This position is responsible for leading a team of security professionals to refine the definition, guidance and alignment of eviCore's information security audit and assurance functions. This includes management and transformation of eviCore's security policies and standards, development of an information security controls assurance program as well as leading the SOC2 and HITRUST attestations. Additional duties include leading the Identify and Access Management function as well as coordinating and managing the security posture and deliverables of internal and external service providers of eviCore.
Lead internal security audits, external vendor audits and customer audits to ensure compliance with all relevant policies, procedures and regulations.
Advance eviCore's compliance with the HITRUST Common Security Framework
Lead the organizations effort to develop, refine and publish information security policies, procedures, standards and guidelines.
Actively participates in committees as security representative, responds to RFP's, and assess all potential new vendors for security risk.
Lead or act as a key stakeholder in the implementation of related security products including GRC, IAM and PUMA
Lead security staff in perform access management for applications, servers and databases
Mentor and lead a team of security engineers both onshore and offshore to ensure quality deliverables
Support CISO in the creation of an enterprise IT security scorecard
Support CISO with development of security product and service roadmaps, budget plans and staffing requirements.
Minimum Experience Required
BA/BS degree in MIS/Computer Science or related degree strongly preferred
Minimum 8-10 years in IT security, healthcare domain a plus
Specific years of experience may serve as substitution in some areas
Experience in security risk assessment and internal security consulting
Strong capability to work and partner with key business leads to understand business strategies and drive business results
Ability to evangelize change, to guide, mentor and grow security professionals and to integrate people, team and processes
Ability to travel domestically and internationally as needed
Demostrated ability to delegate and empower others
IT security and general controls audit and assessments
Knowledge/experience in HITRUST CSF
IT policy management
Knowledge/experience on security tools including governance, risk and compliance tools a plus
Proficiency in Microsoft Office suite of tools
General understanding of the healthcare and health insurance businesses
Ability to conduct meetings with various business and IT personnel