Chief Information Security Officer (CISO)

Description

Job Description

Med Tech Solutions (MTS) is a leading healthcare technology company focused on delivering innovative technology solutions that improve the ability to provide patient care and support our health care providers. We work exclusively with healthcare organizations across the United States, providing comprehensive and cost-effective HIT and cloud solutions. Many of our staff have extensive experience working in healthcare – that’s helped MTS provide a deep bench of IT expertise to a client base that includes community health centers, ambulatory and specialty clinics, integrated networks, associations, and other healthcare-focused organizations. Please visit (www.medtechsolutions.com) for more background information.

MTS is growing! We are seeking a Chief Information Security Officer (CISO) to join our team. This position will be responsible for maintaining a corporate-wide Cybersecurity Program to ensure that MTS and client assets are adequately protected. The CISO will play a critical role in developing and implementing the organization's information security strategy, ensuring compliance with HITRUST and HIPAA standards, and managing security risks. This role will further develop Security Product including MTS HIPAA Security Consulting Services, along with related Marketing and Sales plans to grow the business while addressing client security needs. This position may be remote.

Essential Duties And Responsibilities

• Develop and implement a strategic, comprehensive Cybersecurity Program that aligns with HITRUST, HIPAA and other relevant standards such as NIST and CIS.
• Oversee the development, implementation, and maintenance of security/technical policies and procedures.
• Conduct risk assessments and implement risk mitigation strategies. Ensure all employees, contractors, partners, and other third parties receive required security and HIPPA training.
• Identify, analyze and document IT-related risks and control exceptions across the enterprise and propose mitigation plans to the Executive Leadership team.
• Manage and lead the Security Incident Response Team.
• Partner with business leadership and product development to help deliver effective cybersecurity solutions to clients that protect against threats, propel transformation, and drive growth.
• Provide internal audits to ensure compliance with HITRUST controls. Evaluate the processes, procedures and tools used to review and test information system controls and security across multiple business systems and third-party supplier IT systems, including hybrid cloud solutions.
• Provide regular reports on the organization’s cybersecurity program and material risks to the board of directors.
• Conduct regular training a awareness programs for staff on security best practices and compliance requirements.
• Maintain an accurate inventory of all individuals with access to confidential information and all uses and disclosures of such information.
• Act as a liaison to the information systems department to ensure alignment between security and privacy practices.
  
  

Requirements

• Minimum 8 -12 years broad information security experience including background in Healthcare and HITRUST / HIPAA expertise.
• Previous experience as corporate CISO, or Deputy CISO.
• Experience with HIPAA, HITRUST, SOC2, CIS, ISO 27001, NIST 800-53, PCI DSS, SSAE 18, MITRE ATT&CK, and/or other risk-centric standards and frameworks desirable.
• CISM, CISA, CISSP, CHPSE, HCISSP, Security+, CRISC, CGEIT, or other relevant certifications desired.
• Excellent oral, written communication, and presentation skills with an ability to present security- related concepts to C-Level Executives and non-technical audience. Expertise delivering webinars and other public speaking engagements.
• Extensive background in all aspects of IT architecture, private/public cloud and infrastructure security principles, and application security.
• Strong financial and business acumen with understanding of a multi-faceted business operation.
• Strong influencing skills to get things done and inspire business transformation
• evolving work environment.