Title: Business Information Security Officer
Location: Danbury, CT
Direct Hire w/Client
The Business Information Security Officer (BISO), is a senior member of the IT Governance, Risk & Compliance team and works
closely with the other members of the Information Security team to further develop and mature a comprehensive information security program.
The BISO will work with the IT, Security, and Organization teams to embed security into strategic plans and operations. This person will be the primary contact for security risk-related concerns with internal stakeholders and third-party vendors. Their day-to-day responsibilities include partnering with the technology teams and vendors to ensure that product security requirements are evaluated and prioritized (at both the system and application levels), and security best practices are part of the technology life cycle from beginning to end.
This person must be technical with a focus on security. He or she must have good communication and priority management skills and be comfortable reporting out to and working with senior executives on key strategic initiatives, as well as coordination of business continuity planning. He or she needs to be able to clearly state the impact of security risk to the business, and must also feel comfortable being an evangelist for security and enjoy working with other technologists.
Provide strategic consultation and thought leadership to business and technology leadership regarding information security requirements and risks, and assist with prioritization and investment decisions based on organizational strategy.
Maintain and provide reporting on business-related security issues, projects, and metrics on a regular cadence, aligned with enterprise cadence and processes.
Participate in and facilitate relevant reporting and governance forums (e.g., steering and risk committees) to provide robust security and risk updates to local leadership.
Lead security and privacy efforts, including audits, required to maintain compliance with relevant standards and regulations (e.g., HIPAA, HITRUST, PCI); drive and govern any mitigation work related to findings. Stay ahead of emerging regulations and requirements and ensure they are included in corporate roadmaps.
Support business-facing teams as necessary, including answering ad-hoc questions, completing questionnaires, and joining project calls.
Be the accountable point of contact for any security escalations across the region and manage/report on any resulting work efforts through completion, partnering, and escalating as necessary (e.g., incident response, critical vulnerability patching).
Provide input to the IT GRC strategy and program roadmap; evaluate, prioritize and execute program initiatives.
Responsible for the execution of risk assessment activities, including third-party (vendor) security assessments, analyzing the results of audits (performed by other groups) to produce recommendations of acceptable risk and risk mitigation strategies.
Evaluate systems for compliance with security requirements: applying risk analysis methodologies; making recommendations regarding alternate solutions; and implementing corrective action, when necessary.
Performs risk analysis on business process flows and affected systems for compliance with regulations and policies.
Provides oversight and management of audit finding remediation, including generating requirements for full remediation, providing feedback and suggestions on managerial responses to findings, and tracking progress, and providing status and updates to the enterprise compliance team for reporting purposes.
Maintains an awareness of existing and proposed security-standard-setting groups, state and federal legislation, and regulations pertaining to information security. Identifies regulatory changes that will affect information security policy, standards, and procedures, and recommends appropriate changes.
Evaluates, develops, and implements computer-based security solutions to support business needs and ensure ongoing regulatory compliance and security best practices.
Coordinate with Business and IT leaders to ensure ongoing activities related to the definition, development, coordination, testing, and maintenance of the Organization's Business Continuity Plans (BCP) and IT's Disaster Recovery Plans (DRP).
Perform additional duties as assigned.
• Extensive experience working with information security practices, networks, software, and hardware.
• Extensive background with hospital systems and programs.
• Demonstrated experience in computer security combined with risk analysis, audit, and compliance standards.
• Extensive knowledge of government regulations as they pertain to the healthcare industry.
A strong process-oriented individual with experience in ITIL concepts, NIST, CIS CSC, and/or HITRUST common security frameworks.
• Experience with GRC framework and/or tools
• Ability to communicate clearly and concisely (both written and verbal, presentation and interpersonal skills) required.
• Demonstrated leadership and management experience
Ability to establish credibility and working relationships with a wide range of corporate personnel, including operations,
management, executive, and legal staff as well as external personnel, including auditors and regulators.
• Excellent conceptual, organizational, analytical, and problem-solving skills are required.
• Superior analytical, evaluative, and problem-solving abilities.
• Ability to present ideas in business-friendly and user-friendly language.
• Exceptionally self-motivated, directed, and detail-oriented.
• Ability to set and manage priorities judiciously and accept responsibility willingly.
Be available on an on-call basis to respond to pending issues or problems arising during non-business hours and provide support and response.
• CISSP, CISA, or Other Senior Level Information Security Certification Preferred.
• Project Management certification is a plus.
Be a part of the ConsultNet difference. As a leading national provider of IT staffing and solutions, ConsultNet delivers exceptional services to startup, midmarket and Fortune 1000 companies across North America. Since 1996, we've partnered with clients to create rewarding opportunities for our consultants, successfully building teams that have surefire results.
In the past two years alone, we have placed more than 1,500 consultants in contract, contract-to-hire, or direct placement opportunities. We understand communication is key to finding the right job that matches your skills and career goals. For us, it's not just the work that we do; it's how we do the work. Our breadth of offerings extends to multiple IT positions in major markets throughout the country, see more at - www.consultnet.com