Kaiser Permanente
Executive Director - Cyber Risk Defense Center & Deputy CISO
Kaiser Permanente, Pleasanton, California, United States, 94566
Job Summary:
This position, reporting to the Vice President and Chief Information Security Officer of Kaiser Permanente, is responsible for leading and managing the Cyber Risk Defense Center organization. This organization provides 24x7x365 detection and response for cyber security threats, protecting KP’s global operations. Directs a team of 60 information security professionals who are responsible for operational delivery of cyber threat monitoring. In addition, this position is responsible for developing and managing strong strategic relationships with senior leadership levels in the National Privacy, Ethics, and Compliance Organization, Legal, Enterprise Business Services, Information Technology, and the Permanente Medical Groups. This position has a very wide expanse of key relationships across Kaiser Permanente. This executive must demonstrate solid leadership, relationship management, and collaboration competencies.
Essential Responsibilities:
Sponsors the development of the Cyber Risk Defense Center strategic roadmap ensuring that it is aligned to mitigate current and future security risks for Kaiser Permanente’s global operations.
Aligns the roadmap with Kaiser Permanente’s acquisition strategies.
Leads incident response processes associated with the Computer Security Incident Response Plan and Breach Playbook.
Conducts test exercises across organizational lines, and continually improves response capabilities.
Leads development and dissemination of security intelligence, both internal and external.
Oversees countermeasures development and deployment.
Leads investigative processes to include e-Discovery collections.
Supports Privacy, Ethics, and National Compliance with internal investigations.
Leads analytical teams that monitor for cyber threats and processes for escalation.
Leads data science and engineering to develop and tune use cases that trigger responses in the Cyber Risk Defense Center.
Develops, designs, and implements metrics/dashboard reporting for key business management initiatives, and/or other ad hoc needs to support Cyber Risk Defense Center business objectives and strategic imperatives.
Strategically advises and/or distributes/shares reports with stakeholder groups to optimize visibility of Cyber Risk Defense Center leadership and the Cyber Risk Defense Center’s role to contribute to businesses of KP.
Ensures Cyber Risk Defense Center is strategically and effectively engaged with stakeholder communities and is meeting stakeholder expectations. Plans, designs, and conducts stakeholder satisfaction inquiries, and integrates learnings into future planning and stakeholder engagement to ensure maximum effectiveness of Cyber Risk Defense Center.
Develops communication approaches and strategies, determines presentation focus and emphasis, and prepares executive-level presentations in support of the Chief Information Security Officer. Primary audiences include the IT Executive Committee, KP business leaders, Executive Sponsor Group, business operations governance bodies, and other key audiences, as needed.
Plans and leads designated people processes and organization performance reporting, and goal setting on behalf of the Cyber Risk Defense Center, including performance management, process coordination, and talent reviews.
Develops a high performing leadership team by providing strategic leadership and vision, and professional development of technical and business management staff.
Develops long term resource and employee development strategies to ensure workforce is equipped and available to support the execution needs of the Cyber Risk Defense Center.
Leads major security incidents and cross-KP exercises.
Runs steering committee subgroups for Privacy & Security and presents findings and recommendations to the Privacy & Security committee.
Serves on the steering groups to drive cyber process and technical integration.
Works directly with the Chief Information Security Officer to develop strategy, prioritize investments, and develop roadmaps for both Core and investment programs.
Provides executive level decision making on cyber risk along with advisory service to TRO customers.
Develops cross-cyber and KP-IT processes that make security more effective.
Develops key performance indicators, service level objectives and other operational metrics to continually measure and improve cyber security.
Basic Qualifications:
Minimum ten (10) years of information security experience.
Minimum ten (10) years of leadership experience.
Education:
Bachelor's degree is required.
License, Certification, Registration:
N/A
Additional Requirements:
A proven senior IT security leader who has demonstrated leadership in building and managing teams in a large, client-focused, complex IT health care environment, who possesses business and financial acumen as well as social intelligence.
Must possess dynamic leadership capabilities to build and manage a highly effective organization and develop high-performance teams that may be geographically dispersed. Proven ability to mentor peer and mid-level managers is also required.
