POS1189 - VP CYBERSECURITY

Envision Healthcare Corp

Nashville, TN

JOB DETAILS
SKILLS
Analysis Skills, Budget Management, Business Services, CISA - Certified Information Systems Auditor, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Clinical Support, Cloud Computing, Communication Skills, Computer Science, Computer Security, Content Management Systems (CMS), Contract Requirements, Corporate Policies, Cross-Functional, Customer Relations, Department of Health and Human Services, Diversity, Enterprise Architecture, Establish Priorities, Government, HIPAA (Health Insurance Portability and Accountability Act), Healthcare, Incident Management, Incident Response, Information Assets, Information Science, Information Technology & Information Systems, Information/Data Security (InfoSec), Internal Audit, Internet Security, Interpersonal Skills, Leadership, Legal, Management of Information Systems/Technology (MIS), Operational Strategy, Operations Security (OPSEC), Organizational Development/Management, PCI-DSS, Patient Care, Policy Development, Presentation/Verbal Skills, Privacy Controls, Procedure Development, Procedure Implementation, Project/Program Management, Regulations, Regulatory Requirements, Resource Management, Risk, Risk Analysis, Risk Management, Security Analysis, Security Architecture, Security Attacks, Security Monitoring, Team Player, Technical Analysis, Technical Leadership, Technical Support, Training Program, U.S. National Institute of Standards and Technology (NIST), Vendor/Supplier Relations, Writing Skills
LOCATION
Nashville, TN
POSTED
6 days ago

Summary: Envision is seeking a strategic and operational cybersecurity leader to continue executing our multi-year cybersecurity strategy and advancing the maturity of our security program. Reporting to the CIO, this leader will lead the enterprise cybersecurity function and partner closely with IT leadership and business stakeholders to strengthen cybersecurity operations, governance, architecture, and risk management across the organization.

Company Overview: Envision is a leading national medical group focused on delivering high-quality care to patients when and where they need it most. You'll find clinicians and clinical support professionals across the nation who are proud to call Envision home. We welcome teammates of every background and work in communities that reflect the racial, ethnic, gender, sexual orientation, and economic diversity of our country.

Benefits: At Envision, we offer benefits at the speed of your life. Our wide range of health and welfare benefits allow you to choose the right ones for you and your family. Best of all, qualifying employees are eligible to enroll from day one, so you can rest easy knowing you and your loved ones are protected. Envision offers a variety of health and welfare benefit options to help protect your health and promote your wellbeing. The benefits offered include but not limited to: Medical, Dental, Vision, Life, Disability, Healthcare FSA, Dependent Care FSA, Limited Healthcare FSA, FSAs for Transportation and Parking & HSAs.

Paid Time Off: Envision offers paid time off, 9 observed holidays and paid family leave. You accrue Paid Time Off (PTO) each pay period and depending on your position and can earn a minimum of 20 days and up to 25 days per calendar year.

The ideal candidate is a collaborative and pragmatic leader who can align security priorities with business objectives, build strong cross-functional relationships, and produce concise, impactful executive communications that drive understanding and informed decision- making.

  • Minimum of 15 years of experience in a combination of risk management, information security and information technology fields. At least 5 years of experience in a senior leadership role.
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
  • Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
  • Poise and ability to act calmly and competently in high-pressure, high-stress situations.
  • Knowledge of common information security management frameworks, such as NIST.
  • Knowledge and demonstrated experience of relevant legal and regulatory requirements, such as HIPAA Privacy & Security, related HHS/CMS regulations and guidelines, CCPA, GDPR, and industry compliance attestations and frameworks such as HITRUST, ACIPA SOC 2, NIST CSF, CIS, and PCI DSS.
  • Exhibit excellent analytical skills, the ability to manage multiple, inter-disciplinary projects as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
  • Project management, financial/budget management, scheduling, and resource management.
  • High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.
  • High degree of initiative, dependability, and ability to work with little supervision.
  • Use of Security Utilities and how to interpret data outputs and extracts.
  • Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
  • Bachelor's degree in information security, Computer Science, Management of Information Systems, or related field required.

If you are ready to join an exciting, progressive company and have a strong work ethic, join our team of experts! We offer a highly competitive salary and a comprehensive benefits package.

Envision uses E-Verify to confirm the employment eligibility of all newly hired employees. To learn more about E-Verify, including your rights and responsibilities, please visit www.dhs.gov/E-Verify.

Envision is an Equal Opportunity Employer.

The VP, Cybersecurity Operations reports directly to the Chief Information Officer (CIO) and is responsible for development, oversight, and implementation of the enterprise-wide Cybersecurity strategy for Envision. This position serves as the senior advisor to the organization's executive leadership team on matters related to this area of responsibility, including cybersecurity operations, cloud security, cyber GRC, Cyber-Incident Response, and security architecture. The VP, Cybersecurity Operations also has responsibility for cybersecurity policies, standards, roles, and organizational awareness, chairing the enterprise cybersecurity governance committee, and decisions regarding identification and selection of appropriate technological, physical, and administrative cybersecurity controls designed to address the organization''s data security requirements and risk profile.

