Surescripts
Director Business Information Security Officer
Surescripts, Minneapolis, Minnesota, United States, 55400
Director Business Information Security Officer page is loaded## Director Business Information Security Officerlocations:
United States:
Raleigh, North Carolina:
Minneapolis, Minnesota:
Arlington, Virginiatime type:
Full timeposted on:
Posted 7 Days Agojob requisition id:
REQ2940Surescripts serves the nation through simpler, trusted health intelligence sharing, in order to increase patient safety, lower costs and ensure quality care. We deliver insights at critical points of care for better decisions — from streamlining prior authorizations to delivering comprehensive medication histories to facilitating messages between providers.**Job Summary:**The Director Business Information Security Officer (BISO) reports to the VP, Chief Information Security Officer (CISO) and acts as the primary liaison between Surescripts business units and the Information Security team. The BISO is responsible for understanding the unique business needs and risks of the organization and aligning them with security strategies and initiatives. The BISO plays a critical role in ensuring new products are launched with information security requirements embedded that align with company and information security policies and standards.The BISO will aid in the development, implementation and awareness of information security policies, manage risk, and ensure compliance with regulatory requirements. The BISO plays a crucial role in fostering a culture of security awareness and ensures that security measures are integrated into business processes. The BISO will be responsible for day-to-day operations to support and augment the CISO’s overall responsibilities. The BISO plays a key leadership role in supporting the business and external customers. The BISO ensures business decisions are not obstructed by cybersecurity but instead are made using sound security principles and supporting corporate security policies and plans.# **Responsibilities:**
• Serve as a trusted advisor to the business on information security matters.
• Work closely with Information Security leadership overseeing Identity and Access Management, Fraud and Crisis Management, merger and acquisition activities and any new business initiatives.
• Keep abreast of current activity within the IAM and Fraud and Crisis teams and partner with team members for success.
• Foster strong, collaborative relationships with internal business partners and external entities to maintain a strong network.
• Enforce and influence strong security culture set forth by the CISO, ensuring uniformity across business units and employees.
• Advise organization on enterprise-wide process and technology security recommendations.
• Proactively gather and share pertinent information to effectively lead/engage in daily information security operations.
• Lead the development and execution of crisis management plans and procedures.
• Collaborate with external health care technology vendors, pharmacy partners, law enforcement, governmental entities and / and IT teams to ensure secure e-prescribing processes are being followed.
• Assist with creating the Information Security department budget, monitoring expenditures, and ensuring alignment with the overall department budget.
• Review customer contracts for appropriate information security language and requirements in partnership with Commercial Legal and Procurement.
• Hold security leadership and teams accountable to consistently learn and share advanced knowledge and practices that promote excellence with the information security teams.
• Maintain an up-to-date level of knowledge relating to security threats, vulnerabilities, and mitigations set forth to reduce the corporate attack surface.
• Lead security projects and ensure they are delivered on time and within budget.
• Proactively identify and remove complexity and obstacles that hinder efficient security controls enterprise wide.
• Stay abreast of new laws, regulations, and standards, and assess their impact to the business.
• Perform security due diligence for mergers, acquisitions, divestitures, and any new business initiatives.
• Serve as the CISO representative when the CISO is not available, including making decisions usually made by the CISO.# **Qualifications:****Basic Requirements:**
• Bachelor's degree in business administration, information assurance, or related technical field
• 10+ years of related, progressive experience in cybersecurity management with at least 8+ years in an operationally focused security practitioner role.
• 5+ years’ experience working with business leadership and with fiscal responsibilities.
• 3+ years’ experience working with product and/or data teams to ensure that security is woven into each product based on company policies and standards.
• 3+ years of experience handling tough conversations with customers.
• 3+ years of people management/leadership experience.
• Strong written and verbal communication skills across all levels of the organization.
• Driven to build a strong, cohesive team and positive enterprise-wide security culture.
• Proven high integrity, trustworthiness and confidence, and ability to represent the company and security leadership with the highest level of professionalism.
• Ability to effectively manage stress in a constantly changing environment.
