business continuity and IT operations). This includes hiring (and conducting background checks), training, staff development, performance management and annual performance reviews.

Set the Strategy

  • Contribute to the information security vision and strategy aligned to organizational priorities enabling and facilitating the organization's business objectives, and ensure senior stakeholder buy-in and mandate.
  • Manage the strategic and comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization.
  • Work effectively with business units to facilitate information security risk assessments, product risk assessments and risk management processes, and empower them to own and accept the level of risk they deem appropriate for their specific risk appetite.

Develop the Frameworks

  • Develop, enhance and maintain an up-to-date information security management framework based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework and/or the HITRUST CSF.
  • Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations.
  • Develop and maintain a document framework of continuously up-to-date information security policies, standards and guidelines. Oversee the approval and publication of these information security policies and practices.
  • Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection of information assets.
  • Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the information security, and review it with stakeholders at the executive and board levels.

Build the Network and Communicate the Vision

  • Provide input for the IT section of the company's code of conduct.
  • Create the necessary internal networks among the information security team and line-of-business executives, corporate compliance, audit, physical security, legal and HR management teams to ensure alignment as required.
  • Build and nurture external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks.
  • Liaise with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.
  • Liaise with the enterprise architecture team to build alignment between the security and enterprise (reference) architectures, thus ensuring that information security requirements are implicit in these architectures and security is built in by design.

Key Duties

  • Create a risk-based process for the assessment and mitigation of any information security risk in your ecosystem consisting of supply chain partners, vendors, consumers and any other third parties.
  • Work with the compliance staff to ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy.
  • Collaborate and liaise with the data privacy officer to ensure that data privacy requirements are included where applicable.
  • Define and facilitate the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings.
  • Ensure that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines.
  • Oversee technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk.
  • Manage and contain information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation.
  • Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.
  • Develop and oversee effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals, with the realization that components supporting primary business processes may be outside the corporate perimeter.
  • Coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support and in-house consulting in these areas.
  • Facilitate and support the development of asset inventories, including information assets in cloud services and in other parties in the organization's ecosystem.
  • Other duties as assigned

Key Competencies

  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists
  • Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization
  • Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies
  • Up-to-date knowledge of methodologies and technology trends in both business and IT
  • Proven track record and experience in developing information security policies and procedures, security architecture and engineering, and security operations, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment
  • Poise and ability to act calmly and competently in high-pressure, high-stress situations
  • Must be a critical thinker, with strong problem-solving skills
  • Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry/Data Security Standard, and General Data Protection Regulation (GDPR).
  • Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
  • Project management skills: financial/budget management, scheduling and resource management
  • Ability to lead and motivate the information security team to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist
  • A master of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital
  • Knowledge of common information security management frameworks, such as HITRUST, ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework
  • Experience with contract and vendor negotiations
  • High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity
  • High degree of initiative, dependability and ability to work with little supervision while being resilient to change
  • Additional investigations or probes may be conducted as part of hiring process background

Required Education, Certifications, and Experience

  • Degree in business administration or a technology-related field, or equivalent work- or education-related experience
  • Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
  • Minimum of seven to ten years of experience in a combination of risk management, information security and IT or OT jobs (at least five must be in a senior leadership role)

Preferred Qualifications

  • Prior cyber security experience in NIST or HITRUST Cyber Security Frameworks
  • Prior cyber security experience protecting PHI, PCI and other sensitive data
  • Prior experience in cloud environments including IaaS, PaaS and SaaS
  • Prior experience in multi-tenant cloud and SaaS product environments

Key Differentiators

  • Knowledge of GHX products and inherent cyber risks.
  • Prior cyber security experience in health care industry.
  • Prior experience in data privacy regulations such as GDPR, CCPA or equivalent
  • Experience in orchestrating initiatives where stakeholder interests may be in conflict.

Estimated Salary range for this position: $185,000 - $210,000The base salary range represents the anticipated low and high end of the GHX's salary range for this position. Actual salaries will vary and will be based on various factors, such as candidate's qualifications, skills, competencies, and proficiency for the role. The base salary is one component of GHX's total compensation package for employees. Other rewards and benefits include: health, vision, and dental insurance, accident and life insurance, 401k matching, paid-time off, and education reimbursement, to name a few. To view more details of our benefits, visit us here: https://www.ghx.com/about/careers/ GHX: It's the way you do business in healthcareGlobal Healthcare Exchange (GHX) enables better patient care and billions in savings for the healthcare community by maximizing automation, efficiency and accuracy of business processes.GHX is a healthcare business and data automation company, empowering healthcare organizations to enable better patient care and maximize industry savings using our world class cloud-based supply chain technology exchange platform, solutions, analytics and services. We bring together healthcare providers and manufacturers and distributors in North America and Europe - who rely on smart, secure healthcare-focused technology and comprehensive data to automate their business processes and make more informed decisions.It is our passion and vision for a more operationally efficient healthcare supply chain, helping organizations reduce - not shift - the cost of doing business, paving the way to delivering patient care more effectively. Together we take more than a billion dollars out of the cost of delivering healthcare every year. GHX is privately owned, operates in the United States, Canada and Europe, and employs more than 800 people worldwide. Our corporate headquarters is in Louisville, Colorado, just outside of Denver, with additional offices in Europe, Chicago, Illinois, and Omaha, Nebraska.Global Healthcare Exchange, LLC and its North American subsidiaries (collectively, "GHX") provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, national origin, sex, sexual orientation, gender identity, religion, age, genetic information, disability, veteran status or any other status protected by applicable law. All qualified applicants will receive consideration for employment without regard to any status protected by applicable law. This EEO policy applies to all terms, conditions, and privileges of employment, including hiring, training and development, promotion, transfer, compensation, benefits, educational assistance, termination, layoffs, social and recreational programs, and retirement. GHX believes that employees should be provided with a working environment which enables each employee to be productive and to work to the best of his or her ability. We do not condone or tolerate an atmosphere of intimidation or harassment based on race, color, national origin, sex, sexual orientation, gender identity, religion, age, genetic information, disability, veteran status or any other status protected by applicable law. GHX expects and requires the cooperation of all employees in maintaining a discrimination and harassment-free atmosphere. Improper interference with the ability of GHX's employees to perform their expected job duties is absolutely not tolerated.

