VP, Chief Information Security Officer

About SCAN

SCAN Group is a not-for-profit organization dedicated to tackling the most pressing issues facing older adults in the United States. SCAN Group is the sole corporate member of SCAN Health Plan, one of the nation's leading not-for-profit Medicare Advantage plans, serving more than 285,000 members in California, Arizona, Nevada, and Texas. SCAN has been a mission-driven organization dedicated to keeping seniors healthy and independent for more than 40 years and is known throughout the healthcare industry and nationally as a leading expert in senior healthcare. SCAN employees are a group of talented, passionate professionals who are committed to supporting older adults on their aging journey, while also innovating healthcare for seniors everywhere. Employees are provided in-depth training and access to state-of-the-art tools necessary to do their jobs, as well as development and growth opportunities. SCAN takes great pride in recognizing our team members as experts in their fields and rewarding them for their efforts. If you are interested in becoming part of an organization that is innovating senior healthcare visit www.thescangroup.org, www.scanhealthplan.com, or follow us on LinkedIn; Facebook; and Twitter.

The Job

As the Chief Information Security Officer (CISO), you will be responsible for establishing and maintaining the enterprise vision, strategy, and programs to ensure that information assets and technologies are adequately protected for both SCAN Health Plan and associated portfolio companies. This role requires a deep understanding of the complexities and regulatory requirements specific to the healthcare industry, including patient data protection, HIPAA compliance, and cybersecurity threats. The CISO will be the strategic leader for all aspects of information security, including security architecture, risk management framework, incident response, security awareness training, and vulnerability management. Responsible for the effective management of information security functions and/or technology teams within the enterprise; including but not limited to applications, communications (voice and data), and computing services. This role will direct the development and administration of information security systems and functions to ensure that enterprise security goals are met. This position works collaboratively with executive leadership, IT, legal, compliance, and external partners to safeguard sensitive health information, maintain regulatory compliance, and mitigate risks associated with evolving cyber threats.

You Will

• Provide leadership, vision and executive oversight in the development and implementation of the information security strategy to define state-of-the-art policies and processes that enable the establishment of consistent and effective information security practices that minimize risk.
• Implement robust risk management practices and conduct regular security assessments to identify, evaluate, and mitigate information security risks.
• Establish and chair a Security Governance Committee that regularly reviews security risks and ensures appropriate mitigation strategies.
• Develop, maintain, and enforce information security policies and procedures. Ensure compliance with healthcare regulations, including HIPAA.
• Lead the response to information security incidents. Develop and maintain an incident response plan ensuring swift action to minimize impact and manage communication, coordinating with internal and external stakeholders.
• Oversee the management of information security vendors and third-party service providers.
• Evaluate and recommend security enhancements and technology solutions. Ensure the security of all electronic information assets.
• Coordinate with internal and external auditors. Ensure the organization is prepared for and compliant with all regulatory audits.
• Develop and manage the information security budget.
• Stay abreast of the latest information security trends and technologies. Foster a culture of continuous improvement in information security practices.
• Plan for incident-specific responses as well as disaster recovery planning.
• Monitor compliance with State and Federal regulations for information security of employee data and financial information, responses to identity theft, and other compliance issues such as HIPAA, HITECH, and Cyber Security Act.
• Respond to data security breaches and lead the development of appropriate tracking / reporting systems.
• Establish and enforce a process to ensure that all users receive appropriate information security training to perform duties along with periodic information security awareness training; ensures appropriate levels of information security awareness and personal responsibility.
• Oversee the audit and assessment of system security vulnerabilities, direct the development and deployment of remediation plans, and work with business stakeholders to mitigate the risks and ensure compliance.
• Create system hardening standards for the various hosts and network systems and oversees their deployment.
• Assess the current information security landscape and recommend technology and processes to address current and emerging risks.
• Work with management to develop and maintain a risk management matrix, which maps known risks to IT controls.
• Remain current on security standards and compliance requirements.
• Accomplish staff results by communicating job expectations; planning, monitoring, and appraising job results; coaching and counseling employees; initiating, coordinating, and enforcing systems, policies, and procedures.
• Maintain staff by recruiting, selecting, orienting, and training employees; maintaining a safe and secure work environment; developing personal growth opportunities.
• Maintain professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; participating in professional societies.
• Actively support the achievement of SCAN's Vision and Goals.
• Other duties as assigned.

Your Qualifications

• Bachelor's degree preferred
• CISSP (Certified Information Systems Security Professional) or Certified Information Security Manager (CISM)
• GIAC Intrusion Analyst or Security Essentials Certification, and Ethical Hacking training a plus
• 15 years of Information Technology experience, including 8+ years of experience with information security key function areas or enterprise-wide IT management/administration.
• 5 years of experience leading or managing a technical team.
• Healthcare industry experience is required.
• Understanding and experience with adherence to information and network security standards (HIPAA, HITECH, HITRUST, PCI and PII compliance), data management, disaster recovery.
• First-hand experience setting up formal IT Security Governance, IT Security Steering Committees, IT Security Operation Centers etc.
• Strong working knowledge of Cyber Security frameworks like NIST, HITRUST and ISO 27000's.
• Ability to react quickly and effectively to risks and threats from external and internal sources on a 24/7 basis.
• Thorough understanding of Active Directory, Network/Remote Access Security, Systems Security (Windows, Unix, Mainframe), Application and Web Security, Firewalls and Intrusion Detection Systems, TCP/IP, Proxy, SPAM Filtering, SIEMs, Vulnerability Scanners, IDS/IPS, SQL.
• Excellent written and oral communication skills, as well as strong interpersonal, critical thinking, and analytical skills.

What's in it for you?

• Base Pay Range: $285,000 to $335,000 annually
• An annual employee bonus program
• Robust Wellness Program
• Generous paid-time-off (PTO)
• 11 paid holidays per year, 1 floating holiday, birthday off, and 2 volunteer days
• Excellent 401(k) Retirement Saving Plan with employer match
• Robust employee recognition program
• Tuition reimbursement
• An opportunity to become part of a team that makes a difference to our members and our community every day

We're always looking for talented people to join our team Qualified applicants are encouraged to apply now

At SCAN we believe that it is our business to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects our community through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more.

SCAN is proud to be an Equal Employment Opportunity and Affirmative Action workplace. Individuals seeking employment will receive consideration for employment without regard to race, color, national origin, religion, age, sex (including pregnancy, childbirth or related medical conditions), sexual orientation, gender perception or identity, age, marital status, disability, protected veteran status or any other status protected by law. A background check is required.

#LI-JB1 #LI-Hybrid

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)

---