Vp, Chief Information Security Officer (Ciso) - Hybrid

Vitalant is currently seeking a Vice President, Chief Information Security officer (CISO). In this role, you will assume leadership of our enterprise-wide Information Security Program. Your key responsibilities will include developing, implementing, and enforcing security policies to safeguard critical data and sensitive information. Dive into assessing technical risks, shaping security governance, and defining the necessary security awareness/training. You'll also be at the forefront of incident management, leading a dedicated team focused on security and data governance.

At Vitalant, your impact is vital. As the VP, CISO, you'll be the guardian of people, processes, and technology, ensuring regulatory compliance and upholding the confidentiality, integrity, and availability (CIA) of our information and assets. You will engage in meaningful conversations with business leaders where you'll strike a balance between business goals, security priorities, regulations, and stakeholder expectations to address security risks and minimize potential harm. This is not just a job; it's a chance for you to make a real impact on our organization's security landscape shaping the future of our life-saving mission.

This position will work in the Scottsdale, AZ National Headquarters 3 days a week and work from home 2 days a week

DUTIES AND RESPONSIBILITIES:

• Provides effective leadership to achieve prominent levels of service, quality, financial results, and other criteria in accordance with policies, goals, and objectives.
• Hires, supervises, trains, and evaluates performance of assigned personnel. Identifies and effectively resolves personnel issues.
• Develop and execute an enterprise-wide security framework based on federal and state laws, risk, and compliance. Drives roadmaps that mitigate risk through the right balance of controls and operational flexibility.
• Responsible for the development of security polices ensuring adherence to standards, guidelines, and procedures to ensure ongoing maintenance of security and compliance with Information Security standards and regulations.
• Provide information, presentations and support to the Senior Management Team and Board to ensure the understanding of security beyond a "compliance-only" view to provide analysis of strategic objectives or proposals in light of security risks and compliance obligations.
• Prepare the organization for a healthcare certification; HITRUST, ISO, etc., to ensure customer and vendor confidence in the organizational overall security practices.
• Establishes and chairs a security and data governance team comprised of legal, IT and privacy leaders to guide the organization’s security program and use and sharing of information and data to ensure compliance with applicable laws and regulations, evaluate and anticipate risks with proposed strategic initiatives or projects, and develop mitigation measures where feasible.
• Oversees and provides direction on the classification, ownership, and retention of data and information as well as clarifying accountability for data and information. Direct the development of policies to include data and information in both electronic and non-electronic format for compliance with HIPAA, HITECH, and any other state or federal law impacting organization’s use of personal or financial data, including but not limited to data of donors, patients, vendors, customers, collaborators, and employees.
• Represent the organization internally and externally on Information Security matters; leads, or participates in relevant committees, projects, and security initiatives.
• Works closely and collegially with the CIO and Information Technology leadership team, general counsel, privacy counsel, privacy officer and enterprise risk.
• Responsible for development and delivery of enterprise security training programs for initial and ongoing training for all enterprise employees, contract employees and others, including HIPAA compliant training for HIPAA covered healthcare components of organization. Updates training as often as needed to meet environment changes and regulatory requirements.
• Partners with Information Technology on selection and implementation of computer Information Security systems and tools.
• Responsible for the enforcement of Information Security and data protection policies ensuring adherence to standards, guidelines, and procedures. Coordinates and conducts assessments, including regular HIPAA Risk Assessments where applicable, to ensure compliance with the security and data policies is maintained at all levels of the organization.
• Maintains current knowledge of applicable federal and state Information Security regulations including but not limited to FDA, HIPAA, HITECH, PCI and other applicable federal and state regulations and accreditations standards governing security of data, particularly sensitive proprietary, financial, and personal data. Provides analysis of pending new regulations in Information Security for assessment and implementation for compliance.
• Responsible for the development and execution of performance indicators for security measurements and routine metrics to assist the organization in identifying potential security risks and providing recommendations for mitigation, including, third party evaluations, and impact analysis.
• Reviews vendor contracts and consents needed to implement projects in partnership with the organization’s procurement and Information Security function.
• Participates in cyber liability insurance program analysis and identified liability risks and recommends mitigation measures.
• Responsible for security incident management reporting and tracking.
• Develops and administers annual budget in compliance with requirements of organization and ensures adherence.

• Bachelor’s degree from accredited college/university with a major in information technology, computer science, Information Security or related study required.
• Master’s degree in science, technology (preferred) or equivalent.
• Experience in security operation and incident response teams required.
• Strong knowledge of Security industry standards and regulations, including required assessments, reporting and data management required. Internal and External IT auditing concepts, techniques, methods, and procedures required. 6. Familiarity with major IT computing platforms, security concepts, general controls, and application auditing required.

• Ten years of progressive IT professional experience required. Seven years of the required experience must be in managing mid-sized to large IT security operations.
• Two years of experience performing complex professional auditing, Information Security, or information systems assessments and auditing; including lead responsibly for supervision of staff or contract staff required.
• Proven record with leading security incident or breach assessment, mitigation and response and demonstrated ability to anticipate, assess, and manage threats, including cyber threats, to the enterprise, risks to enterprise information, and management of those risks and responses to exploits to the enterprise required.
• Experience with cyber security insurance programs and cyber liability risk assessment, mitigation, and claims required.

• Must possess the skills and abilities to successfully perform all assigned duties and responsibilities.
• Business enabling mindset.
• Strong analytical and critical thinking skills.
• Excellent interpersonal, negotiation and conflict resolution skills.
• Must be able to act with integrity, professionalism, and confidentiality.
• Excellent written and verbal communications with experience presenting to executives and leadership teams.

#ITCORP

Vitalant is one of the nation’s largest nonprofit blood and biotherapies healthcare organizations, providing hospitals and patients across the U.S. a safe blood supply, specialized laboratory services, transfusion medicine expertise and world-renowned research. We have a network of 115 donation centers across the U.S. and host approximately 60,000 blood drives annually. Vitalant provides blood and special services to patients in more than 900 hospitals across the U.S. where millions of people depend on blood donations from our generous donors.

Vitalant is committed to fostering a diverse and inclusive workplace built on a foundation of respect, integrity, teamwork, and excellence. Through our DEI strategic plan, we create opportunities for employees of all backgrounds to feel valued, seen and heard. We believe this mission drives creativity and innovation, as employees experience an environment conducive to personal growth and career development.

EEO/Minorities/Females/Disabled/Veterans

Our organization is an equal employment/affirmative action employer. If you need accommodation for any part of the employment process because of a medical condition or disability, please send an e-mail to Careers@vitalant.org to let us know the nature of your request.

For more EEO information about applicant rights click here