Job Description
Summary:
The Virtual Chief Information Security Officer is a compliance and security executive leader who can serve as a fractional Chief Information Security Officer (CISO) for Fortified’s healthcare clients. The vCISO team member serves as a trusted advisor to support, establish, and mature a client’s security vision, security and risk management strategy, and Information Security Program to reduce cybersecurity risk. The vCISO will drive various complex strategic governance and technical projects as assigned. The vCISO will benefit Fortified as well as the client organization through security prioritization, risk management, security governance, corrective action planning, vulnerability management, security awareness, and overall security compliance.
Essential Job Functions
The following duties are normal for this position. The omission of specific statements of duties does not exclude them from being expected of this position if the work is similar, related, or a logical assignment for this position. Other duties may be required.
- Serve as a trusted advisor to both internal Fortified and client senior management in the development of company-wide policy.
- Understand healthcare business operations, the healthcare cybersecurity landscape, and the healthcare regulatory environment.
- Analyze and enhance the Security Risk Management Process to ensure best practice control.
- Advise senior management on recommended actions to support the risk management process. This involves identifying and prioritizing risks, implementing risk mitigation measures, and serve as an informed, trusted advisor to clients.
- Assist upper level vCISOs in the identification and proposal of key information security priorities, initiatives, plans, practices, and tools.
- Draft and propose a Strategic Security plan and/or corrective action plan (CAP) based on the recent risk assessment / GAP analysis / internal risk mitigation.
- Collaborate with various Fortified departments, Client stakeholders, and third parties to ensure a holistic approach to cybersecurity.
- Research and advise senior management on security trends and evolving security regulations potentially impacting the organization.
- Research potential and emerging information security threats, vulnerabilities, and potential control techniques and communicate this information to senior management.
- Develop necessary policies / procedures / processes pertaining to Cybersecurity Risk Management.
- vCISOs should be adaptable. Other deliverables may be assigned as necessary and applicable.
- Accurately enters and submits time by the required departmental deadlines.
- Books travel in adherence to the company travel policy.
- Maintains documentation regarding Customer and internal Fortified interactions.
- Provides Pre- and Post-Sales Support to Fortified Sales team and upper level vCISOs as needed.
- Provide thought leadership in areas of expertise.
- Maintains in-depth knowledge of the Fortified core products.
- Attend and participate in team and departmental meetings.
- Maintain application & industry knowledge through self-study and by attending training classes.
- Responds to email and phone communications in a timely fashion.
- Continue internal initiative for cross training opportunities.
- Ensure that all HIPAA Privacy and Security requirements and responsibilities are adhered to constantly.
- Recommends process/procedure improvements to upper level vCISOs as well as the Advisory leadership team.
Knowledge & Skills
Education & Experience
- 5 years minimum IT healthcare executive experience in a security-related leadership role.
- Experience working in a consultative role preferred.
- Frequent interaction with other vCISOs, client interaction, and status reporting required.
- Previous experience conducting and/or managing HIPAA Security Risk Management preferred.
- Previous experience developing and executing risk mitigation corrective action planning preferred.
- Previous experience developing and executing business impact assessments preferred.
- 4-year college degree required.
- MBA preferred.
Special Skills & Knowledge
- Healthcare industry experience required.
- Familiarity with HIPAA / NIST CSF.
Licenses, Certifications, etc.
- One or more of the following certifications are preferred: CISSP, CISM, CRISC, GSTRT, GLEG, GCCC, GSEC, C|CISO
Requirements
Supervisory Responsibility
Working Conditions & Travel Requirements
Fortified Health Security is an Equal Opportunity Employer. In compliance with the Americans with Disabilities Act, Fortified Health Security will provide reasonable accommodations to qualified individuals with disabilities. If a reasonable accommodation is needed to perform this position, you need to inform Fortified Health Security People and Culture Team of such request. Signatures below indicate the receipt and review of this job description by the associate assigned to the position and the People and Culture Team.
