Chief Information Security Officer

Chief Information Security Officer

Remote

The Chief Information Security Officer (CISO) is responsible for establishing, leading, and maintaining the organization's enterprise-wide information security program. This role ensures the confidentiality, integrity, and availability of company data, systems, and infrastructure while supporting business growth in a highly regulated healthcare environment.

The CISO serves as the senior security leader for the organization, responsible for security strategy, risk management, compliance, incident response, and security operations. This role works closely with executive leadership, DevOps, business development, legal, and external auditors to ensure compliance with healthcare and international security standards, including HITRUST, HIPAA, SOC 2 Type II, NIST, and ISO.

Company Overview

We provide solutions that make a meaningful difference in healthcare. Founded in 1995, MIE serves as the innovation engine for business units that serve hospitals and health systems, physician practices, Fortune 500 employers, government agencies, and consumers. MIE's web-based health information technology platform is helping physicians, nurses, and administrators make a meaningful difference in healthcare delivery across the globe.

Key Responsibilities

• Strategic Security Leadership:
• Develop and implement the organization's information security strategy.
• Provide regular security updates to the CIO, other executives, and the board of directors, including presentations on security matters.
• Represent the organization in security-related matters with external parties, including vendors and auditors.
• Work closely with the CIO and operate as a member of the DevOps team to emphasize and implement our security initiatives.
• Risk Management:
• Conduct regular risk assessments and vulnerability scans using tools like Rapid7 IVM and internal tracking systems.
• Oversee the development and implementation of incident response plans and conduct tabletop exercises with DevOps team members.
• Compliance and Audit:
• Ensure compliance with relevant regulations and standards, including HITRUST, NIST, DirectTrust, HIPAA, and SOC 2 (Type II), ISO.
• Manage internal and external security audits, including evidence collection and preparation.
• Oversee the evidence collection process for audits, working with third-party auditors for response submission.
• Work closely with business development and legal to assist with security compliance requirements.
• Assist with identifying and implementation of international security compliance.
• Policy and Procedure Development:
• Develop, review, and update information security policies and procedures, such as the Vulnerability and Patch Management Procedure and Data Center Access Procedure.
• Ensure policies are communicated and enforced throughout the organization, including through security awareness training.
• Security Operations:
• Participate in the day-to-day operations of the security team and manage security tools and technologies, including Check Point, SentinelOne, and intrusion detection systems.
• Monitor security alerts and respond to incidents, including phishing attempts reported through the various tools.
• Team Management:
• Lead and mentor the security team, reviewing tasks and responsibilities working closely with the DevOps team members.
• Vendor Management:
• Evaluate and manage security vendors, including VDA Labs, KnowBe4, reviewing security agreements and contracts.
• Perform vendor audits and maintain required documentation.
• Security Awareness:
• Develop and deliver security awareness training to employees, including utilizing KnowBe4, TalentLMS and internal training programs.
• Provide onboarding training for new employees.
• Budgeting and Planning:
• Develop and manage the security budget, planning and prioritizing security projects, including funding for tools and conferences.
• Sales and Business Development:
• Perform first pass responses to RFI/RFP for new business deals working closely with the sales team

Required Qualifications

• Education: Bachelor's degree or equivalent work experience.
• Experience: 10+ years of experience as a CISO or similar role, with at least 3 years of security-related leadership. Proven background in systems administration. Experience leading teams.
• Certifications: Certified Information Systems Security Professional (CISSP) required.
• Skills & Knowledge: Expertise in vulnerability testing, penetration testing, and developing security practices. Knowledge of standards-based architecture, compliance monitoring, and enforceability. Strong leadership skills with the ability to motivate and guide teams. Experience in healthcare or other highly-regulated environments.

Preferred Qualifications

• Experience in healthcare or other highly-regulated industries.

Base salary range: $145,000-$170,000

Why Join Us?

At MIE and Enterprise Health, we offer more than just a job. We provide an environment where innovative thinking is encouraged, teamwork is valued, and growth is fostered. Our comprehensive benefits package includes:

• Competitive compensation
• Comprehensive benefits package including medical/dental/vision insurance
• 401k with company match
• Unlimited Paid-Time off
• Quarterly bonus program
• Flexible work schedule
• Remote work

Medical Informatics Engineering and Enterprise Health are equal-opportunity employers. We celebrate diversity and are committed to creating an inclusive environment for all employees.