Location: Ithaca,NY, USA
GENERAL SUMMARY: We are new but mighty. Xtensys, a recently established managed service provider, delivers cutting-edge technology to health systems, starting in NY and expanding beyond. Owned by two industry leaders focused on innovation in rural and community health, we are rapidly growing with several major initiatives underway. We seek a skilled CISO to join our team of 500 and support our exciting journey. We value people and are building a culture to match. If you're a collaborative, innovative, and strategic leader, we'd love to talk. The Chief Information Security Officer (CISO) has the primary responsibility and authority for designing and implementing the Enterprise-wide Information Security Program and will consult with departments including, but not limited to, Information Services, Legal, Facilities, Human Resources, Finance, Privacy, Compliance, clinical and operational departments. To accomplish the primary goal of protecting ePHI, PII and PCI data assets, computer systems and networks in Xtensys's healthcare settings, the CISO will work with all Information Security and Information Technology employees. The successful candidate will have experience interacting with leadership, knowledgeable about Federal, State and local information security regulations and laws. Has the ability to package security initiatives to an audience's level of understanding and drive information security into all operations. CORPORATE PHILOSOPHY: It is the obligation of each employee of Xtensys to abide by and promote the mission and values of the organization to ensure that excellent services are delivered with compassion. PRINCIPAL DUTIES AND RESPONSIBILITIES: Provide executive leadership, vision and managerial oversight in development and implementation of a robust Information Security Program inclusive of state-of-the-art policies and processes that enable the organization to establish consistent, effective information security practices and minimize risk. Determine projects and priorities for all information security issues and establishes short- and long-range business plans to achieve the security vision defined in the system level vision and business strategies. Advises and educates management, senior staff, and Board regarding current and future IT security issues and security program developments. Updates may include written and/or in-person presentation on relevant information security topics, results of security risk assessments, and progress against approved corrective action plans. Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information that is owned, controlled or processed by the organization, its partners and business associates. Partners with the Xtensys leaders, as well as, all business, technology and clinical stakeholders, in the strategy, planning, and integration of all Information Security related activities for the organization. Contributes to professional organizations and their associated meetings by participating in and presenting information security topics. Manages vendor relationships, negotiates contracts, monitors billing, and resolves issues. Develops, reviews and updates Information Security department fiscal year operational and capital budget as necessary. Establishes collaborative relationships and coordinates resources with customer leadership and operational stakeholders. Monitors and evaluates system security backup and recovery procedures in partnership with the Chief Technology Officer. Interviews, hires, orients, trains, evaluates the performances of and, when necessary, disciplines and/or discharges department personnel. Provides direction, as necessary, to staff regarding sensitive and/or complex work, related problems, resolves complaints and responds to inquiries regarding department operations. KNOWLEDGE, SKILLS AND ABILITIES REQUIRED: Required Education and/or Experience: Master's degree in business or information technology. Ten to fifteen years of previous information technology experience. Knowledge of HIPAA, HITECH Act, GDPR, and PCI Compliance. Preferred Industry certifications such as HCISPP or CISM. A relatively high level of analytical ability is required. Incumbents must collect, analyze, and interpret data in order to solve problems requiring a professional level of knowledge in a specific discipline and/or design relatively complex clinical or administrative systems and programs. A high level of communication skills is required in order to provide advice and counsel in situations requiring judgment, timing and sensitivity to the needs and concerns of others. May serve as a spokesperson before professional or community groups. Work generally consists of activities, projects, or assignments where there is considerable decision-making authority regarding procedures, plans and schedules. #J-18808-Ljbffr