Network Health’s success is rooted in its mission to enhance the life, health and wellness of the people we serve. It drives the decisions we make, including the people we choose to join our growing team. Network Health is seeking a Vice President of IT Delivery. This individual is to perform the duties of Chief Information Security Officer (CISO). Secure access to information assets is critical to achieve business objectives. The CISO is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the digital ecosystem in which we operate. The CISO is responsible for identifying, evaluating and reporting on legal and regulatory, IT, and cyber security risk to information assets, while supporting and advancing business objectives. Key contributor to the prioritization of organizational efficiencies, delivers best practices and ensures compliance with the company’s standards of practice. Selects and manages external vendor services to the anticipated return on investment (ROI) and terms of the contract. Aligns stated business needs with sustainable and scalable IS infrastructure defining a useful life of technology. Assesses and monitors the effectiveness of information systems throughout the organization, and recommends improvements as needed. Develops and maintains processes for assigning resources to projects, monitoring and communicating progress against project goals and timelines, and coordinating efforts with management, staff, and vendors. An emphasis on Disaster Recovery and Business Continuity programs is required.
Essential Job Duties:
- Demonstrate commitment and behavior aligned with the philosophy, mission, values and vision of Network Health
- Appropriately apply all organizational, regulatory, and credentialing principles, procedures, requirements, regulations, and policies
- Maintain a comprehensive knowledge of all Network Health business operations, applications and systems.
- Manage assigned IS department staff, including hiring, training, scheduling, evaluating performance, disciplining, and terminating.
- Responsible for the timely resolution of escalated issues and risks, directing the work and resource planning
- Ensure that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines.
- Contract and manage service level agreements and vendor relationships with both external vendors and internal Network Health departments.
- Interact with user departments to ensure that information systems meet business needs. Build relationships of influence with business unit managers. Help identify and resolve inefficiencies in business operations
- Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the information security, and review it with stakeholders at the executive and board levels.
- Provide leadership for business continuity planning, auditing, and risk management, as well as contract and vendor negotiation. Together with the Manager of TechnologyInfrastructure, conducts annual (or more frequently if required by State or Federal agencies) Disaster Recovery tests.
- Maintain and implement appropriate security and privacy frameworks including NIST, ISACA, SO/IEC 27001, ITIL, COBIT.
- Deploy enterprise-scale network and host-based IDS architectures including enterprise-scale firewall architectures, disruption investigation and forensics methods and technologies, secure messaging architectures, cybersecurity controls, and distributed computing platforms.
- Conduct threat and vulnerability assessments.
- Oversee the investigation of data security breaches, including internal communications.
- Collaborate with the enterprise architecture team to build alignment between the security and enterprise (reference) architectures, thus ensuring that information security requirements are implicit in these architectures and security is built in by design.
- Create the necessary internal networks among the information security team and line-of-business executives, corporate compliance, audit, physical security, legal and HR management teams to ensure alignment as required.
- Continuously evaluate and improve the data security strategy.
- Stay current on existing securitythreats and responds in a timely manner to protect the enterprise.
- Develop and champion the corporate security awareness program.
- Other duties as assigned.
Minimum Education Required:
- Bachelor’s degree in information systems or related field
- Master’s degreepreferred
Minimum Related Years of Experience (per minimum education) Required:
- Ten years’ experience in information systems, with at least four years in a senior management role.
- Experience in applications development, project management, information security, strategic planning, vendor contracting and management, electronic data interchange and computer support.
- Knowledge of the Health Plan/healthcare financing business.
- Certification (or willingness to pursue within a year) CISA, CISM or CISSP
- A valid driver’s license is required.