Proven experience in strategically managing project and portfolio lifecycles and the alignment of these to strategic company-wide roadmaps and ability to identify and prioritize strategic imperatives to ensure alignment with corporate strategy.
Strong team player able to partner with other IT functional units to deliver substantive added value to business planning and operations.
Systems-thinking, quickly assimilates the connections and relationships across functions and entities for both internal and external constituencies; thinks appropriately into the future.
Client Service and Results Driven: focuses and aligns actions and decisions on ways to enhance service, client, and stakeholder experiences and objectives; is motivated and committed to achieving results on behalf of commitments to clients; inspires same in staff; does what’s necessary to improve organizational performance; balances resources to produce desired outcomes; tracks and monitors performance.
Team Focus: acts and makes decisions as part of a whole; assembles and effectively leads direct report and/or partnership teams; exceptional facilitator of teamwork and decision-making in virtual and in-person settings.
Communication: sends the right messages and information to appropriate audiences verbally and in writing; ability to inspire/interact effectively spanning all levels in the organization, from Boards of Directors through line staff; keeps all stakeholders informed; adapts communication style to needs of audience.
Collaboration/Influencing: Actively gathers appropriate maximum level of participation and input to decision-making, and fosters same within team; persuades others to see/recognize new perspectives to reach best outcomes; strong matrix management and influencing skills.
Strategy: thinking/planning/providing vision of the future, and developing actionable plans to achieve vision.
Change Leadership: see breakthrough possibilities, dispel established mental and operational “maps”, and effectively communicate vision of possibilities, lead change planning to ensure that changes take hold.
Analytics: understands and actively seeks use of metrics and critical thinking to distill situations, guide messages and make decisions.
Accountability: unquestionable ownership for delivering service and meeting business objectives.
Resource Management: proactively plans, forecasts, and achieves operating and capital short-term and long-term goals.
Commercial/Business Acumen: Ability to understand business drivers and work with stakeholders to manage cost and value drivers.
Preferred Qualifications:
Certified Information Systems Security Professional (CISSP), preferred.
#J-18808-Ljbffr
This position, reporting to the Vice President and Chief Information Security Officer of Kaiser Permanente, is responsible for leading and managing the Cyber Risk Defense Center organization. This organization provides 24x7x365 detection and response for cyber security threats, protecting KP’s global operations. Directs a team of 60 information security professionals who are responsible for operational delivery of cyber threat monitoring. In addition, this position is responsible for developing and managing strong strategic relationships with senior leadership levels in the National Privacy, Ethics, and Compliance Organization, Legal, Enterprise Business Services, Information Technology, and the Permanente Medical Groups. This position has a very wide expanse of key relationships across Kaiser Permanente. This executive must demonstrate solid leadership, relationship management, and collaboration competencies.
Essential Responsibilities:
Sponsors the development of the Cyber Risk Defense Center strategic roadmap ensuring that it is aligned to mitigate current and future security risks for Kaiser Permanente’s global operations.
Aligns the roadmap with Kaiser Permanente’s acquisition strategies.
Leads incident response processes associated with the Computer Security Incident Response Plan and Breach Playbook.
Conducts test exercises across organizational lines, and continually improves response capabilities.
Leads development and dissemination of security intelligence, both internal and external.
Oversees countermeasures development and deployment.
Leads investigative processes to include e-Discovery collections.
Supports Privacy, Ethics, and National Compliance with internal investigations.
Leads analytical teams that monitor for cyber threats and processes for escalation.
Leads data science and engineering to develop and tune use cases that trigger responses in the Cyber Risk Defense Center.
Develops, designs, and implements metrics/dashboard reporting for key business management initiatives, and/or other ad hoc needs to support Cyber Risk Defense Center business objectives and strategic imperatives.
Strategically advises and/or distributes/shares reports with stakeholder groups to optimize visibility of Cyber Risk Defense Center leadership and the Cyber Risk Defense Center’s role to contribute to businesses of KP.
