Associate CISO Job at Fairview Health Services, Minneapolis, MN

Q1lzQkhOL3hKY2hLVE5RWWs3dkFON3M1eFE9PQ==
  • Fairview Health Services
  • Minneapolis, MN

Job Description

Overview:

Reporting to Chief Information Security Officer (CISO), the Associate CISO is a cyber risk management leader responsible for executing Cybersecurity strategy, Cyber resiliency and risk management functions for Fairview Health Services. This leadership role has overall responsibility for cyber risk quantification, prioritized risk remediation, security policies, security standards, cyber governance, business continuity, disaster recovery, security awareness & training, vulnerability assessments & remediation, external attack surface management, security audits & reviews, third party risk management, IT supply chain risk management, regulatory compliance & management (HIPAA, PCI, HITRUST, SOC-2 etc.) within Cyber Security Risk Management (CSRM) group. Associate CISO will be accountable in promoting Security First culture across the organization and assist in delivering system wide resiliency programs enhancing cybersecurity posture while maturing frictionless security controls.

Responsibilities/Job Description:

Associate Chief Information Security Officer (Associate CISO) will assist the Chief Information Security Officer (CISO) to formulate system wide strategies relating to cyber resiliency, cyber risk quantification, cyber risk management, and promoting security first culture. Primary responsibilities include the following:

  • Oversee the following groups of Cybersecurity within Fairview Security Policy & Governance, Security Risk & Regulatory Compliance Management, Cyber Resiliency, Business Continuity & Recovery teams.
  • Will assist CISO with prioritization of strategic initiatives, assess & prioritize remediation of security risks in a cost-effective manner, in collaboration with Finance and other leadership teams
  • Accountable for developing, enhancing and governance of comprehensive, implementable & frictionless security policies for Fairview Health Services. Collaborates with IT, Cyber, Emergency & Facilities Management and Operations to prescribe, validate and audit reasonable security controls, standards and procedures in accordance with established policies.
  • Responsible for IT governance and validation to test security controls and policy compliance, including but not limited to appropriate user access, privileged access, data access and protection maintaining confidentiality, integrity and availability of enterprise systems and data. Maintain and govern Cyber policy exceptions and associated business and operational risks
  • Responsible for strategy and execution around identifying critical business, security and IT assets, BCP/DR tiering/prioritization of Digital IT systems, and development of and testing of effective Business Continuity and Disaster Recovery controls
  • Responsible for educating/training organization on Cybersecurity, risk management, data classification, data retention and security policies through mandatory/recommended training/orientation and performing periodic, targeted or general user phishing campaigns
  • Accountable for developing and operationalizing strategy around Cybersecurity metrics, manage Cyber Risk Register, Key Risk Indicators (KRIs) and collaboration with teams to report security metrics, communicate policies/controls/initiatives & associated benefits
  • Partner with IT and Cybersecurity peers to maintain integrity of core asset management and configuration management systems and assets including medical devices, IOT/OT and network assets
  • Oversee Security Risk and Compliance assessments and associated processes for on-premise, Cloud, Mobile and IoT type applications and devices
  • Oversee governance and compliance of Threat and Vulnerabilities being managed per policy by all stake holders
  • Collaborate with Internal and External audit teams in assessing compliance of Fairview Health Services policy subject to regulatory, financial and security requirements. Will lead the organization through external compliance audits HIPAA, PCI, HITRUST, SOC-II and any other Healthcare mandates
  • Manage third party vendor assessments, audit vendor access to IT systems, perform periodic re-assessments, and govern overall risks & exceptions of third-party vendors
  • Assist CISO to represent Fairviews CSRM group and report identified, enumerated Cybersecurity risks to appropriate leadership, committees as appropriate and recommend remediation and/or compensating controls to mitigate risks
  • Partner with Infrastructure, Applications and other Security leadership to report existing and/or new vulnerabilities, participate in governance meetings to effectively improve timely patching and remediation of security vulnerabilities
  • Deliver enterprise programs, as allocated/assigned by CISO and collaborate with CSRM, IT and Operational peers
  • Help hire, coach, mentor high performing diversified teams in Cyber Security and Risk Management (CSRM) group, facilitate informal/formal training of staff in partnerships with product vendors and industry peer groups to support execution needs of Cybersecurity
  • Partner with IT Finance to actively manage the Operating Budget for the CSRM group including establishing annual operating budget plan and subsequent quarterly forecasts, headcount for CSRM group with close collaboration with CISO to manage planned/unplanned spend and favorability

