|Preferred GIAC Certifications||GSLC, GSTRT|
|Contact Name||Highmark Recruiter|
This position is responsible for connecting business processes and policy directives with technically sound Security and Governance measures to drive down risk and increase awareness throughout Highmark, it’s subsidiary operations and provider groups. The Chief Information Security Officer (CISO) is a member of Highmark’s governance structure (including leadership from Audit, Legal, Privacy, Corporate Security, HR, Business Continuity and and Risk Management) and is accountable for partnering with them while developing, communicating and executing a comprehensive security strategy aligned with the business strategy and supported through Executive sponsorship. The CISO maintains oversight responsibility for all matters pertaining to enterprise information security, while balancing security needs with strategic business plan, identifying risk factors and determining solutions. The CISO plays a critical role in the following activities: facilitating/consulting mergers/acquisitions/divestitures, preserving reputation and brand, improving IT and operational efficiencies, achieving compliance with corporate policies and regulations and protecting intellectual property. The CISO is accountable to operationalize functions that include, security oversight, security engineering, security operations, security risk management, security compliance management, IT business continuity and IT disaster recovery.
Balances security needs with strategic business plan, while identifying risk factors and determining solutions. Maintains oversight responsibility for all matters pertaining to enterprise information security.
Monitors industry trends and regulations. Interprets impact on organization and enacts security policies and procedures that provide business operations protection and meet core business requirements.
Represents organization with respect to inquiries from customers, partners, regulators and the general public regarding security strategy.
Oversees the selection, testing, deployment and maintenance of security hardware and software products, as well as outsourced arrangements
Plans, prepares and tests responses to security events and business disruptions.
Develops monitoring procedures to ensure risks to environments can be monitored. Develops and champions education awareness campaigns to both business and technical functions to foster a security conscious culture across the organization.
Responds to security threats and breaches.
Other duties as assigned or requested.
10 years of experience of administrative aspect of IT production support systems
10 years’ experience in consulting, professional services or Health Care Security
5 years of experience with SSAE 16, Gramm-Leach –Bliley and Sarbanes-Oxley, NIST or ISO
5 years of experience with a GRC tool
5 years as a CISSP (Certified Information System Security Professional)
4 years of HIPAA experience
Knowledge, Skills and Abilities
Strong background in security frameworks, IT application of security frameworks, security software tools
Relationship Management -- develop, influence and nuture trust-based relationships between business units and IT
Creative Problem-Solver to aid competitiveness and act as a positive change agent
Excellent written and interpersonal communication skills
Ability to align IT with strategical business needs and act proactively
Strong financial analytical skills are required.