• Strategic vision and ability to successfully collaborate with and influence others.
• Strong project management and organizational skills.
• Proven experience with National Institute of Technology (NIST) standards or California Consumer Privacy Act (CCPA) or Health Information Portability and Accountability Act (HIPAA) or HITRUST or SOC2
• Demonstrated understanding and comprehension of a wide range of cybersecurity solutions.**Preferred Qualifications:**
• Master’s or other advanced degree (MBA, information assurance, computer science, etc.)
• 8+ years of related security systems administration.
• Relevant certification/s such as CISSP, CISM, CRISC, CISA, or similar.
• Experience with agile methodology and ability to negotiate to get work prioritized.
• Experience using AI for business improvements.
• Experience in a similar role with large, complex organization/s.
• Experience in the healthcare industry.**Travel:** Within the U.S. as needed for meetings etc.#LI-REMOTESurescripts embraces flexibility through its Flexible Hybrid Work model for most positions. This model allows employees to work virtually while still utilizing our offices as collaboration centers. With alignment and agreement from your leadership, you can come and go from the office as needed.To be considered for employment, applicants must have a valid U.S. work authorization allowing work without restrictions with Surecripts in the U.S. At this time, we are unable to provide support or provide sponsorship for immigration benefits such as work visas. Additionally, we do not participate in academic training programs or work-study programs through an academic institution that require employer endorsement of F-1/CPT or F-1/STEM.# **What You’re Like**You’re technical. Analytical. Imaginative. Maybe you’re building your own crypto-mining rig—or not. Either way, your mind works to anticipate vulnerabilities and protect the company and its information against those vulnerabilities. You do the right thing because it’s the right thing without seeking to point fingers or brag. And of course, you’re always willing to keep learning. # **What We’re Like**We’re a team of friendly folks who do serious work. Our best work is done by rising to the occasion under stress, but we keep each other cool under pressure. We’re a tight team but we also look for ways to partner across the business. Our style is casual and laid back, but we shoulder our responsibility to protect patient data from sophisticated adversaries, which sometimes means delivering a difficult #J-18808-Ljbffr
United States:
Raleigh, North Carolina:
Minneapolis, Minnesota:
Arlington, Virginiatime type:
Full timeposted on:
Posted 7 Days Agojob requisition id:
REQ2940Surescripts serves the nation through simpler, trusted health intelligence sharing, in order to increase patient safety, lower costs and ensure quality care. We deliver insights at critical points of care for better decisions — from streamlining prior authorizations to delivering comprehensive medication histories to facilitating messages between providers.**Job Summary:**The Director Business Information Security Officer (BISO) reports to the VP, Chief Information Security Officer (CISO) and acts as the primary liaison between Surescripts business units and the Information Security team. The BISO is responsible for understanding the unique business needs and risks of the organization and aligning them with security strategies and initiatives. The BISO plays a critical role in ensuring new products are launched with information security requirements embedded that align with company and information security policies and standards.The BISO will aid in the development, implementation and awareness of information security policies, manage risk, and ensure compliance with regulatory requirements. The BISO plays a crucial role in fostering a culture of security awareness and ensures that security measures are integrated into business processes. The BISO will be responsible for day-to-day operations to support and augment the CISO’s overall responsibilities. The BISO plays a key leadership role in supporting the business and external customers. The BISO ensures business decisions are not obstructed by cybersecurity but instead are made using sound security principles and supporting corporate security policies and plans.# **Responsibilities:**
• Serve as a trusted advisor to the business on information security matters.
• Work closely with Information Security leadership overseeing Identity and Access Management, Fraud and Crisis Management, merger and acquisition activities and any new business initiatives.
• Keep abreast of current activity within the IAM and Fraud and Crisis teams and partner with team members for success.
• Foster strong, collaborative relationships with internal business partners and external entities to maintain a strong network.
• Enforce and influence strong security culture set forth by the CISO, ensuring uniformity across business units and employees.
• Advise organization on enterprise-wide process and technology security recommendations.