  • Lead the development and execution of a comprehensive cybersecurity strategy to safeguard enterprise-wide information systems, digital assets, and sensitive data. Oversee the execution of cybersecurity initiatives and produce clear, concise written updates for the Board of Directors, detailing program progress, risk posture, and strategic priorities
  • Develop, govern, and mature a comprehensive cybersecurity risk-based program focused on the integrity, confidentiality, and availability of information assets.
  • Define the cybersecurity architecture roadmap that will identify appropriate security controls and assess current and new technologies to support the organization's security priorities.
  • Develop, maintain, and promote cybersecurity policies, standards, and guidelines.
  • Ensure that controls align with and address contractual obligations, corporate policies, and legal and regulatory requirements for cybersecurity.
  • Oversee the management of cybersecurity awareness training programs for all employees, contractors, and approved system users.
  • Define and facilitate the cybersecurity risk assessment process and work effectively with Information Technology leadership to procure and implement recommended security measures.
  • Provide strategic risk guidance and security consultation for corporate projects, including the evaluation and recommendation of technical standards and controls.
  • Establish and implement a process for cyber incident management to effectively identify, respond, contain, and communicate a suspected or confirmed incident.
  • Identify, assess, and prioritize cybersecurity risks to data and systems, including external threats, cyber-crimes, internal threats, and third-party risks, advising relevant stakeholders on the appropriate courses of actions to contain, mitigate, or eliminate cyber risks.
  • Partner with Information Technology on the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a cybersecurity event.
  • Serve as an authoritative resource in all related aspects of cybersecurity to the company.
  • Establish strong internal relationships across the business and serve as a partner to senior leaders in compliance, legal and internal audit.
  • Establish external relationships with relevant key vendors, customers, risk management carrier, communication partners and government agencies.

Direct Reports:

  • Director, Governance, Risk, and Compliance (GRC)
  • Director, Incident Response and Strategic Relations
  • Director, Security Operations
  • Director, Cloud Security Operations
  • Enterprise Principal Architect - Identity Architecture and Governance
  • Enterprise Principal Architect - Data Security
  • Enterprise Principal Architect - Security

The VP, Cybersecurity Operations reports directly to the Chief Information Officer (CIO) and is responsible for development, oversight, and implementation of the enterprise-wide Cybersecurity strategy for Envision. This position serves as the senior advisor to the organization's executive leadership team on matters related to this area of responsibility, including cybersecurity operations, cloud security, cyber GRC, Cyber-Incident Response, and security architecture. The VP, Cybersecurity Operations also has responsibility for cybersecurity policies, standards, roles, and organizational awareness, chairing the enterprise cybersecurity governance committee, and decisions regarding identification and selection of appropriate technological, physical, and administrative cybersecurity controls designed to address the organization''s data security requirements and risk profile.

  • Lead the development and execution of a comprehensive cybersecurity strategy to safeguard enterprise-wide information systems, digital assets, and sensitive data. Oversee the execution of cybersecurity initiatives and produce clear, concise written updates for the Board of Directors, detailing program progress, risk posture, and strategic priorities
  • Develop, govern, and mature a comprehensive cybersecurity risk-based program focused on the integrity, confidentiality, and availability of information assets.
  • Define the cybersecurity architecture roadmap that will identify appropriate security controls and assess current and new technologies to support the organization's security priorities.
  • Develop, maintain, and promote cybersecurity policies, standards, and guidelines.
  • Ensure that controls align with and address contractual obligations, corporate policies, and legal and regulatory requirements for cybersecurity.
  • Oversee the management of cybersecurity awareness training programs for all employees, contractors, and approved system users.
  • Define and facilitate the cybersecurity risk assessment process and work effectively with Information Technology leadership to procure and implement recommended security measures.
  • Provide strategic risk guidance and security consultation for corporate projects, including the evaluation and recommendation of technical standards and controls.
  • Establish and implement a process for cyber incident management to effectively identify, respond, contain, and communicate a suspected or confirmed incident.
  • Identify, assess, and prioritize cybersecurity risks to data and systems, including external threats, cyber-crimes, internal threats, and third-party risks, advising relevant stakeholders on the appropriate courses of actions to contain, mitigate, or eliminate cyber risks.
  • Partner with Information Technology on the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a cybersecurity event.
  • Serve as an authoritative resource in all related aspects of cybersecurity to the company.
  • Establish strong internal relationships across the business and serve as a partner to senior leaders in compliance, legal and internal audit.
  • Establish external relationships with relevant key vendors, customers, risk management carrier, communication partners and government agencies.

Direct Reports:

  • Director, Governance, Risk, and Compliance (GRC)
  • Director, Incident Response and Strategic Relations
  • Director, Security Operations
  • Director, Cloud Security Operations
  • Enterprise Principal Architect - Identity Architecture and Governance
  • Enterprise Principal Architect - Data Security
  • Enterprise Principal Architect - Security

About the Company

E

Envision Healthcare Corp