Read Full Job Description
Easy Apply
By clicking Apply Now you agree to share your profile information with the hiring company.

Technology we use

  • Engineering
  • Product
  • Sales & Marketing
  • People Operations
    • C#Languages
    • C++Languages
    • JavaLanguages
    • JavascriptLanguages
    • PythonLanguages
    • RLanguages
    • SqlLanguages
    • ASP.NETFrameworks
    • DjangoFrameworks
    • HadoopFrameworks
    • Node.jsFrameworks
    • Ruby on RailsFrameworks
    • TheanoFrameworks
    • MySQLDatabases
    • OracleDatabases
    • PostgreSQLDatabases
    • JIRAManagement
    • SitecoreCMS
    • WordpressCMS
    • DocuSignCRM
    • SalesforceCRM
    • MarketoLead Gen
    • Microsoft TeamsCollaboration
    • SlackCollaboration
    • ZoomCollaboration
    • SmartsheetProject Management

Location

GHX is based in Louisville, CO and our office boasts a fitness center overlooking breathtaking Davidson Mesa open space and the Front Range Mountains!

An Insider's view of GHX

What are some social events your company does?

One of our goals at GHX is to weave Wellness, Philanthropy, Events, and Culture into the DNA of the employee experience. Some of our most notable social events are the Summer BBQ, Turkey Trot and Holiday Party. Our colleagues from around the country are also included in fun ways virtually, such as themed trivia happy hours and fitness challenges.

Rachel Stoops

HR Specialist

What projects are you most excited about?

Some of my favorite projects thus far have been revamping the onboarding process. I have the pleasure of welcoming new employees every Monday morning, which is very energizing. Throughout this I realized how much GHX cares about their employees and the new hire experience.

Cassie Asare

Onboarding Specialist

How has your career grown since starting at the company?

I started at GHX in 2001 as an admin assistant. Since then, I have worked as an HR Generalist, HRBP, Scrum Master, Project Manager, Program Manager, PMO Manager, Tech Business Operations Manager, before taking my current role as an M&A Program Manager. GHX has always been very supportive of me, providing so many opportunities to stretch myself.

Jennifer Hagaman

M&A Program Manager

What does your typical day look like?

I've loved my job at GHX since I started in 2003. I describe my job as coming to work and putting a puzzle together every day. Solving data problems for our customers, both internal and external, has been my honor, and it's always fun!

Charlie Brown

Manager, Business Intelligence

What are GHX Perks + Benefits

Culture
Volunteer in local community
Partners with nonprofits
Open door policy
OKR operational model
Team based strategic planning
Flexible work schedule
Remote work program
Diversity
Documented equal pay policy
Dedicated diversity and inclusion staff
Mandated unconscious bias training
Diversity manifesto
Diversity employee resource groups
Hiring practices that promote diversity
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability insurance
Dental insurance
Vision insurance
Health insurance
Life insurance
Pet insurance
Nationwide pet insurance benefit reimburses up to 70% of veterinary services and provides 24/7 access to veterinary services via the Vet Line.
Wellness programs
Team workouts
Mental health benefits
Financial & Retirement
401(K)
401(K) matching
Company equity
Performance bonus
Charitable contribution matching
Child Care & Parental Leave Benefits
Childcare benefits
Generous parental leave
Family medical leave
Vacation & Time Off Benefits
Unlimited vacation policy
Generous PTO
Paid volunteer time
Paid holidays
Paid sick days
Office Perks
Commuter benefits
Company-sponsored outings
Free daily meals
Free snacks and drinks
Some meals provided
Company-sponsored happy hours
Onsite office parking
Recreational clubs
Home-office stipend for remote employees
Onsite gym
Professional Development Benefits
Job training & conferences
Tuition reimbursement
Lunch and learns
Promote from within
Continuing education stipend
Continuing education available during work hours
Online course subscriptions available
Customized development tracks
Paid industry certifications

Additional Perks + Benefits

GHX prioritizes our employees and their wellbeing through various offerings. GHX has a compensation philosophy that commits to equity and market competitive pay. Our workplace promotes flexibility to allow our employees to bring their whole self to work.

More Jobs at GHX

Easy Apply
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about GHXFind similar jobs like this