Pennant
IT Security Officer and Director (CISO)
Pennant, Eagle, Idaho, United States, 83616
Job Summary:
The IT Security Officer and Director (CISO) is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. This role will oversee and coordinate security efforts across the company, including information technology, human resources, communications, legal, and other groups, and will identify security initiatives and standards.
Key Responsibilities:
Develop and Implement Security Strategy:
Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.Work with senior management and corporate risk governance teams to determine acceptable levels of risk for the organization.Collaborate with other departments to ensure security measures are integrated into all aspects of the organization's operations.Stay current with emerging security trends, threats, and technologies, and recommend enhancements to the security program.
Security Operations:
Lead incident response planning and investigation of security breaches and assist with any associated disciplinary and legal matters.Direct the installation and use of security tools (e.g., firewalls, data encryption, IDS/IPS) to protect sensitive information.Monitor and manage security systems and tools to detect and respond to security threats and incidents.Conduct regular security assessments and vulnerability scans to identify and mitigate security risks.Conduct thorough investigations of security breaches and incidents, implementing corrective actions and documenting findings.Provide security awareness training and education to employees to promote a culture of security.Prepare and present regular reports on the status of the information security program to senior management.Compliance and Governance:
Ensure compliance with the changing laws and applicable regulations.Coordinate and track all information technology and security-related audits, including scope of audits, units involved, timelines, auditing agencies, and outcomes.Manage and continuously improve information security governance processes.SOX Audits:
Oversee IT's internal controls for SOX (Sarbanes-Oxley) audits to ensure compliance with financial reporting requirements.Work closely with the internal audit team and external auditors to provide necessary documentation and evidence of IT controls.Identify and remediate any deficiencies in IT controls to maintain SOX compliance.HIPAA Compliance:
Ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA) by implementing and maintaining robust security measures.Conduct regular audits and assessments to ensure the protection of Protected Health Information (PHI).Provide training and resources to staff on HIPAA compliance requirements and best practices.Risk Management:
Identify and assess risks to the organization's information and IT assets and recommend mitigation strategies.Develop and maintain the enterprise IT risk register.
Team Leadership and Development:
Oversee the selection and training of information security staff.Develop security awareness programs and communicate to employees about the importance of information security.
Liaison and Coordination:
Act as a liaison with the company's senior management and the board of directors, ensuring that security issues are prioritized and budgeted appropriately.Coordinate security initiatives with other departments to ensure integrated risk management.
Security Architecture:
Collaborate with the IT department to design and implement secure IT architectures and networks.Ensure that security architectures and strategies are in alignment with the organization's goals and objectives.
Qualifications:
Education:
Bachelor's degree in Computer Science, Information Systems, Business Administration, or related field.Master's degree preferred.
Experience:
Minimum of 10 years of experience in a combination of risk management, information security, and IT roles.At least five years in a senior leadership role.
Certifications:
Professional security management certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or similar credentials.Skills and Abilities:
Strong understanding of current and emerging security technologies and how they align to evolving business needs.Excellent project management, organizational, and leadership skills.Strong communication and interpersonal skills, with the ability to communicate security-related concepts to a broad range of technical and non-technical staff.Ability to influence and build consensus at all levels of the organization.
Personal Attributes:
High integrity and ethical standards.Strong analytical and problem-solving skills.Ability to remain calm and composed under pressure.Commitment to continuous learning and development.
Additional InformationWe are committed to providing a competitive Total Rewards Package that meets our employee's needs.From a choice of medical, dental and vision plans to retirement savings opportunities through a 401(k), company match and various other features, we offer a comprehensive benefits package. We believe in great work and we celebrate our employees' efforts and accomplishments both locally and companywide, recognizing people daily through our Moments of Truth Program. In addition to recognition, we believe in supporting our employees' professional growth and development. We provide employees a wide range of free e-courses through our Learning Management System as well as training sessions and seminars.
Compensation: Based on experience.Type: Full TimeLocation:Pennant Service Center1675 E. Riverside Drive, #150Eagle, ID 83616
If interested in this position, please submit a resume for consideration. We look forward to hearing from you!
About The Pennant GroupWe are proud to be affiliated with the Pennant Group, Inc. (NASDAQ: PNTG). Pennant was created in 2019 in connection with The Ensign Group, Inc.'s (NASDAQ: ENSG) spin-off of its home health, hospice, and senior living businesses. We believe that through our innovative operating model, we can foster a new level of patient care and professional competence at our independent operating subsidiaries and set a new industry standard for quality home health and hospice and senior living services. You can learn more about The Pennant Group at www.pennantgroup.com
Business Process: Job Requisition: JR47682 IT Security Officer and Director (CISO)
Subject: Pennant IT - Infrastructure & Security (Tyler Connelly)
Click here to view the notification details.
The employer for this position is stated in the job posting. The Pennant Group, Inc. is a holding company of independent operating subsidiaries that provide healthcare services through home health and hospice agencies and senior living communities located throughout the US. Each of these businesses is operated by a separate, independent operating subsidiary that has its own management, employees and assets. More information about The Pennant Group, Inc. is available at http://www.pennantgroup.com.
