Vice President, Chief Information Security Officer (CISO)

ID 2021-8709
ITS Building
Work Location
Division : Name
Department : Name
Position Sub-Category
Position Type
Full Time
Employment Type
Work Hours
Provider Schedule (specific schedule)
Monday-Friday, 8:00 AM - 5:00 PM
On call Required
Sub Category


The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the digital environment in which we operate. The CISO is responsible for evaluating and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives. Proactively works with organizational leaders and partners to implement practices that meet policies and standards for information security and will be responsible for implementing and running the enterprise information security program. Serves as the process owner of the appropriate second-line assurance activities not only related to confidentiality, integrity and availability, but also to the safety, privacy and recovery of information owned or processed by Cone Health in compliance with regulatory requirements. A key element of the CISO's role is working with executive management to determine acceptable levels of risk for the organization. Therefore, must be knowledgeable about both internal and external business environments and ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory and contractual obligations.

Talent Pool:  Leadership


1. Security Operations and Policies Enforcement:

Lead the information security function across the organization, ensuring consistent information security management that is supportive of the business goals. Manage and maintain ongoing information security awareness training for all employees. Lead a security champion program to mobilize employees in all locations. Determine information security model and approach with risk management approaches and compliance to non-digital risk areas. Communicate with external agencies (law enforcement, advisory bodies) that have identified threats in order to maintain a strong security posture for the organization. Maintain a secure process for managing and containing information security incidents that will protect assets, intellectual property, regulated data and the reputation of Cone Health. Collaborate with compliance staff and privacy officer to ensure all information owned, collected and controlled by Cone Health is stored and handled in accordance with laws and regulatory and privacy requirements. Assist with the identification of non-IT managed IT services and facilitate a corporate IT onboarding program to bring these services in scope of the IT function. Ensure risk is reduces to an appropriate level and ownership of this information security risk is clear and documented. Build the internal networks between the information security team and organizational executives, as well as nurture the external networks of industry peers, vendors and partners. Oversee technology dependencies outside of direct organizational control by reviewing contracts and providing alternative management of risks. Facilitate the development of asset inventories to include those within the cloud services and in other parties within the organization.


2. Framework Development:

Develop and maintain an information security management framework that is unified and flexible in integrating the wide variety of standard and regulated requirements. Develop and maintain document, metric and reporting frameworks to ensure up-to-date information, policies, standards, guidelines and to measure efficiency and effectiveness of programs. Work with business units to facilitate information security risk assessments and management processes that empower the business units to own and accept the risk level they deem appropriate for their area. Create a process for the assessment and mitigation of risk related to security organization, consisting of vendors, consumers, third parties and others.


3. Strategic Leadership:

Develop and implement a strategic, comprehensive information security program to ensure confidentiality, integrity, safety and privacy. This includes the recovery of information assets that is owned or processed by Cone Health. Develop organizationally aligned vision and strategy for information security that enables the organization to reach business objectives and strategic priorities.


4. Management Functions:

Manage, monitor and report the budget and discrepancies for the information security function. Manage direct reports and dotted line reports, to include hiring, training, staff development and performance management. Establish security governance process and practices




Bachelor's degree in Information Security, Computer Science, Management of Information Systems or related field


Master's degree in Information Security, Computer Science, Management of Information Systems or related field


7 years appropriate background in multiple IT and Cybersecurity areas such as networking, architecture, security design, incident response, systems architectures, risk management

5 years managing or directing and IT and/or security operation

5 years demonstrable experience in implementing strategic plans and managing an information security program

5 years knowledge and demonstrated experience of relevant legal and regulatory requirements, such as HITRUST, SOC-2, HITECH, HIPAA Privacy & Security and other CMS regulations and guidelines




Professional security management certifications (CISSP, CISA, or CISM)


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Need help finding the right job?

We can recommend jobs specifically for you! Click here to get started.