Virtual CISO (vCISO), Hospitals and Health Systems

Description

ABOUT US

Clearwater Security and Compliance LLC is the leading provider of cybersecurity, risk management, and HIPAA compliance software, consulting, and managed services for the healthcare industry. Our solutions enable organizations to avoid preventable breaches, protect patients and their data, meet regulatory requirements, and optimize cybersecurity investments. More than 400 healthcare organizations, including 70 of the nation’s largest health systems and a large universe of physician groups and digital health companies, trust Clearwater to meet their cybersecurity and compliance needs.

POSITION SUMMARY

The Virtual CISO, Cybersecurity Senior Principal Consultant (“vCISO”) will lead and execute Clearwater consulting engagements and managed services programs and plays a key role in contributing to the Company’s rapid growth. The vCISO engages in thought leadership, new solution development and continuously builds his/her expertise in relevant domains to Clearwater’s solutions. The vCISO develops his/her mastery of healthcare cybersecurity, cyber risk management, and compliance while exploring emerging healthcare industry issues, technologies, and opportunities.

The vCISO spends the majority of her/his time working directly with customers. In this role he/she will act as a vCISO leading multiyear cybersecurity and HIPAA compliance programs for hospitals and health systems. This role will set a cybersecurity strategy in place and successfully execute that strategy working closely with customers’ senior leaders, the delivery team and leveraging other subject matter experts at Clearwater.

The vCISO is a key advisor and expert to Clearwater customers and represents the high standards of quality and excellence for which Clearwater is known. Through the delivery of robust and proactive cybersecurity, risk analysis, and risk response solutions, the vCISO enables customers to improve patient safety, safeguard sensitive health information, and protect their corporate capital and reputation.

SPECIFIC JOB RESPONSIBILITIES

• Complete or oversee completion of consulting services engagements as assigned, following Statements of Work, Clearwater standards, relevant customer policies, Clearwater defined work processes, templates, and IRM|Pro® software. These include but are not limited to policy and procedure customization, risk analysis, risk response, security assessments, vendor risk management, development of strategic and tactical work plans, remediation planning and execution, general advisory, and other services.
• Achieve utilization targets of at least 75% (1,560 hours per year), complete projects on time and budget, and meet quality standards.
• Provide vCISO services for customers, following Clearwater methodologies and industry best practices, and lead Clearwater ClearAdvantage® and ClearConfidence® managed services engagements.
• Coach consultants and provide training as needed, especially for those working on engagements they are leading.
• Study, learn, test, document, execute and seek to continuously improve scalable consulting services processes to effectively deliver customer engagements while achieving a high level of customer satisfaction.
• Contribute to training programs and materials to support and encourage customer adoption and retention of Clearwater’s IRM|Pro® software.
• Execute project planning, scheduling, and other coordination of internal and customer resources to conduct interviews, meetings, and presentations.
• Prepare and deliver thoughtful, insightful, and professional presentations to customers and internal Clearwater stakeholders.
• Create, review and edit findings, observations, and recommendations reports.
• Develop and continuously improve tools and templates used in delivering customer engagements and training subcontracted resources.
• Conduct IRM|Pro® training and orientation sessions with customers.
• Actively participate in the development of strategies and execution of tactics supporting business development activities.
• Provide pre-sales support to Sales in assessing customer needs, scoping engagements, and estimating the level of effort for consulting projects or managed services engagements. 
• Assist Product Innovation, Customer Success, Sales, Marketing, and other departments with projects as requested.
• Develop and deliver thought leadership, including creating and providing webinars, writing blog posts, and participating in industry events.
• Contribute to  the development and delivery of new services to support business growth, creating and refining processes, and providing content to sales and marketing to commercialize solutions.
• Identify, document, and pursue opportunities for follow-on engagements or additional services with customers, working closely with Sales and customer Success teams.
• Become knowledgeable of Clearwater’s solution and service offerings, sales process, marketing materials, contract and SOW structure, methodologies, delivery standards, work tools, and processes.
• Pursue additional education and stay current on best practices, technical skills, and tools related to the position's duties.
• This position has significant interaction with internal and external stakeholders, including colleagues, customers, partners, subcontractors, and potential investors. This position requires a strong customer service orientation and the ability to: 