Qualifications:

Education:

  • Bachelors degree in areas of Information Technology, Cybersecurity or related fields or equivalent combination of experience and education.

Experience:

  • Successful candidate will have a proven Cyber/Information security/IT leadership experience in one or more Cyber Security and Risk Management (CSRM) functional areas with a minimum of 15 years of IT experience. Leader would have experience in delivering strategic projects with large organizational distributed teams and complex IT environments.
  • Successful candidate will have 5+ years of direct leadership/management of security teams. Leader will have proven people management and leadership skills.
  • Proven experience leading one or more Information Security organizational functions, a broad and detailed understanding of cyber resiliency, IT resiliency, risk management, security risk management, cyber threats landscape, threat assessment and mitigation strategies
  • Prior experience in leading IT and Security transformational initiatives in establishing and/or running three or more areas of the following - Cyber Risk Management, Third Party Risk Management, Security Operations, Identity & Access Management, Regulatory Compliance Management, BCP/DR
  • In depth understanding and knowledge of regulatory compliance including but not limited to PCI, HIPAA, SOX, HITRUST, SOC-2 etc.
  • Proven experience building and managing a highly effective organization and developing high-performance teams that are diversified and geographically dispersed
  • Excellent oral, written, and interpersonal communication and presentation skills to various levels in the organization, including presenting to Board of Directors and/or Board Sub Committees
  • Leader will have demonstrated implementing innovative ideas to improve delivery standards of services owned to internal and/or external customers
  • Leader would have managed accountability for budget planning, forecasting, managing operating budgets and/or P&L for departments managed.
Fairview Health Services

Job Tags

Similar Jobs

P1 Service, LLC

Entry Level Engineer Job at P1 Service, LLC

 ...Description Job Description P1 Service, LLC., is seeking an Entry Level Maintenance Engineerto workat Saint Luke'sHealth System in...  ...P1Team! P1 Service, LLC provides customers with the best in HVAC, mechanical, electrical, and plumbing service. Our turn-key solutions... 

CrowdStrike, Inc.

Corporate Sales Pipeline Generation Leader - Austin (Hybrid) (Hiring Immediately) Job at CrowdStrike, Inc.

 ...is ready to change the game! Leading a team of 4 SDR managers, you are responsible for driving pipeline generation for our Corporate Sales teams. You thrive on in- person collaboration, a strong office culture, and cross-functional teaming. Your leadership will... 

Business Resources One

Landscape Designer Job at Business Resources One

 ...Description Job Description Well-established and highly-reputable landscaping company servicing the greater Seattle, WA area is looking for...  .../or landscaping salesprofessionally. Degree in Landscape Architecture or relevant field. Project management experience. Must... 

Halliburton

App Developer Intern (Landmark) Job at Halliburton

 ...What Youll Do This position is located in Houston, TX. Our intern program philosophy is to recruit once, hire twice with the...  ...technologies. Familiarity with RESTful APIs, app and web development frameworks and tools. Experience with version control tools... 

Martha's Vineyard Hospital

Registered Nurse - Labor & Delivery Job at Martha's Vineyard Hospital

 ...Description A registered professional nurse is responsible for delivery of patient care to an obstetrical and newborn population...  ...STABLE preferred NRP preferred Experience ~ One year Labor and Delivery and post-partum nursery experience preferred...