What are the responsibilities and job description for the Director, Chief Information Security Officer position at MSCCN?
The Chief Information Security (IS) Officer is responsible for building and maintaining the vision, strategy and programs required to ensure information assets are appropriately protected. This role establishes and leads the information security and assurance function, provides oversight for personnel with significant IS related duties and assists senior leadership. Overall, this role ensures that confidentiality, integrity, and availability requirements of information systems and assets are identified and managed appropriately. ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties may be assigned. Drive and maintain the IS risk management function, including the oversight and training of information security personnel, the development of information security programs and the identification and mitigation of information security risks. Design a Security Operations Center (SOC) capable of implementing the programs and processes and leading an incident response plan. Develop metrics reporting to communicate effectiveness of SOC to leadership. Works proactively with IT, business units, and leaders regarding major systems, strategic and tactical plans, and application changes to ensure that IS standards and issues are addressed early in a project's life and incorporated into the resulting program. Leads and aligns programs, processes and strategies to design a threat assessment framework, monitors the emergence of new threats and vulnerabilities, assesses impacts and drives responses as appropriate. Establishes an IS and risk management functional capability and framework across the enterprise. Ensures that IS and risk is adequately represented on relevant business and governance forums and is known, well-integrated, and addressed across the enterprise. Maintains relationships with local, state, and federal law enforcement and other related government agencies regarding cyber security incidents, like ransomware. Monitors compliance with IS policies, standards, and processes and enforces remediation of non-compliance. Oversees the development and maintenance of IS policies, including standards and processes that fit the organization at all levels. Provides vision, leadership, planning, project coordination, and management for the development of a cost-effective department, while concurrently facilitating efficient operations to meet current and future business needs within the organization. Represents Company in community and industry, programs, and conferences. Functions as the department head in the absence of the executive leader. Participates in development of annual departmental budget, monitors budget, and identifies budget discrepancies EDUCATION AND EXPERIENCE Ten years of progressively more responsible experience in an IS environment with demonstrated technical experience Five years management or supervisory experience in IS required Bachelor's degree in Computer Science or a related field required. Certification, such as CISA, CISM, or CISSP preferred HITRUST experience preferred Experience leading information risk, security and governance teams, transforming functions and changing culture, and leading the response to incidents, crises, and investigations preferred. QUALIFICATIONS To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and / or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. OTHER SKILLS AND ABILITIES Excellent oral and written communication skills. Excellent presentation and facilitation skills. Demonstrated leadership and project management abilities. Ability to make competent, independent decisions. Ability and proficiency in the use of computers and Company standard software specific to position. Bilingual skills preferred.