• Proactively gather and share pertinent information to effectively lead/engage in daily information security operations.
• Lead the development and execution of crisis management plans and procedures.
• Collaborate with external health care technology vendors, pharmacy partners, law enforcement, governmental entities and / and IT teams to ensure secure e-prescribing processes are being followed.
• Assist with creating the Information Security department budget, monitoring expenditures, and ensuring alignment with the overall department budget.
• Review customer contracts for appropriate information security language and requirements in partnership with Commercial Legal and Procurement.
• Hold security leadership and teams accountable to consistently learn and share advanced knowledge and practices that promote excellence with the information security teams.
• Maintain an up-to-date level of knowledge relating to security threats, vulnerabilities, and mitigations set forth to reduce the corporate attack surface.
• Lead security projects and ensure they are delivered on time and within budget.
• Proactively identify and remove complexity and obstacles that hinder efficient security controls enterprise wide.
• Stay abreast of new laws, regulations, and standards, and assess their impact to the business.
• Perform security due diligence for mergers, acquisitions, divestitures, and any new business initiatives.
• Serve as the CISO representative when the CISO is not available, including making decisions usually made by the CISO.# **Qualifications:****Basic Requirements:**
• Bachelor's degree in business administration, information assurance, or related technical field
• 10+ years of related, progressive experience in cybersecurity management with at least 8+ years in an operationally focused security practitioner role.
• 5+ years’ experience working with business leadership and with fiscal responsibilities.
• 3+ years’ experience working with product and/or data teams to ensure that security is woven into each product based on company policies and standards.
• 3+ years of experience handling tough conversations with customers.
• 3+ years of people management/leadership experience.
• Strong written and verbal communication skills across all levels of the organization.
• Driven to build a strong, cohesive team and positive enterprise-wide security culture.
• Proven high integrity, trustworthiness and confidence, and ability to represent the company and security leadership with the highest level of professionalism.
• Ability to effectively manage stress in a constantly changing environment.
• Strategic vision and ability to successfully collaborate with and influence others.
• Strong project management and organizational skills.
• Proven experience with National Institute of Technology (NIST) standards or California Consumer Privacy Act (CCPA) or Health Information Portability and Accountability Act (HIPAA) or HITRUST or SOC2
• Demonstrated understanding and comprehension of a wide range of cybersecurity solutions.**Preferred Qualifications:**
• Master’s or other advanced degree (MBA, information assurance, computer science, etc.)
• 8+ years of related security systems administration.
• Relevant certification/s such as CISSP, CISM, CRISC, CISA, or similar.
• Experience with agile methodology and ability to negotiate to get work prioritized.
• Experience using AI for business improvements.
• Experience in a similar role with large, complex organization/s.
• Experience in the healthcare industry.**Travel:** Within the U.S. as needed for meetings etc.#LI-REMOTESurescripts embraces flexibility through its Flexible Hybrid Work model for most positions. This model allows employees to work virtually while still utilizing our offices as collaboration centers. With alignment and agreement from your leadership, you can come and go from the office as needed.To be considered for employment, applicants must have a valid U.S. work authorization allowing work without restrictions with Surecripts in the U.S. At this time, we are unable to provide support or provide sponsorship for immigration benefits such as work visas. Additionally, we do not participate in academic training programs or work-study programs through an academic institution that require employer endorsement of F-1/CPT or F-1/STEM.# **What You’re Like**You’re technical. Analytical. Imaginative. Maybe you’re building your own crypto-mining rig—or not. Either way, your mind works to anticipate vulnerabilities and protect the company and its information against those vulnerabilities. You do the right thing because it’s the right thing without seeking to point fingers or brag. And of course, you’re always willing to keep learning. # **What We’re Like**We’re a team of friendly folks who do serious work. Our best work is done by rising to the occasion under stress, but we keep each other cool under pressure. We’re a tight team but we also look for ways to partner across the business. Our style is casual and laid back, but we shoulder our responsibility to protect patient data from sophisticated adversaries, which sometimes means delivering a difficult #J-18808-Ljbffr