Chief Information Security Officer, CISO
MVP Healthcare seeks an experienced, energetic, engaging and visionary leader who wants to become part of an exciting, vibrant community of information technology professionals supporting MVP Healthcare’s mission: ensure that our members will have access to quality health care and that their health care needs will be met.
Information technology plays a vital and ever-expanding role in the mission. MVP's information technology environment is highly distributed and diverse, with strong leadership and coordination from Chief Information Officer (CIO) and direct report units. We are seeking a strong, knowledgeable leader to provide vision, strategy, broad-based planning, and hands-on responsibility as the Chief Information Security Officer (CISO).
The CISO reports to the CIO, is a member of the CIO leadership team and serves a key role in leadership, working closely with senior executive team, business leaders, and the general MVP community. The CISO is an advocate for MVP's total information security needs and is responsible for the development and delivery of a comprehensive information security strategy to optimize the security posture of the organization. The CISO leads the development and implementation of a security program that leverages
collaborations and company-wide resources, facilitates information security governance, advises senior leadership on security direction and resource investments, and designs appropriate policies to manage information security risk. The complexity of this position requires a leadership approach that is engaging, imaginative, and collaborative, with a sophisticated ability to work with other leaders to set the best balance between security strategies and other priorities at the organizational level.
DUTIES AND RESPONSIBILITIES:
- Responsible for the strategic leadership of the MVP's information security program.
- Provide guidance and counsel to the CIO and key members of MVP’s leadership team, working closely with senior leaders, business unit leaders, and the general MVP community in defining objectives for information security, while building relationships and goodwill.
- Work with leadership to oversee the formation and operations of a company-wide information security organization that is organized toward a common goal in information security.
- Promote collaborative, empowered working environments across the company, removing barriers and realizing possibilities.
- Manage company-wide information security governance processes and lead Information Security Liaisons in the establishment of an information security program and project priorities.
- Lead information security planning processes to establish an inclusive and comprehensive information security program for the entire company in support of business, financial, legal and administrative information systems and technology.
- Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
- Stay abreast of information security issues and regulatory changes affecting healthcare at the state and national level, participate in healthcare policy and practice discussions, and communicate to the business on a regular basis about those topics. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
- Provide leadership philosophy for the Information Security Office to create a strong bridge between organizations, build respect for the contributions of all and bring groups together to share information and resources and create better decisions, policies and practices for the business.
- Mentor the Information Security Office team members and implement professional development plans for all members of the team.
- Represent the business on committees and boards associated with MVP and in national and regional healthcare related organizations and collaborations.
- Perform special projects and other duties as assigned.
Policy, Compliance and Audit
- Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
- Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for MVP’s information and technology systems.
- Work with Internal Audit, State Regulatory Offices, Healthcare related regulatory institutions and outside consultants as appropriate on required security assessments and audits.
- Coordinate and track all information technology and security related audits including scope of audits, business units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the business in its best light. Provide guidance, evaluation and advocacy on audit responses.
- Work with business leadership and relevant responsible compliance leadership to build cohesive security and compliance programs for the business to effectively address state and federal statutory and regulatory requirements.
- Develop a strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI, HIPAA, and State/Federal regulatory requirements.
Outreach, Education and Training
- Work closely with IT leaders, technical experts, business leaders and executive team across business on a wide variety of security issues that require an in-depth understanding of the environment in their respective areas, as well as the healthcare landscape and federal regulations that pertain to their unit's areas of business.
- Create education and awareness programs and advise business units at all levels on security issues, best practices, and vulnerabilities.
- Work with business units to build awareness and a sense of common purpose around security.
- Pursue security initiatives to address unique needs in protecting identity theft, mobile social media security and online reputation program.
Risk Management and Incident Response
- Keep abreast of security incidents and act as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise.
- Convene Ad Hoc Security Committee as appropriate and provide leadership for breach response and notification actions for the business.
- Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk.
- Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
- Examine impacts of new technologies on MVP’s overall information security. Establish processes to review implementation of new technologies to ensure security compliance.
- Job Family Executive
- Pay Type Salary
- Headquarters Office, Schenectady, New York, United States of America