Vice President, Chief Information Security Officer

The Vice President of Information Security/CISO reports directly to the SVP, Chief Risk Officer and will oversee the enterprise-wide security program. The security program includes Governance, Risk and Compliance ("GRC"), Disaster Recovery Management, Identity and Access Management and Cyber Operations. The CISO must have a strong technical background and fully understand threats, risk mitigation and technical controls. The CISO assumes accountability for the daily security tactical operations and overall strategic execution of corporate security roadmaps that safeguards company data and systems against evolving cybersecurity threats. Other responsibilities include collaborating across the health system to develop an incident command structure and plan, balancing security risk management with cost-effective decision-making to support business and care delivery priorities and fostering a culture of security awareness and continuous improvement throughout the organization.

The Vice President of Information Security/CISO must exhibit a blend of leadership qualities. The CISO acts as a thought leader and strategic thinker, capable of anticipating future challenges and developing and executing security roadmaps in collaboration with various teams and peers. Leads and mentors their team, committed to team member accountability, collaboration, growth and development. An effective communicator who disseminates information, builds trust, and supports stakeholders across the organization. Appropriately scales the security program in anticipation of changing risks. A decisive leader capable of making critical decisions and executing under pressure. A continuous learner dedicated to staying updated on the latest security trends, threats, and technologies.

Certifications:

• Certified Information Systems Security Professional (CISSP)

Education:

• Bachelor's Degree: Computer Science or related

Work Experience:

• Leadership in Information Cyber Security - 5+ years (healthcare preferred)

• Develops, implements and monitors a strategic, comprehensive enterprise information security risk management program using a risk-based approach.
• Drives the development and execution of a comprehensive information security strategy and incident response roadmap and plan that aligns with business goals and industry best practices.
• Lead and partners with operations across the system to develop, modify and maintain organizational incident response plans to include a comprehensive ransomware event plan.
• Provide regular reporting on the current status of the information security program to executive leadership and board members.

• Collaborates with senior management and key business stakeholders (audit & risk, legal, compliance, operations, IT) to align initiatives and resources to meet overall business objectives.
• Engages with corporate and external auditors, compliance and legal teams to ensure compliance with internal plans, laws and regulations, including privacy and others, as needed.
• Establishes and enforces robust information security policies, standards, and procedures, ensuring adherence across the organization.
• Effectively leads incident response efforts in the event of a cybersecurity breach or incident, including coordinating with internal teams and external stakeholders to mitigate the impact and ensure timely resolution and communication.

• Oversees a program that evaluates the security posture of third-party vendors and partners and ensuring that appropriate security measures are in place to protect shared data and resources.
• Defines security requirements and manages security risks associated with third party vendors to ensure compliance with organizational standards.
• Working knowledge of Health Insurance Portability and Accountability Act (HIPAA), National Institute of Standards and Technology ("NIST") Cybersecurity Framework, Payment Card Industry ("PCI"), Information Technology Infrastructure Library, and Information Security Best Practices.
• Working knowledge of security technologies such as SIEM, endpoint detection and response, network protection (IPS, NAC, firewalls), vulnerability management, identity management, etc.
• Strong understanding of cloud security and experience with cloud service providers (AWS, Azure, etc.) and Artificial Intelligence as it relates to healthcare entities.

• Provides strong leadership to the various team members through mentoring, career development, interpersonal skills, and enabling leadership skills.
• Exhibits effective team leadership and collaboration skills, with the ability to work effectively with others through conflicting pressures and priorities while resolving complex issues.
• Establishes a culture of high performance, productivity, creativity, and innovation.
• Stays informed on the evolving landscape of security and technology to continuously improve security practices, policies, and awareness.
• Performs other duties assigned.

Find it here.

Discover the job, the career, the purpose you were meant for. The supportive and inclusive team where you can thrive. The place where growth meets balance - and opportunities meet flexibility. Find it all at Carle Health.

Based in Urbana, IL, Carle Health is a healthcare system with nearly 16,600 team members in its eight hospitals, physician groups and a variety of healthcare businesses. Carle BroMenn Medical Center, Carle Foundation Hospital, Carle Health Methodist Hospital, Carle Health Proctor Hospital, Carle Health Pekin Hospital, and Carle Hoopeston Regional Health Center hold Magnet designations, the nation's highest honor for nursing care. The system includes Methodist College and Carle Illinois College of Medicine, the world's first engineering-based medical school, and Health Alliance. We offer opportunities in several communities throughout central Illinois with potential for growth and life-long careers at Carle Health.

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class. Carle Health participates in E-Verify and may provide the Social Security Administration and, if necessary, the Department of Homeland Security with information from each new employee's Form I-9 to confirm work authorization. | For more information: human.resources@carle.com.