VP, Chief Information Security Officer (CISO) - Hybrid
Company: Vitalant
Location: Scottsdale
Posted on: April 28, 2024
|
|
Job Description:
Vitalant is currently seeking a Vice President, Chief
Information Security officer (CISO). In this role, you will assume
leadership of our enterprise-wide Information Security Program.
Your key responsibilities will include developing, implementing,
and enforcing security policies to safeguard critical data and
sensitive information. Dive into assessing technical risks, shaping
security governance, and defining the necessary security
awareness/training. You'll also be at the forefront of incident
management, leading a dedicated team focused on security and data
governance.At Vitalant, your impact is vital. As the VP, CISO,
you'll be the guardian of people, processes, and technology,
ensuring regulatory compliance and upholding the confidentiality,
integrity, and availability (CIA) of our information and assets.
You will engage in meaningful conversations with business leaders
where you'll strike a balance between business goals, security
priorities, regulations, and stakeholder expectations to address
security risks and minimize potential harm. This is not just a job;
it's a chance for you to make a real impact on our organization's
security landscape shaping the future of our life-saving
mission.This position will work in the Scottsdale, AZ National
Headquarters 3 days a week and work from home 2 days a weekDUTIES
AND RESPONSIBILITIES:Provides effective leadership to achieve
prominent levels of service, quality, financial results, and other
criteria in accordance with policies, goals, and objectives.Hires,
supervises, trains, and evaluates performance of assigned
personnel. Identifies and effectively resolves personnel
issues.Develop and execute an enterprise-wide security framework
based on federal and state laws, risk, and compliance. Drives
roadmaps that mitigate risk through the right balance of controls
and operational flexibility.Responsible for the development of
security polices ensuring adherence to standards, guidelines, and
procedures to ensure ongoing maintenance of security and compliance
with Information Security standards and regulations.Provide
information, presentations and support to the Senior Management
Team and Board to ensure the understanding of security beyond a
'compliance-only' view to provide analysis of strategic objectives
or proposals in light of security risks and compliance
obligations.Prepare the organization for a healthcare
certification; HITRUST, ISO, etc., to ensure customer and vendor
confidence in the organizational overall security
practices.Establishes and chairs a security and data governance
team comprised of legal, IT and privacy leaders to guide the
organizations security program and use and sharing of information
and data to ensure compliance with applicable laws and regulations,
evaluate and anticipate risks with proposed strategic initiatives
or projects, and develop mitigation measures where
feasible.Oversees and provides direction on the classification,
ownership, and retention of data and information as well as
clarifying accountability for data and information. Direct the
development of policies to include data and information in both
electronic and non-electronic format for compliance with HIPAA,
HITECH, and any other state or federal law impacting organizations
use of personal or financial data, including but not limited to
data of donors, patients, vendors, customers, collaborators, and
employees.Represent the organization internally and externally on
information security matters; leads, or participates in relevant
committees, projects, and security initiatives.Works closely and
collegially with the CIO and Information Technology leadership
team, general counsel, privacy counsel, privacy officer and
enterprise risk.Responsible for development and delivery of
enterprise security training programs for initial and ongoing
training for all enterprise employees, contract employees and
others, including HIPAA compliant training for HIPAA covered
healthcare components of organization. Updates training as often as
needed to meet environment changes and regulatory
requirements.Partners with Information Technology on selection and
implementation of computer information security systems and
tools.Responsible for the enforcement of information security and
data protection policies ensuring adherence to standards,
guidelines, and procedures. Coordinates and conducts assessments,
including regular HIPAA Risk Assessments where applicable, to
ensure compliance with the security and data policies is maintained
at all levels of the organization.Maintains current knowledge of
applicable federal and state information security regulations
including but not limited to FDA, HIPAA, HITECH, PCI and other
applicable federal and state regulations and accreditations
standards governing security of data, particularly sensitive
proprietary, financial, and personal data. Provides analysis of
pending new regulations in information security for assessment and
implementation for compliance.Responsible for the development and
execution of performance indicators for security measurements and
routine metrics to assist the organization in identifying potential
security risks and providing recommendations for mitigation,
including, third party evaluations, and impact analysis.Reviews
vendor contracts and consents needed to implement projects in
partnership with the organizations procurement and information
security function.Participates in cyber liability insurance program
analysis and identified liability risks and recommends mitigation
measures.Responsible for security incident management reporting and
tracking.Develops and administers annual budget in compliance with
requirements of organization and ensures adherence.Knowledge/
EducationBachelors degree from accredited college/university with a
major in information technology, computer science, information
security or related study required.Masters degree in science,
technology (preferred) or equivalent.Experience in security
operation and incident response teams required.Strong knowledge of
Security industry standards and regulations, including required
assessments, reporting and data management required. Internal and
External IT auditing concepts, techniques, methods, and procedures
required. 6. Familiarity with major IT computing platforms,
security concepts, general controls, and application auditing
required.Licenses/ CertificationsCertified Information Security
Systems Professional (CISSP) required.ExperienceTen years of
progressive IT professional experience required. Seven years of the
required experience must be in managing mid-sized to large IT
security operations.Two years of experience performing complex
professional auditing, information security, or information systems
assessments and auditing; including lead responsibly for
supervision of staff or contract staff required.Proven record with
leading security incident or breach assessment, mitigation and
response and demonstrated ability to anticipate, assess, and manage
threats, including cyber threats, to the enterprise, risks to
enterprise information, and management of those risks and responses
to exploits to the enterprise required.Experience with cyber
security insurance programs and cyber liability risk assessment,
mitigation, and claims required.Skills/AbilitiesMust possess the
skills and abilities to successfully perform all assigned duties
and responsibilities.Business enabling mindset.Strong analytical
and critical thinking skills.Excellent interpersonal, negotiation
and conflict resolution skills.Must be able to act with integrity,
professionalism, and confidentiality.Excellent written and verbal
communications with experience presenting to executives and
leadership teams.#ITCORPAbout UsVitalant is one of the nations
largest nonprofit blood and biotherapies healthcare organizations,
providing hospitals and patients across the U.S. a safe blood
supply, specialized laboratory services, transfusion medicine
expertise and world-renowned research. We have a network of 115
donation centers across the U.S. and host approximately 60,000
blood drives annually. Vitalant provides blood and special services
to patients in more than 900 hospitals across the U.S. where
millions of people depend on blood donations from our generous
donors.Vitalant is committed to fostering a diverse and inclusive
workplace built on a foundation of respect, integrity, teamwork,
and excellence. Through our DEI strategic plan, we create
opportunities for employees of all backgrounds to feel valued, seen
and heard. We believe this mission drives creativity and
innovation, as employees experience an environment conducive to
personal growth and career
development.EEO/Minorities/Females/Disabled/VeteransOur
organization is an equal employment/affirmative action employer. If
you need accommodation for any part of the employment process
because of a medical condition or disability, please send an e-mail
to Careers@vitalant.org to let us know the nature of your
request.For more EEO information about applicant rights click
hereby Jobble
Keywords: Vitalant, Avondale , VP, Chief Information Security Officer (CISO) - Hybrid, Executive , Scottsdale, Arizona
Click
here to apply!
|