1. Work independently on a variety of projects simultaneously, 

2. Exercise good judgment and initiative to manage priorities, 

3. Quickly develop trusting relationships with a variety of healthcare compliance and information system professionals,

4. Read and readily comprehend Federal and State security and privacy regulations, security and privacy policies and procedures, customer contractual requirements, insurance requirements, and assess their relevance to specific situations,

5. Pose questions and listen to customer responses effectively to draw out essential facts, data, business process descriptions, sensitivities, and perspectives, and

6. Demonstrate strong organizational abilities, effective writing skills, and communications skills.

7. Develop presentations with clearly messages, and effective slides, and deliver these presentations to senior executives

8. Lead teams of internal and external stakeholders to drive security projects forward

9. Engage with law enforcement, insurance carriers, external council, investors, and other stakeholders

10. Identify and manage client engagement risks and issues

Requirements

The vCISO will have experience in cybersecurity, information risk management, or both domains, preferably with direct experience working in the healthcare industry or industries and particularly in a hospital or health systems setting using the same standards and processes that Clearwater uses to perform its engagements. The vCISO must have prior experience in consulting, managing teams, and have had a cybersecurity or privacy leadership role in a hospital of multi-site healthcare services provider organization.

In addition to technical cybersecurity experience and skills, the vCISO must have demonstrated through experience that she/he has the soft skills required to drive engagement with customers. She/he must have experience successfully managing projects, meeting deadlines, and achieving high levels of quality based on standards. The vCISO must have experience working on and leading teams, analyzing data, writing professional technical reports, and developing and delivering presentations to stakeholders at various levels of the organization.
 

QUALIFICATIONS, SKILLS, & KNOWLEDGE

• 10+ years of related work experience
• Bachelor’s degree
• Served in a leadership role in a cybersecurity program for healthcare services provider, hospital preferred
• Additional healthcare industry experience
• Desire and ability to create thought leadership like webinars, blog articles, and white papers
• Experience and comfort with public speaking
• Disciplined approach to continuously developing personal skills
• Drive to constantly improve what and how we deliver value to our customers
• Relevant experience performing NIST-based Information Systems risk analyses and HIPAA Privacy, Security, and Breach Notification Rule compliance evaluations
• Self-starters who can work independently, seek out and leverage internal resources when needed, proactively take ownership of their work and career, and drive engagements to provide the value our customers expect
• Relevant experience and prior demonstrable success leading and delivering consulting engagements in the IS or healthcare space
• Relevant technical training, project management training, and certifications such as CISSP or HCISPP
• Excellent analytic and problem-solving skills, especially in the information systems, security, and privacy space
• Highly effective verbal communications and presentation skills in a customer setting
• Excellent technical written communication skills, in particular, regarding information system, security and privacy subject matter, policies and procedures
• Experience with creating and executing repeatable work processes and procedures.
• Experience with providing technical/product support services within a sales process
• Prior experience and proven success planning, developing materials, and      delivering training on technical subject matter and software products.
• The initiative and ability to master HIPAA regulations, enforcement, and OCR audit      subject matter, as well as the NIST Information Risk Management framework and processes.
• Ability to learn new subject matter and context quickly and to maintain market and subject matter awareness.
• Ability to understand SOWs, customer proposals, project notes, deliverables, and final reports; assimilate previous experience, relevant subject matter, data, facts, and results; and develop relevant questions of colleagues to hasten understanding scenarios, methodologies, processes, and “lessons learned.”
• Demonstrated ability to work effectively with internal and external stakeholders, including colleagues, customers, partners, subcontractors, and potential investors.

Clearwater is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race; creed; color; religion; national origin; sex; age; disability; sexual orientation; gender identity or expression; genetic predisposition or carrier status; veteran, marital, or citizenship status; or any other status protected by law. 

If you require a reasonable accommodation to complete an application, interview or otherwise participate in the recruiting process, please direct your inquiries to a recruiter @ 615-669-8896 or jobs@clearwatersecurity.com. 

This employer participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. 

If E-Verify cannot confirm that you are authorized to work, this employer is required to give you written instructions and an opportunity to contact Department of Homeland Security (DHS) or Social Security Administration (SSA) so you can begin to resolve the issue before the employer can take any action against you, including terminating your employment. 

Employers can only use E-Verify once you have accepted a job offer and completed the form I-9. 

For more information on E-Verify, or if you believe that your employer has violated its E-Verify responsibilities, please contact DHS. 888-897-7781