VP, Chief Information Security Officer
Surescripts is seeking a Vice President, Chief Information Security Officer to join our healthcare technology organization in Minneapolis, Minnesota. The VP, CISO sets the vision, develops plans and oversees execution of Enterprise Information and Physical Security, Business Continuity and Risk Management Programs. Lead the Enterprise Risk and Information Security team to ensure comprehensive, high-quality and effective risk and information security management in support of business goals. Set and execute risk and information security goals that build accountability within this team and across the organization.
Specific responsibilities for this role include:
- Establish and maintain a corporate-wide global information risk management program to ensure information assets are adequately protected. Communicate to the Board of Directors and Executive Leadership in support of enterprise strategies and plans for the improvement of Information Security and Risk.
- Identify, evaluate, protect against and report on information security risks in a manner that meets the compliance and regulatory requirements and aligns with and supports the risk posture of the enterprise. Present empirical data and key metrics to executive teams to report on the state of enterprise information security and enterprise risk.
- Develop and communicate strategies, guidelines and controls to mitigate risks and ensure compliance with legal and contractual requirements. Collaborate with Executive Leadership and peer organizations to incorporate Information Security and Risk Management plans into corporate and technology team annual goals.
Please see complete job description online.Qualifications:
How to Apply:
- Bachelor’s Degree in Computer Science, Business Administration, Information Security or Information Science and Security or related field
- 15 +years of experience in a combination of Risk Management, Information Security and Information Technology jobs.
- Employment history must demonstrate increasing levels of responsibility.
- Experience in Healthcare, Technology or Health Technology industry or highly regulated industry.
- Experience securing a network based business
- Professional security management certification – Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or other equivalent security certification required
- Specific experience in Agile (scaled) software development or other best in class development practices
- Demonstrated capabilities in developing and deploying enterprise-wide information security programs
- Concise communicator who is a natural influencer
- Ability to assess situations and respond to each appropriately (response plan, communication, etc.); taking into consideration identified risk and level of urgency, scope of the issue and audience/key stakeholders
- Ability to communicate security and risk related concepts to technical and non tech audiences
- Experience leading org. level understanding of risk and setting tolerances that informed investment and prioritized actions
- Strong track-record of developing others & creating strong teams
- Ability to represent the company’s position (internally and externally) regarding information security matters and influence other leaders in a manner that is consistent with security goals.