VP, Chief Information Security Officer

Title: VP, Chief Information Security Officer Department: Information Security

Bargaining Unit: NBU Grade: N/A

Position Type: Exempt Hours per Week: 40

Position Summary

The VP, Chief Information Security Officer, (CISO) is responsible for maintaining and enhancing an enterprise information security management program to ensure that information assets are adequately protected. As the designated HIPAA Security Officer, this position is responsible for creating, implementing, and enforcing a security program that focuses on the administrative, physical, technical and organization safeguards per the HIPAA security rule.

"Has minimum necessary access to Protected Health Information (PHI) and Personally Identifiable Information (PII) by Job Description/Role."

Key Duties and Responsibilities

• Responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements.
• Aligns companies' enterprise risk posture with compliance and regulatory requirements.
• Proactively partner with business units and IT functional areas to implement practices that meet defined policies and standards for information security.
• Serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of patient, employee, and corporate information in compliance with the organization's information security policies
• Collaborates with executive management to determine acceptable levels of risk for the organization
• Internal consultant to organizational leadership regarding cybersecurity awareness and education.
• Identify and prioritize IT Security projects based on business needs and available resources.
• Monitor and report on key performance indicators (KPIs) related to IT Security.
• Conducts risk and vulnerability assessments at the network, systems, and application level.
• Ensures that information system changes are evaluated and implemented as required.
• Responds to Security Information Gathering Questionnaire (SIG-Q) from clients and related to new business activities.
• Manages a team of IT security professionals who are tasked with operating and maintaining all enterprise-wide security systems.
• Prepares documentation such as System Security Plans (SSP), Security Assessment Reports (SAR), and Plan of Action and Milestones (POA&Ms) to ensure compliance with Government security policies, procedures, and requirement
• Ensures process alignment with evolving audit and regulatory requirements
• Performs other duties as assigned

Minimum Qualifications

• Bachelor's degree in a computer science, information systems or engineering and 10 years of professional IT experience and 6 years in IT management and IT security systems

Or

• Associate degree in computer science, information systems or engineering and 12 years of professional IT experience and 6 years in IT management and IT security systems
• Highly knowledgeable about the business environment and ensure that information systems are maintained in a fully secure mode
• Advanced knowledge of established internal and external IT industry security standards, current practices, and methodologies as well as advanced analytical and problem-solving skills
• Ability to drive operational excellence through people, process, and tools
• Strong technical background with ability to lead and direct activities of high-level technical staff and consultants across broad spectrum of data center technologies
• Ability to foster a culture of collaboration, accountability, and continuous learning
• Problem solver who can lead team through crisis situations through rational approach, mature judgment, and clear coordination of tasks.
• Ability to collaboratively work with program colleagues to implement strategic program objectives
• Broad exposure to varying technologies and IT methodologies as well as metrics
• Ability to listen, observe, and inquire to understand how things work today and to identify opportunities for improvement
• Knowledgeable expert in regulated systems (HIPAA) and related audits
• Excellent verbal and written communication skills, including interpersonal and presentation skills.
• Ability to communicate effectively with all levels of an organization and build strong working relationships
• Strong decision-making, project management, and organizational skills with the ability to optimize the use of all available resources and deliver on multiple priorities
• Computer proficiency including Microsoft Office tools and applications

Preferred Qualifications

• Master's degree in business or information security
• Experience working in a third-party administrator or Taft-Hartley environment.

*Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee of this job. Duties, responsibilities, and activities may change at any time with or without notice.

Working Conditions/Physical Effort

• Prolonged periods of sitting at a desk and working on a computer.
• Must be able to lift 15 pounds at times.
• Ability and willingness to travel on overnight or multi-day trips as necessary.

Disability Accommodation

Consistent with the Americans with Disabilities Act (ADA) and other applicable federal and state law, it is the policy of Zenith American Solutions to provide reasonable accommodation when requested by a qualified applicant or employee with a disability, unless such accommodation would cause an undue hardship. The policy regarding requests for reasonable accommodation applies to all aspects of employment, including the application process. If reasonable accommodation is needed, please contact the Recruiting Department at recruiting@zenith-american.com, and we would be happy to assist you.

Zenith American Solutions

Real People. Real Solutions. National Reach. Local Expertise.

We are currently seeking an experienced VP, Chief Information Security Officer with the necessary skills, initiative, and personality, along with the desire to get the most out of their working life, to help us be our best every day.

Zenith American Solutions is the largest independent Third Party Administrator in the United States and currently operates over 40 offices nationwide. The original entity of Zenith American has been in business since 1944. Our company was formed as the result of a merger between Zenith Administrators and American Benefit Plan Administrators in 2011. By combining resources, best practices and scale, the new organization is even stronger and better than before

We realize the importance a comprehensive benefits program to our employees and their families. As part of our total compensation package, we offer an array of benefits including health, vision, and dental coverage, a retirement savings 401(k) plan with company match, paid time off (PTO), great opportunities for growth, and much, much more!

Internals to Apply:

If you meet the minimum qualifications and are interested in applying for the above position, please submit an application. All applications must be received by 5:00 pm on the Internal Posting Deadline listed above in order to be considered prior