Position Summary:

The Chief Information Security Officer is responsible ensuring information security compliance across the enterprise. This position will support development of new policies and modernization of existing policies to mature information security practices and protect the enterprise from internal and external threats.

Responsibilities:

• Set strategy for the information security team with a focus on optimizing for both current and future business needs. Oversee the implementation and maintenance of divisional security, tools, processes, and security best practices to achieve desired outcomes.
• Continually assess cyber security framework. Make recommendations for improvement and modernization. Implement or oversee implementation of approved recommendations.
• Understand security requirements and communicate the safeguards to key stakeholders.
• Lead organization through HITRUST(r2)/SOC 2 and other relevant security certification processes.
• Collaborate with executive leadership to prioritize security initiatives and spending based on appropriate risk management.
• Work directly with DevOps teams to integrate security measures into the CI/CD pipeline, ensuring the rapid and safe delivery of code.
• Actively participate in and support the Data Governance Committee. Develop a Governance, Security, Risk, and Compliance framework for the organization.
• Actively participate and contribute to the Compliance and Cybersecurity Committee.
• Maintain regulatory knowledge as applicable to the work of CyncHealth. In particular, understand obligations under HIPAA, data breach notifications, Federal Acquisition Regulations, OMB’s Uniform Guidance, and other relevant laws and regulations.
• Serve as the primary liaison between the information security team and other departments, including IT, legal, HR, and DevOps, to ensure a unified approach to security.
• Develop and oversee the implementation of incident response plans and procedures to ensure timely and effective management of security breaches or anomalies.
• Serve as a SME on information security programs, providing relationship management, deliverable execution, and other duties as required to fulfill contractual terms with the states in which CyncHealth operates.
• Develop, implement, and utilize Objectives and Key Results (OKRs) that impact information security programs.
• Hire, motivate and retain top quality team members. Provide regular and ongoing feedback, including performance management with direct reports.
• Build and maintain effective relationships with other leadership.
• Develop content and present locally, regionally, and nationally to promote CyncHealth as an industry leader.
• Responsibility for strategy, growth, oversight, budget, and standardization of CyncHealth information security programs.
• Work with internal team to develop and maintain an ongoing cyber security training program for all CyncHealth team members.
• Recommend technology to maintain highest levels of cyber security capabilities.
• Identify potential risks and makes recommendations to address gaps and mitigate compliance and regulatory risks.
• Provide regular updates to senior leadership and, as needed, the Board of Directors.
• Protect assets and the integrity, security and privacy of information entrusted to or maintained by the organization.
• Model CyncHealth’s values and Code of Conduct. Manage resources and business objectives in compliance with charter, policies, and standards.
• Other duties as assigned.

Physical Requirements:

• Ability to work on a computer for extended periods of time.
• Ability to stand or sit for extended periods of time.
• Extended working hours and overnight travel may be necessary.
• Light work requiring exertion up to 20 pounds of force occasionally, and/or up to 10 pounds of force frequently, and/or a negligible amount of force constantly to move objects.
• Ability to work from La Vista, NE office with reliable and predictable attendance Normal hours are Monday-Friday 8am-5pm, however, extended hours may be required in this position.

Experience/Requirements:

• Bachelor’s Degree in Information Technology, Cybersecurity, or related field required
• A minimum of ten years proven experience in information security with progressive experience required.
• 5+ years of leadership experience in healthcare IT preferred.
• CISSP certification required.
• CISM certification required.
• Strong understanding of DevOps practices and tools, and their implications for information security.
• Understanding of cloud computing models with AWS experience preferred.
• Advanced to expert understanding of Information Security Management required.
• Experience conducting internal investigations and supporting external audits.
• Experience with performance improvement (Lean, Six Sigma, etc.), quality, and/or project management (“PMP”) preferred.
• Demonstrated expertise to handle complex and ambiguous situations in a positive and collaborative manner.
• Advanced understanding of Microsoft Office products including Word, Excel, Outlook, and PowerPoint.
• Demonstrated experience with leading and managing a diverse and multidisciplinary team.
• Excellent verbal and written communication skills
• Ability to work independently with minimal supervision.
• Meticulous attention to detail
• Strong decision-making and problem-solving skills
• Ability to maintain a high degree of confidentiality.

Benefits:

• Medical
• Dental
• Vision
• Paid Time Off/Paid Holidays
• Long & Short-Term Disability
• Life Insurance
• 401(K) with 4% Matching
• Maternity/Paternity Leave
• Pet Insurance

Disclaimer:

The above statements are intended to describe the general nature and level of work being performed by individuals assigned to this position. The statements are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required for this position.

Must be authorized to work in the United States.