The IT Security Officer and Director (CISO) is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. This role will oversee and coordinate security efforts across the company, including information technology, human resources, communications, legal, and other groups, and will identify security initiatives and standards.
Key Responsibilities:
Develop and Implement Security Strategy:
Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.Work with senior management and corporate risk governance teams to determine acceptable levels of risk for the organization.Collaborate with other departments to ensure security measures are integrated into all aspects of the organization's operations.Stay current with emerging security trends, threats, and technologies, and recommend enhancements to the security program.
Security Operations:
Lead incident response planning and investigation of security breaches and assist with any associated disciplinary and legal matters.Direct the installation and use of security tools (e.g., firewalls, data encryption, IDS/IPS) to protect sensitive information.Monitor and manage security systems and tools to detect and respond to security threats and incidents.Conduct regular security assessments and vulnerability scans to identify and mitigate security risks.Conduct thorough investigations of security breaches and incidents, implementing corrective actions and documenting findings.Provide security awareness training and education to employees to promote a culture of security.Prepare and present regular reports on the status of the information security program to senior management.Compliance and Governance:
Ensure compliance with the changing laws and applicable regulations.Coordinate and track all information technology and security-related audits, including scope of audits, units involved, timelines, auditing agencies, and outcomes.Manage and continuously improve information security governance processes.SOX Audits:
Oversee IT's internal controls for SOX (Sarbanes-Oxley) audits to ensure compliance with financial reporting requirements.Work closely with the internal audit team and external auditors to provide necessary documentation and evidence of IT controls.Identify and remediate any deficiencies in IT controls to maintain SOX compliance.HIPAA Compliance:
Ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA) by implementing and maintaining robust security measures.Conduct regular audits and assessments to ensure the protection of Protected Health Information (PHI).Provide training and resources to staff on HIPAA compliance requirements and best practices.Risk Management:
Identify and assess risks to the organization's information and IT assets and recommend mitigation strategies.Develop and maintain the enterprise IT risk register.
Team Leadership and Development:
Oversee the selection and training of information security staff.Develop security awareness programs and communicate to employees about the importance of information security.
Liaison and Coordination:
Act as a liaison with the company's senior management and the board of directors, ensuring that security issues are prioritized and budgeted appropriately.Coordinate security initiatives with other departments to ensure integrated risk management.
Security Architecture:
Collaborate with the IT department to design and implement secure IT architectures and networks.Ensure that security architectures and strategies are in alignment with the organization's goals and objectives.
Qualifications:
Education:
Bachelor's degree in Computer Science, Information Systems, Business Administration, or related field.Master's degree preferred.
Experience:
Minimum of 10 years of experience in a combination of risk management, information security, and IT roles.At least five years in a senior leadership role.
Certifications:
Professional security management certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or similar credentials.Skills and Abilities:
Strong understanding of current and emerging security technologies and how they align to evolving business needs.Excellent project management, organizational, and leadership skills.Strong communication and interpersonal skills, with the ability to communicate security-related concepts to a broad range of technical and non-technical staff.Ability to influence and build consensus at all levels of the organization.
Personal Attributes:
High integrity and ethical standards.Strong analytical and problem-solving skills.Ability to remain calm and composed under pressure.Commitment to continuous learning and development.
Additional InformationWe are committed to providing a competitive Total Rewards Package that meets our employee's needs.From a choice of medical, dental and vision plans to retirement savings opportunities through a 401(k), company match and various other features, we offer a comprehensive benefits package. We believe in great work and we celebrate our employees' efforts and accomplishments both locally and companywide, recognizing people daily through our Moments of Truth Program. In addition to recognition, we believe in supporting our employees' professional growth and development. We provide employees a wide range of free e-courses through our Learning Management System as well as training sessions and seminars.
Compensation: Based on experience.Type: Full TimeLocation:Pennant Service Center1675 E. Riverside Drive, #150Eagle, ID 83616
If interested in this position, please submit a resume for consideration. We look forward to hearing from you!
About The Pennant GroupWe are proud to be affiliated with the Pennant Group, Inc. (NASDAQ: PNTG). Pennant was created in 2019 in connection with The Ensign Group, Inc.'s (NASDAQ: ENSG) spin-off of its home health, hospice, and senior living businesses. We believe that through our innovative operating model, we can foster a new level of patient care and professional competence at our independent operating subsidiaries and set a new industry standard for quality home health and hospice and senior living services. You can learn more about The Pennant Group at www.pennantgroup.com
Business Process: Job Requisition: JR47682 IT Security Officer and Director (CISO)
Subject: Pennant IT - Infrastructure & Security (Tyler Connelly)
Click here to view the notification details.
The employer for this position is stated in the job posting. The Pennant Group, Inc. is a holding company of independent operating subsidiaries that provide healthcare services through home health and hospice agencies and senior living communities located throughout the US. Each of these businesses is operated by a separate, independent operating subsidiary that has its own management, employees and assets. More information about The Pennant Group, Inc. is available at http://www.pennantgroup.com.