Chief Information Security Officer (CISO)

All Jobs > Chief Information Security Officer (CISO)

Chief Information Security Officer (CISO)
Fully Remote • New York

Full-time

Description

Job Description

Med Tech Solutions (MTS) is a leading healthcare technology company focused on delivering innovative technology solutions that improve patient care and support healthcare providers. We work exclusively with healthcare organizations across the United States, providing comprehensive HIT and cloud solutions. Our staff have extensive healthcare experience, enabling us to serve community health centers, clinics, networks, and other healthcare organizations. Visit www.medtechsolutions.com for more information.

MTS is growing! We are seeking a Chief Information Security Officer (CISO) to join our team. This role involves maintaining a corporate-wide Cybersecurity Program to protect MTS and client assets. The CISO will develop and implement the organization's information security strategy, ensure compliance with HITRUST and HIPAA, and manage security risks. The position may be remote.

Essential Duties and Responsibilities

• Develop and implement a strategic, comprehensive Cybersecurity Program aligned with HITRUST, HIPAA, NIST, and CIS standards.
• Oversee the creation, implementation, and maintenance of security policies and procedures.
• Conduct risk assessments and implement mitigation strategies. Ensure security and HIPAA training for all staff, contractors, and third parties.
• Identify and document IT-related risks and control exceptions, proposing mitigation plans to leadership.
• Manage the Security Incident Response Team.
• Collaborate with business and product teams to deliver cybersecurity solutions that protect against threats, support transformation, and promote growth.
• Perform internal audits to ensure compliance with HITRUST controls and evaluate security processes and tools, including hybrid cloud solutions.
• Provide regular cybersecurity reports to the board of directors.
• Conduct staff training and awareness programs on security best practices and compliance.
• Maintain an inventory of individuals with access to confidential information and document its use and disclosures.
• Coordinate with the IT department to align security and privacy practices.

Requirements

• 8-12 years of broad information security experience, especially in healthcare and HITRUST/HIPAA.
• Experience as a corporate CISO or Deputy CISO.
• Knowledge of HIPAA, HITRUST, SOC2, CIS, ISO 27001, NIST 800-53, PCI DSS, SSAE 18, MITRE ATT&CK, or similar standards.
• Certifications such as CISM, CISA, CISSP, CHPSE, HCISSP, Security+, CRISC, CGEIT are desirable.
• Excellent communication skills, capable of presenting to executives and non-technical audiences, including webinars and public speaking.
• Strong background in IT architecture, cloud security, application security, and infrastructure security.
• Good financial and business understanding, with influencing skills to drive transformation.