Chief Information Security Officer (CISO)
Remote or Boston, MA or Pittsburgh, PA
Arcadia
Arcadia unlocks access to global utility data. Our technology powers the next generation of climate solutions, giving anyone the tools to electrify and decarbonize.Why This Role Is Important To Arcadia
The CISO reports directly to the CEO and serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee, and business information in compliance with the Arcadia's information security policies. Key elements of the CISO's role include:
- Maintain and enhance the enterprise-wide information security management program to ensure that information assets are adequately protected.- Develop organizationally aligned vision and strategy for information security that enables the organization to reach business objectives and strategic priorities. - Work with executive management to determine and achieve acceptable levels of risk.- Something about being a thought leader.
What Success Looks LikeIn 3 months- Complete onboarding and review of policies and procedures, asset and application inventories, security projects, etc. - Integrate and develop relationships with staff, Arcadia leadership, and department stakeholders.- Identify gaps and areas for improvement within security and compliance programs and develop high level remediation guidance and priorities.
What You'll Be Doing
- Managing and monitoring enterprise information security, compliance, and IT risk management activities
- Working directly with the business units to facilitate risk assessment and risk management processes
- Recruiting, managing, and mentoring security and compliance staff
- Consulting with lines of business to develop pragmatic solutions that achieve business requirements and maintaining acceptable levels of risk
- Reporting key, risk based, performance metrics that demonstrate effectiveness of our program and a return on investment for our executives and the board of directors
- Actively participate in security architecture with information technology, product management, and Engineering
- Enhancing and maintaining a world-class security infrastructure, controls, and processes
- Evangelizing security best practices across Arcadia, with customers, and the industry
- Collaborating with development teams and product/development leadership to improve security within the in the software development lifecycle
- Responding to customer requests for security audits and security assessment
- Providing vision and guidance for security operations tooling and architecture
- Evangelizing security best practices across Arcadia, with customers, and the industry
- Collaborating with dev teams to apply a shift-left security strategy in the development lifecycle
- Responding to customer requests for security audits and security assessment
- Providing vision and guidance for security operations tooling and architecture
- Driving improvements in incident identification and response capabilities and overseeing incident response table-top and integrated testing
- Ensuring the effectiveness of data backup, recovery, and business continuity capabilities
- Partnering with business stakeholders to raise awareness of security, privacy, and risk management concerns
- Supporting compliance and audit requirements including HITRUST, SOC2, ISO27001, and PCI-DSS
- Assisting with the overall business technology planning, providing a current knowledge and future vision of technology and systems
What You'll Bring
- Minimum 10 years of experience in healthcare supporting HIPAA security and compliance requirements
- Minimum 10 years of experience in a combination on of risk management, information security and security engineering roles with at least 4 years in a senior leadership role
- Current role as CISO/Head of Security role
- Direct experience leading and managing Information Security Management Systems to support HITRUST, SOC 2 and ISO 27001 compliance
- Deep technical understanding of AWS security architecture and controls
- Provide leadership for incident response, including proven experience with SIEM to identify security events, perform triage, establish escalation if warranted, and manage response
- Fantastic communication skills in both spoken and written forms to explain complex ideas to various audiences, such as, internal stakeholders and external customers and auditors
- Masters or doctorate in information security
- Certification in one or more of the following: CISSP, CISM, SSCP, CCSP, CRISC, others
Would Love for You to Have
- Masters or doctorate in information security
- AWS Certified Security – Specialty Certification
- AWS Solution Architect Certification
- Experience building a red team and demonstrated offensive security capabilities
- Membership with CHIME or AEHIS, Infragard, ISSA, ISACA others
- History of public speaking at security conferences and trade shows
- Published articles and white papers
- Knowledge of healthcare analytics, machine learning, and artificial intelligence
What You'll Get
- The opportunity to work for an amazing, fast-growing software company leveraging a highly scalable cloud platform
- You seek a fun culture that encourages you to speak up and fosters creative thinking
- You enjoy working with customers and thrive as a team player
- You want to use your skills to make an impact in healthcare
- Awesome work environment
- Competitive compensation
- Great benefits like flextime time off
- Stocked kitchen with snacks and beverages and more
This position is responsible for following all Security policies and procedures in order to protect all PHI under Arcadia's custodianship as well as Arcadia Intellectual Properties. For any security-specific roles, the responsibilities would be further defined by the hiring manager.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Artificial Intelligence Audits AWS CCSP CISM CISSP Cloud Compliance CRISC HIPAA HITRUST Incident response ISACA ISO 27001 Machine Learning Monitoring Offensive security Privacy Red team Risk assessment Risk management Security assessment Security strategy SIEM SOC SOC 2 SSCP Strategy
Perks/benefits: Career development Competitive pay Conferences Health care Snacks / Drinks Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs