Senior Security Officer

Summary

Join Vee Healthtek (VHT) as the Senior Security Officer, reporting to the CEO, to lead the global security governance and compliance program. Align cybersecurity efforts with business objectives and ensure compliance with legal, regulatory, and contractual requirements. Manage an international team of security professionals, enhancing VHT's resilience to cyber threats. Oversee the enterprise-wide Information Security Management System (ISMS), incorporating all necessary safeguards. Foster a culture of security and optimize resource allocation to meet business needs while improving security posture. Collaborate with various teams, including Executive Leadership, Business Operations, and IT. This role requires extensive cybersecurity expertise and leadership skills.

Requirements

• Bachelor's Degree in Computer Science/Engineering/Cybersecurity, Digital Forensics or related field
• 7-10 years of progressive IT experience and demonstrated experience in cybersecurity specifically
• Certified Information System Security Professional (CISSP)

Responsibilities

• Manage an international team of cybersecurity professionals supporting the security and cyber compliance program
• Understand the legal, regulatory, and contractual obligations of each Business Line’s portfolio & services, client landscape, and assets managed by Businesses
• Identify and implement Cybersecurity single point of contacts throughout the organization
• Develop the company’s cybersecurity budget and propose business financial cases to present for the annual budgeting process
• Responsibly, manage the company’s cybersecurity budget by meeting financial targets
• Act as a Cybersecurity consultant to the Company and its affiliates
• Ensure coordination and alignment with information security counterparts who support Vee Healthtek’s clients
• Protect VHT’s interest by identifying operational, budget, and cyber risks introduced through any merger and acquisition activities
• Protect Vee Healthtek’s reputation by establishing a security framework that meets potential client expectations during the contracting negotiation process
• Serve as the organizational subject-matter expert on cybersecurity
• Ensure alignment with Vee Healthtek’s Ethics and Compliance Program (e.g., incident management, escalation, procedure development, communication, education, etc.)
• Conduct and support program gap analyses and implement controls to address gaps
• Manage (or monitor) the Cybersecurity audits and risk assessments requested by Customers/Clients
• In collaboration with organizational leaders, make recommendations for appropriate remediation and monitor status of plan completion
• Define and monitor cybersecurity KPIs for the Company
• In collaboration with Human Resources and Compliance, develop and maintain appropriate security protocols and relevant disciplinary actions (e.g., onboarding and off-boarding protocols, initial and refresher training, etc.)
• Develop secure software development principles for the technology team and ensure its compliance
• Ensure consistency of practice across all company locations, both on- and off-shore
• Promote a culture of cybersecurity awareness In coordination with Human Resource and Compliance, define and establish a Cybersecurity training program for relevant resources and employees based on policies and guidelines
• Promote a culture of security integration and responsibility throughout the organization
• Ensure that each of the business teams responsible for their work receive adequate training to keep data security in the forefront of their minds. This includes providing both general and role-based training where warranted
• Assess, monitor, and proactively mitigate known and emerging Cybersecurity Risks Lead risk assessments for Company applications, digital services, infrastructure, and business delivery
• Stay abreast of the latest security technologies, trends, and threats to assist in management of the company’s protection model
• Maintain a dynamic threat assessment report based on Industry threats, trends, infrastructure, applications, critical services, and regulatory requirements
• Actively monitor the Company environment for potential threats and enact appropriate mitigation measures
• Design, build and integrate relevant Cybersecurity solutions and processes to protect the Company and our clients
• Establish cybersecurity maturity model targets and programs to assist the company in reaching a level of maturity and protection commensurate with the business and industry
• Develop and implement a Data Loss Prevention Program to protect the Company’s Intellectual Property and client information
• Identify, produce and implement software tools and technologies that will prevent data security threats to the company for internal and external forces
• Identify, manage, and remediate security incidents In coordination with the Compliance team, serve as an escalation point for Company security incidents
• Act as a Liaison with applicable state and federal agencies during security incidents
• Establish a Cybersecurity Incident Response Program for appropriate management of security incidents
• In coordination with the Privacy Officer, ensure appropriate monitoring of physical security controls
• Lead remediation activities for security incidents
• Perform Root Cause Analyses for incidents, including short and long-term mitigation actions to prevent recurrences
• Represent the organization during the security-related crisis communication process
• Identify external forensic services for use as required for security incident investigations
• Establish escalation and reporting mechanisms to Executive Leadership Function as the cybersecurity risk owner as part of the organization’s enterprise risk management process
• Escalate significant security incidents to senior leadership
• Function as a liaison between Company executives and the business organization for all security initiatives or concerns

Preferred Qualifications

• Master’s Degree
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified Chief Information Security Officer (CCISO)
• ISO / IEC 27001 Lead Implementer or Auditor