How have you impacted someone's life today? At Hackensack Meridian Health our teams are focused on changing the lives of our patients by providing the highest level of care each and every day. From our hospitals, rehab centers and occupational health teams to our long-term care centers and at-home care capabilities, our complete spectrum of services will allow you to apply your skills in multiple settings while building your career, all within New Jersey's premier healthcare system.
The Vice President, Chief Information Security Officer (CISO) is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the innovative, industry leading digital ecosystem in which Hackensack Meridian Health operates. The VP, Chief Information Security Officer is responsible for identifying, evaluating and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while driving and enabling the clinical, research and business objectives of Hackensack Meridian Health.
A day in the life of a Vice President, Chief Information Security Officer (CISO) at Hackensack Meridian Health includes:
Develop and implement a world-class information security program that enables the digital objectives of Hackensack Meridian Health while ensuring the confidentiality, integrity and availability of our digital assets which program addresses Governance, Leadership on Security Issues, Strategy Setting, Develop the Framework, Create Internal and External Network and Operate the Function.
- Facilitate an information security governance structure through the implementation of a hierarchical governance program, including the formation of an information security steering committee with regular reporting to senior business leaders and committees of the board of directors.
- Work with purchasing and legal to ensure that information security requirements are included in contracts.
- Create and manage a targeted information security awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences.
- Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management.
- Provide clear risk mitigating directives for projects with components in IT, including the mandatory application of controls.
Leadership on Security Issues
- Lead the information security function across the enterprise to ensure consistent and high-quality information security management in support of organizational goals.
- Determine the optimal information security approach and operating model in consultation with key stakeholders.
- Manage the budget for the information security function.
- Manage the cost-efficient information security organization, consisting of direct reports, dotted line and outsourced resources.
- Develop an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensure senior stakeholder buy-in and mandate.
- Work effectively with operating units to facilitate information security risk assessment and risk management processes, and empower them to own and accept the level of risk they deem appropriate for their specific risk appetite.
Develop the Framework
- Develop and enhance an up-to-date information security management framework based on COBIT/Risk IT and National Institute of Standards and Technology (NIST) Cybersecurity Framework.
- Develop, maintain, approve and publish a document framework of continuously up-to-date information security policies, standards and guidelines.
- Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the information security, and review it with stakeholders at the executive and board levels.
Create Internal and External Networks
- Build and nurture external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks.
- Liaise with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.
- Work with the compliance staff to ensure that all information owned, collected or controlled by or on behalf of Hackensack Meridian Health is processed and stored in accordance with applicable laws and other global regulatory requirements.
- Collaborate with the data privacy officer to ensure that data privacy requirements are included where applicable
Operate the Function
- Create a risk-based process for the assessment and mitigation of any information security risk in the ecosystem consisting of supply chain partners, vendors, consumers and any other third parties.
- Define and facilitate the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings
- Oversee technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk.
- Manage and contain information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation.
- Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.
- Coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support and in-house consulting in these areas.
- Facilitate and support the development of asset inventories, including information assets in cloud services and in other parties in the organization's ecosystem.
Education, Knowledge, Skills and Abilities Required:
- Knowledge and understanding of relevant legal and regulatory requirements, such as: Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard.
- Knowledge and understanding of COBIT/Risk IT and National Institute of Standards and Technology (NIST) Cybersecurity Framework.
- Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies
- Up-to-date knowledge of methodologies and trends in both business and IT
- Minimum of seven to 10 years of experience in information security and IT
- Bachelors Degree in a related field.
- Experience as a strategic leader and builder of both vision and bridges, who has demonstrated experience in energizing the appropriate teams in the organization.
- Experience in functioning in fast paced, large organization.
- CISSP certification required
- Calmness and clarity of thought while under pressure.
- An understanding of strategic organization objectives and the ability to drive results toward those objectives.
- Openness to, and the ability to deal with, rapid change in needs, processes and technologies.
- Strong communication skills with a proven ability to understand key concepts and communicate effectively with technical staff, key stakeholders and senior management.
- Proven ability to communicate technical concepts to nontechnical people to enhance understanding and drive decisions that lead to positive outcomes.
- Proven ability to collaborate, build relationships and influence individuals at all levels in a matrix-management environment (as well as external vendors and service providers) to ensure that segregation and overlapping roles are identified and coordinated.
- Strong organizational skills, the ability to perform under pressure and management of multiple priorities with competing demands for resources.
- Strong analytical, data-processing and problem-solving skills.
- Proficiency in process formulation and improvement.
- Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objective.
- Project management skills: financial/budget management, scheduling and resource management.
- Ability to lead and motivate the information security team to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist.
- A master of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital
Education, Knowledge, Skills and Abilities Preferred:
- Master's degree
- CISM certification desired
- Experience in health care
If you feel that the above description speaks directly to your strengths and capabilities, then please apply today!
As a courtesy to assist you in your job search, we would like to send your resume to other areas of our Hackensack Meridian Health network who may have current openings that fit your skills and experience.