Business Information Security Officer
Company: ConsultNet
Location: Danbury
Posted on: June 22, 2022
|
|
Job Description:
Title: - -Business Information Security Officer Location: -
Danbury, CT Direct Hire w/Client - Summary The Business Information
Security Officer (BISO), is a senior member of the IT Governance,
Risk & Compliance team and works closely with the other members of
the Information Security team to further develop and mature a
comprehensive information - security program. The BISO will work
with the IT, Security, and Organization teams to embed security
into strategic plans and - operations. This person will be the
primary contact for security risk-related concerns with internal
stakeholders and third-party - vendors. Their day-to-day
responsibilities include partnering with the technology teams and
vendors to ensure that product - security requirements are
evaluated and prioritized (at both the system and application
levels), and security best practices are part of the technology
life cycle from beginning to end. - This person must be technical
with a focus on security. He or she must have good communication
and priority management skills and be comfortable reporting out to
and working with senior executives on key strategic initiatives, as
well as coordination of business continuity planning. He or she
needs to be able to clearly state the impact of security risk to
the business, and must also feel comfortable being an evangelist
for security and enjoy working with other technologists. -
Responsibilities Provide strategic consultation and thought
leadership to business and technology leadership regarding
information security - requirements and risks, and assist with
prioritization and investment decisions based on organizational
strategy. Maintain and provide reporting on business-related
security issues, projects, and metrics on a regular cadence,
aligned with - enterprise cadence and processes. Participate in and
facilitate relevant reporting and governance forums (e.g., steering
and risk committees) to provide robust - security and risk updates
to local leadership. Lead security and privacy efforts, including
audits, required to maintain compliance with relevant standards and
regulations - (e.g., HIPAA, HITRUST, PCI); drive and govern any
mitigation work related to findings. Stay ahead of emerging
regulations and - requirements and ensure they are included in
corporate roadmaps. Support business-facing teams as necessary,
including answering ad-hoc questions, completing questionnaires,
and joining - project calls. Be the accountable point of contact
for any security escalations across the region and manage/report on
any resulting work - efforts through completion, partnering, and
escalating as necessary (e.g., incident response, critical
vulnerability patching). Provide input to the IT GRC strategy and
program roadmap; evaluate, prioritize and execute program
initiatives. Responsible for the execution of risk assessment
activities, including third-party (vendor) security assessments,
analyzing the - results of audits (performed by other groups) to
produce recommendations of acceptable risk and risk mitigation
strategies. Evaluate systems for compliance with security
requirements: applying risk analysis methodologies; making
recommendations - regarding alternate solutions; and implementing
corrective action, when necessary. Performs risk analysis on
business process flows and affected systems for compliance with
regulations and policies. Provides oversight and management of
audit finding remediation, including generating requirements for
full remediation, - providing feedback and suggestions on
managerial responses to findings, and tracking progress, and
providing status and - updates to the enterprise compliance team
for reporting purposes. Maintains an awareness of existing and
proposed security-standard-setting groups, state and federal
legislation, and regulations - pertaining to information security.
Identifies regulatory changes that will affect information security
policy, standards, and - procedures, and recommends appropriate
changes. Evaluates, develops, and implements computer-based
security solutions to support business needs and ensure ongoing -
regulatory compliance and security best practices. Coordinate with
Business and IT leaders to ensure ongoing activities related to the
definition, development, coordination, - testing, and maintenance
of the Organization's Business Continuity Plans (BCP) and IT's
Disaster Recovery Plans (DRP). - Perform additional duties as
assigned. - Other Information --- Extensive experience working with
information security practices, networks, software, and hardware.
--- Extensive background with hospital systems and programs. ---
Demonstrated experience in computer security combined with risk
analysis, audit, and compliance standards. --- Extensive knowledge
of government regulations as they pertain to the healthcare
industry. A strong process-oriented individual with experience in
ITIL concepts, NIST, CIS CSC, and/or HITRUST common security -
frameworks. --- Experience with GRC framework and/or tools ---
Ability to communicate clearly and concisely (both written and
verbal, presentation and interpersonal skills) required. ---
Demonstrated leadership and management experience Ability to
establish credibility and working relationships with a wide range
of corporate personnel, including operations, management,
executive, and legal staff as well as external personnel, including
auditors and regulators. --- Excellent conceptual, organizational,
analytical, and problem-solving skills are required. --- Superior
analytical, evaluative, and problem-solving abilities. --- Ability
to present ideas in business-friendly and user-friendly language.
--- Exceptionally self-motivated, directed, and detail-oriented.
--- Ability to set and manage priorities judiciously and accept
responsibility willingly. Be available on an on-call basis to
respond to pending issues or problems arising during non-business
hours and provide support -and response. --- CISSP, CISA, or Other
Senior Level Information Security Certification Preferred. ---
Project Management certification is a plus. - Be a part of the
ConsultNet difference. As a leading national provider of IT
staffing and solutions, ConsultNet delivers exceptional services to
startup, midmarket and Fortune 1000 companies across North America.
Since 1996, we've partnered with clients to create rewarding
opportunities for our consultants, successfully building teams that
have surefire results. In the past two years alone, we have placed
more than 1,500 consultants in contract, contract-to-hire, or
direct placement opportunities. We understand communication is key
to finding the right job that matches your skills and career goals.
For us, it's not just the work that we do; it's how we do the work.
Our breadth of offerings extends to multiple IT positions in major
markets throughout the country, see more at - www.consultnet.com
-
Keywords: ConsultNet, Danbury , Business Information Security Officer, Other , Danbury, Connecticut
Click
here to apply!
|