Apply on Employer Site

Surescripts · 10 hours ago

Director Business Information Security Officer

United States

Full-time

Remote

Director/Executive

$200K/yr - $244K/yr

10+ years exp

Surescripts serves the nation through simpler, trusted health intelligence sharing, in order to increase patient safety, lower costs and ensure quality care. The Director Business Information Security Officer (BISO) acts as the primary liaison between business units and the Information Security team, responsible for aligning business needs with security strategies and ensuring compliance with regulatory requirements.

Information TechnologyReal TimeSecuritySoftware

Growth Opportunities

No H1B

Responsibilities

Serve as a trusted advisor to the business on information security matters

Work closely with Information Security leadership overseeing Identity and Access Management, Fraud and Crisis Management, merger and acquisition activities and any new business initiatives

Keep abreast of current activity within the IAM and Fraud and Crisis teams and partner with team members for success

Foster strong, collaborative relationships with internal business partners and external entities to maintain a strong network

Enforce and influence strong security culture set forth by the CISO, ensuring uniformity across business units and employees

Advise organization on enterprise-wide process and technology security recommendations

Proactively gather and share pertinent information to effectively lead/engage in daily information security operations

Lead the development and execution of crisis management plans and procedures

Collaborate with external health care technology vendors, pharmacy partners, law enforcement, governmental entities and / and IT teams to ensure secure e-prescribing processes are being followed

Assist with creating the Information Security department budget, monitoring expenditures, and ensuring alignment with the overall department budget

Review customer contracts for appropriate information security language and requirements in partnership with Commercial Legal and Procurement

Hold security leadership and teams accountable to consistently learn and share advanced knowledge and practices that promote excellence with the information security teams

Maintain an up-to-date level of knowledge relating to security threats, vulnerabilities, and mitigations set forth to reduce the corporate attack surface

Lead security projects and ensure they are delivered on time and within budget

Proactively identify and remove complexity and obstacles that hinder efficient security controls enterprise wide

Stay abreast of new laws, regulations, and standards, and assess their impact to the business

Perform security due diligence for mergers, acquisitions, divestitures, and any new business initiatives

Serve as the CISO representative when the CISO is not available, including making decisions usually made by the CISO

Qualification

Cybersecurity managementInformation security policiesRisk managementPeople managementNIST standardsCISSP certificationCISM certificationProject managementTeam buildingStrategic visionStress managementAnalytical skillsCommunication skills

Required

Bachelor's degree in business administration, information assurance, or related technical field

10+ years of related, progressive experience in cybersecurity management with at least 8+ years in an operationally focused security practitioner role

5+ years' experience working with business leadership and with fiscal responsibilities

3+ years' experience working with product and/or data teams to ensure that security is woven into each product based on company policies and standards

3+ years of experience handling tough conversations with customers

3+ years of people management/leadership experience

Strong written and verbal communication skills across all levels of the organization

Driven to build a strong, cohesive team and positive enterprise-wide security culture

Proven high integrity, trustworthiness and confidence, and ability to represent the company and security leadership with the highest level of professionalism

Ability to effectively manage stress in a constantly changing environment

Strategic vision and ability to successfully collaborate with and influence others

Strong project management and organizational skills

Proven experience with National Institute of Technology (NIST) standards or California Consumer Privacy Act (CCPA) or Health Information Portability and Accountability Act (HIPAA) or HITRUST or SOC2

Demonstrated understanding and comprehension of a wide range of cybersecurity solutions