Ensures Cyber Risk Defense Center is strategically and effectively engaged with stakeholder communities and is meeting stakeholder expectations. Plans, designs, and conducts stakeholder satisfaction inquiries, and integrates learnings into future planning and stakeholder engagement to ensure maximum effectiveness of Cyber Risk Defense Center.
Develops communication approaches and strategies, determines presentation focus and emphasis, and prepares executive-level presentations in support of the Chief Information Security Officer. Primary audiences include the IT Executive Committee, KP business leaders, Executive Sponsor Group, business operations governance bodies, and other key audiences, as needed.
Plans and leads designated people processes and organization performance reporting, and goal setting on behalf of the Cyber Risk Defense Center, including performance management, process coordination, and talent reviews.
Develops a high performing leadership team by providing strategic leadership and vision, and professional development of technical and business management staff.
Develops long term resource and employee development strategies to ensure workforce is equipped and available to support the execution needs of the Cyber Risk Defense Center.
Leads major security incidents and cross-KP exercises.
Runs steering committee subgroups for Privacy & Security and presents findings and recommendations to the Privacy & Security committee.
Serves on the steering groups to drive cyber process and technical integration.
Works directly with the Chief Information Security Officer to develop strategy, prioritize investments, and develop roadmaps for both Core and investment programs.
Provides executive level decision making on cyber risk along with advisory service to TRO customers.
Develops cross-cyber and KP-IT processes that make security more effective.
Develops key performance indicators, service level objectives and other operational metrics to continually measure and improve cyber security.
Basic Qualifications:
Minimum ten (10) years of information security experience.
Minimum ten (10) years of leadership experience.
Education:
Bachelor's degree is required.
License, Certification, Registration:
N/A
Additional Requirements:
A proven senior IT security leader who has demonstrated leadership in building and managing teams in a large, client-focused, complex IT health care environment, who possesses business and financial acumen as well as social intelligence.
Must possess dynamic leadership capabilities to build and manage a highly effective organization and develop high-performance teams that may be geographically dispersed. Proven ability to mentor peer and mid-level managers is also required.
Proven experience in strategically managing project and portfolio lifecycles and the alignment of these to strategic company-wide roadmaps and ability to identify and prioritize strategic imperatives to ensure alignment with corporate strategy.
Strong team player able to partner with other IT functional units to deliver substantive added value to business planning and operations.
Systems-thinking, quickly assimilates the connections and relationships across functions and entities for both internal and external constituencies; thinks appropriately into the future.
Client Service and Results Driven: focuses and aligns actions and decisions on ways to enhance service, client, and stakeholder experiences and objectives; is motivated and committed to achieving results on behalf of commitments to clients; inspires same in staff; does what’s necessary to improve organizational performance; balances resources to produce desired outcomes; tracks and monitors performance.
Team Focus: acts and makes decisions as part of a whole; assembles and effectively leads direct report and/or partnership teams; exceptional facilitator of teamwork and decision-making in virtual and in-person settings.
Communication: sends the right messages and information to appropriate audiences verbally and in writing; ability to inspire/interact effectively spanning all levels in the organization, from Boards of Directors through line staff; keeps all stakeholders informed; adapts communication style to needs of audience.
Collaboration/Influencing: Actively gathers appropriate maximum level of participation and input to decision-making, and fosters same within team; persuades others to see/recognize new perspectives to reach best outcomes; strong matrix management and influencing skills.
Strategy: thinking/planning/providing vision of the future, and developing actionable plans to achieve vision.
Change Leadership: see breakthrough possibilities, dispel established mental and operational “maps”, and effectively communicate vision of possibilities, lead change planning to ensure that changes take hold.
Analytics: understands and actively seeks use of metrics and critical thinking to distill situations, guide messages and make decisions.
Accountability: unquestionable ownership for delivering service and meeting business objectives.
Resource Management: proactively plans, forecasts, and achieves operating and capital short-term and long-term goals.
Commercial/Business Acumen: Ability to understand business drivers and work with stakeholders to manage cost and value drivers.
Preferred Qualifications:
Certified Information Systems Security Professional (CISSP), preferred.
#J-18808-Ljbffr