Chief Information Security Officer
WebChart
full-time
Posted on:
Location Type: Remote
Location: United States
Visit company websiteExplore more
Job Level
About the role
- Develop and implement the organization's information security strategy.
- Provide regular security updates to the CIO, other executives, and the board of directors, including presentations on security matters.
- Represent the organization in security-related matters with external parties, including vendors and auditors.
- Work closely with the CIO and operate as a member of the DevOps team to emphasize and implement security initiatives.
- Conduct regular risk assessments and vulnerability scans using tools like Rapid7 IVM and internal tracking systems.
- Oversee the development and implementation of incident response plans and conduct tabletop exercises with DevOps team members.
- Ensure compliance with relevant regulations and standards, including HITRUST, NIST, DirectTrust, HIPAA, and SOC 2 (Type II), ISO.
- Manage internal and external security audits, including evidence collection and preparation.
- Oversee the evidence collection process for audits, working with third-party auditors for response submission.
- Work closely with business development and legal to assist with security compliance requirements.
- Assist with identifying and implementing international security compliance.
- Develop, review, and update information security policies and procedures, such as the Vulnerability and Patch Management Procedure and Data Center Access Procedure.
- Ensure policies are communicated and enforced throughout the organization, including through security awareness training.
- Participate in the day-to-day operations of the security team and manage security tools and technologies, including Check Point, SentinelOne, and intrusion detection systems.
- Monitor security alerts and respond to incidents, including phishing attempts reported through various tools.
- Lead and mentor the security team, reviewing tasks and responsibilities while working closely with the DevOps team members.
- Evaluate and manage security vendors, including VDA Labs, KnowBe4, reviewing security agreements and contracts.
- Perform vendor audits and maintain required documentation.
- Develop and deliver security awareness training to employees, including utilizing KnowBe4, TalentLMS, and internal training programs.
- Provide onboarding training for new employees.
- Develop and manage the security budget, planning and prioritizing security projects, including funding for tools and conferences.
Requirements
- Bachelor's degree or equivalent work experience.
- 10+ years of experience as a CISO or similar role, with at least 3 years of security-related leadership.
- Proven background in systems administration.
- Experience leading teams.
- Certified Information Systems Security Professional (CISSP) required.
- Expertise in vulnerability testing, penetration testing, and developing security practices.
- Knowledge of standards-based architecture, compliance monitoring, and enforceability.
- Strong leadership skills with the ability to motivate and guide teams.
- Experience in healthcare or other highly-regulated environments.
Benefits
- Competitive compensation
- Comprehensive benefits package including medical/dental/vision insurance
- 401k with company match
- Paid-Time off
- Quarterly bonus program
- Flexible work schedule
- Remote work
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
information security strategyrisk assessmentsvulnerability scansincident response planssecurity compliancevulnerability testingpenetration testingsecurity practicessystems administrationsecurity audits
Soft Skills
leadershipteam managementcommunicationmentoringpresentation skillsorganizational skillsmotivationguidancecollaborationtraining
Certifications
Certified Information Systems Security Professional (CISSP)