Deercreekseniorliving
IT Security Officer and Director (CISO)
Deercreekseniorliving, Eagle, Idaho, United States, 83616
IT Security Officer and Director (CISO)
Job Summary:The IT Security Officer and Director (CISO) is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. This role will oversee and coordinate security efforts across the company, including information technology, human resources, communications, legal, and other groups, and will identify security initiatives and standards.Key Responsibilities:Develop and Implement Security Strategy:Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.Work with senior management and corporate risk governance teams to determine acceptable levels of risk for the organization.Collaborate with other departments to ensure security measures are integrated into all aspects of the organization's operations.Stay current with emerging security trends, threats, and technologies, and recommend enhancements to the security program.Security Operations:Lead incident response planning and investigation of security breaches and assist with any associated disciplinary and legal matters.Direct the installation and use of security tools (e.g., firewalls, data encryption, IDS/IPS) to protect sensitive information.Monitor and manage security systems and tools to detect and respond to security threats and incidents.Conduct regular security assessments and vulnerability scans to identify and mitigate security risks.Conduct thorough investigations of security breaches and incidents, implementing corrective actions and documenting findings.Provide security awareness training and education to employees to promote a culture of security.Prepare and present regular reports on the status of the information security program to senior management.Compliance and Governance:Ensure compliance with the changing laws and applicable regulations.Coordinate and track all information technology and security-related audits, including scope of audits, units involved, timelines, auditing agencies, and outcomes.Manage and continuously improve information security governance processes.SOX Audits:Oversee IT's internal controls for SOX (Sarbanes-Oxley) audits to ensure compliance with financial reporting requirements.Work closely with the internal audit team and external auditors to provide necessary documentation and evidence of IT controls.Identify and remediate any deficiencies in IT controls to maintain SOX compliance.HIPAA Compliance:Ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA) by implementing and maintaining robust security measures.Conduct regular audits and assessments to ensure the protection of Protected Health Information (PHI).Provide training and resources to staff on HIPAA compliance requirements and best practices.Risk Management:Identify and assess risks to the organization's information and IT assets and recommend mitigation strategies.Develop and maintain the enterprise IT risk register.Team Leadership and Development:Oversee the selection and training of information security staff.Develop security awareness programs and communicate to employees about the importance of information security.Liaison and Coordination:Act as a liaison with the company's senior management and the board of directors, ensuring that security issues are prioritized and budgeted appropriately.Coordinate security initiatives with other departments to ensure integrated risk management.Security Architecture:Collaborate with the IT department to design and implement secure IT architectures and networks.Ensure that security architectures and strategies are in alignment with the organization’s goals and objectives.Qualifications:Education:Bachelor’s degree in Computer Science, Information Systems, Business Administration, or related field.Master’s degree preferred.Experience:Minimum of 10 years of experience in a combination of risk management, information security, and IT roles.At least five years in a senior leadership role.Certifications:Professional security management certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or similar credentials.Skills and Abilities:Strong understanding of current and emerging security technologies and how they align to evolving business needs.Excellent project management, organizational, and leadership skills.Strong communication and interpersonal skills, with the ability to communicate security-related concepts to a broad range of technical and non-technical staff.Ability to influence and build consensus at all levels of the organization.Personal Attributes:High integrity and ethical standards.Strong analytical and problem-solving skills.Ability to remain calm and composed under pressure.Commitment to continuous learning and development.
#J-18808-Ljbffr
Job Summary:The IT Security Officer and Director (CISO) is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. This role will oversee and coordinate security efforts across the company, including information technology, human resources, communications, legal, and other groups, and will identify security initiatives and standards.Key Responsibilities:Develop and Implement Security Strategy:Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.Work with senior management and corporate risk governance teams to determine acceptable levels of risk for the organization.Collaborate with other departments to ensure security measures are integrated into all aspects of the organization's operations.Stay current with emerging security trends, threats, and technologies, and recommend enhancements to the security program.Security Operations:Lead incident response planning and investigation of security breaches and assist with any associated disciplinary and legal matters.Direct the installation and use of security tools (e.g., firewalls, data encryption, IDS/IPS) to protect sensitive information.Monitor and manage security systems and tools to detect and respond to security threats and incidents.Conduct regular security assessments and vulnerability scans to identify and mitigate security risks.Conduct thorough investigations of security breaches and incidents, implementing corrective actions and documenting findings.Provide security awareness training and education to employees to promote a culture of security.Prepare and present regular reports on the status of the information security program to senior management.Compliance and Governance:Ensure compliance with the changing laws and applicable regulations.Coordinate and track all information technology and security-related audits, including scope of audits, units involved, timelines, auditing agencies, and outcomes.Manage and continuously improve information security governance processes.SOX Audits:Oversee IT's internal controls for SOX (Sarbanes-Oxley) audits to ensure compliance with financial reporting requirements.Work closely with the internal audit team and external auditors to provide necessary documentation and evidence of IT controls.Identify and remediate any deficiencies in IT controls to maintain SOX compliance.HIPAA Compliance:Ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA) by implementing and maintaining robust security measures.Conduct regular audits and assessments to ensure the protection of Protected Health Information (PHI).Provide training and resources to staff on HIPAA compliance requirements and best practices.Risk Management:Identify and assess risks to the organization's information and IT assets and recommend mitigation strategies.Develop and maintain the enterprise IT risk register.Team Leadership and Development:Oversee the selection and training of information security staff.Develop security awareness programs and communicate to employees about the importance of information security.Liaison and Coordination:Act as a liaison with the company's senior management and the board of directors, ensuring that security issues are prioritized and budgeted appropriately.Coordinate security initiatives with other departments to ensure integrated risk management.Security Architecture:Collaborate with the IT department to design and implement secure IT architectures and networks.Ensure that security architectures and strategies are in alignment with the organization’s goals and objectives.Qualifications:Education:Bachelor’s degree in Computer Science, Information Systems, Business Administration, or related field.Master’s degree preferred.Experience:Minimum of 10 years of experience in a combination of risk management, information security, and IT roles.At least five years in a senior leadership role.Certifications:Professional security management certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or similar credentials.Skills and Abilities:Strong understanding of current and emerging security technologies and how they align to evolving business needs.Excellent project management, organizational, and leadership skills.Strong communication and interpersonal skills, with the ability to communicate security-related concepts to a broad range of technical and non-technical staff.Ability to influence and build consensus at all levels of the organization.Personal Attributes:High integrity and ethical standards.Strong analytical and problem-solving skills.Ability to remain calm and composed under pressure.Commitment to continuous learning and development.
#J-18808-Ljbffr