Chief Information Security Officer

The Chief Information Security Officer (CISO) is a senior-level management position responsible for overseeing CorVel's organization's information security and privacy. This person plays a crucial role in the organization, closely collaborating with the Legal, Executive Leadership, Information Technology, and Software Engineering teams to establish and achieve strategic information security and privacy objectives.

The CISO will lead, develop, and implement security and privacy policies and procedures, manage security technologies, and oversee security audits and awareness training. The ideal candidate will have extensive experience in information security, including experience with security risk management, incident response, and forensics.

The vision for CorVel security, privacy, and compliance efforts is to build programs that:

• Exemplify the highest levels of quality and integrity
• Drive highly cooperative efforts to address the highest risks efficiently
• Allocate resources to the maximum reduction in risk
• Inspire and foster a culture of security and privacy across the CorVel organization

Being CISO at CorVel requires someone pragmatic who values business enablement and cooperative leadership and oversight. The position works in partnership with a highly qualified and lean Security & Privacy team at CorVel whose goal is to protect data assets and enable business.

ESSENTIAL FUNCTIONS & RESPONSIBILITIES:

The essential functions include, but are not limited to the following:

• Serve as the company's lead information security officer, overseeing all security and privacy initiatives, policies, and procedures
• Develop and implement information security strategies, including vulnerability assessments, penetration testing, and cybersecurity awareness and training
• Perform risk assessment and vulnerability analysis including teal-time analysis and triage of emergent threats
• Keeping abreast of developing security threats and advising management on appropriate countermeasures
• Promote the company's information security reputation and serve as a security subject matter expert, supporting IT and development teams, the Board of Directors, and customer meetings as required
• Develop and maintain the Company's Security Policies, Procedures and standards including evaluation and compliance with security measures, Disaster Recovery and Emergency operating procedures, Security Incident Response and process protocols including Incident Reporting and Sanctions and Testing of security procedures, mechanisms, and measures
• Maintain appropriate security measures and mechanisms to guard against unauthorized access to electronically stored and /or transmitted data and protect against reasonably anticipated threats and hazards
• Oversee and/or assist in performing ongoing security monitoring of organization information systems, including assessing information security risk periodically as well as conducting functionality and gap analyses to determine the extent to which key business areas and infrastructure comply with statutory and regulatory requirements

• Lead internal security risk management program across the enterprise supporting security, privacy, audit, and compliance activities
• Program management: Keeping ahead of security needs by implementing programs or projects that mitigate risks
• Security architecture: Planning, buying, and rolling out security hardware and software, and ensuring IT and network infrastructure is designed with best security practices in mind
• Drive 3 party supplier risk management program
• Manage critical security programs, including application security, business continuity, vulnerability management, and penetration testing programs
• Respond to customer and prospect security information requests

MINIMUM QUALIFICATIONS (KNOWLEDGE & SKILLS, & ABILITIES)

• 10+ years of experience in information security
• 5+ years of project leadership experience
• Specific experience with one or more of the following areas: penetration testing, application security, vulnerability management, security risk management, security and privacy incident management

• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs
• Deep knowledge and experience with relevant IT and security technologies
• Experience with HIPAA, HITRUST, SOC1,2,3, SOX, NIST 800-53/CSF, or other relevant frameworks
• Notable cloud security experience
• Outstanding written and spoken communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences

EDUCATION:

• Bachelor's degree in computer science, Cybersecurity, Information Technology, or other related field or equivalent experience

• Certification of CCISO, CISSP, CISM, SANS, GIAC, CISM

PAY RANGE:

CorVel uses a market based approach to pay and our salary ranges may vary depending on your location. Pay rates are established taking into account the following factors: federal, state, and local minimum wage requirements, the geographic location differential, job-related skills, experience, qualifications, internal employee equity, and market conditions. Our ranges may be modified at any time.

For leveled roles (I, II, III, Senior, Lead, etc.) new hires may be slotted into a different level, either up or down, based on assessment during interview process taking into consideration experience, qualifications, and overall fit for the role. The level may impact the salary range and these adjustments would be clarified during the offer process.

Pay Range: $37,394 - $55,997

A list of our benefit offerings can be found on our CorVel website: CorVel Careers | Opportunities in Risk Management

In general, our opportunities will be posted for up to 1 year from date of posting, or until we have selected candidate(s) to fulfill the opening, whichever comes first.

Equal Opportunity Employer
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.