VP Information Security - Remote
Connect to higher care
A career connection worth making.
Reporting to the SVP of Operational Excellence, the Vice President and Information Security Officer (ISO) is the most senior information protection officer for the organization. The ISO will be responsible for building and maintaining the vision, strategy, processes and programs necessary to ensure information, technology and data assets are adequately secured and are accessible to pertinent business functions. As the champion of the organization’s next generation strategy, this individual will also drive the success of a state of the art platform of shared information security and business records services for FMCNA (North America).
PRINCIPAL DUTIES AND RESPONSIBILITIES:
- Driving the continuous evolution and deployment of an enterprise-wide, world-class information, technology and data risk management and business records function, including appropriate data breach response programs,
- Identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and supports the risk posture of the enterprise,
- Defining and driving policies, standards and processes to ensure that our practices meet the North American, regional and local needs of the business, while complying with relevant U.S. and global laws, regulations and policies,
- Establishing and maintaining world-class integrated information security and business records function within the North American operations in a manner consistent with the company’s global initiatives and infrastructure,
- Serving as the process owner of all ongoing activities related to business record storage and maintenance with the goal of maintaining information access and the integrity and confidentiality of customer, business partner, employee and business information, in compliance with the organization's information security policies,
- Proactively working with business units and member firms in North America to implement practices that meet defined policies and standards for information security,
- Coordinating and collaborating with information security functions across the global platform of Fresenius operations to ensure that practices in North America are consistent with global initiatives and frameworks,
- Working with board and governance committees to determine acceptable levels of information security risk for the organization and ensuring that information security is managed effectively and efficiently in terms of program evaluation, reporting and cost management. Lead operational efforts through subordinates to complete the administration of business processes and services to ensure the operations effective achievement of goals within the assigned business unit(s).
- Leading the development and publishing of an up-to-date data breach response plan, along with security policies, standards and guidelines, and enterprise-wide training and dissemination of information security policies and practices.
- Managing the enterprise's information security and business records organization, including hiring, training, talent development and performance management.
- Ensuring that information security programs are in compliance with relevant U.S. and global laws, regulations and policies to minimize or eliminate risk and audit findings.
- Setting, implementing and continuing evaluation of consistent standards for IT security operations and support (i.e. intrusion detection systems, cyber security, firewalls, vulnerability assessment systems, penetration testing, secure email system, access control & identity management systems, network security, etc.).
- Managing research and development activities designed to assess need, analyze costs and benefits, and develop strategies for deploying and integrating progressive information security techniques and technologies.
- Coordinating the use of external resources involved in the information security and business records operations, including, but not limited to, interviewing, negotiating contracts and fees, managing external resources, and coordinating insurance resources.
- Providing strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
- Creating information security and risk management awareness training programs for all employees, contractors and approved system users.
- communication, collaboration and coordination with the Global Data Protection Office
- Creating, communicating and implementing a risk-based process for vendor risk management, including assessment and treatment for risks that may result from partners, consultants and other service providers.
- Facilitating a metrics and reporting framework to measure the efficiency and effectiveness of the business function, facilitating appropriate resource allocation, and increasing the maturity of the information security infrastructure.
- Understanding and interacting with related disciplines to ensure the consistent application of policies and standards across all technology projects, systems and services, including, but not limited to, data privacy and security, risk management, compliance, information access and business continuity management.
- Interacting with clients and client service teams to ensure a level of understanding and confidence in FMCNA security and business records practices.
- Collaborating with Risk, Compliance, and Legal function to develop a high level of consistent, comprehensive and effective practices.
- The ideal candidate will be a thought leader in the area of information security and privacy and business record maintenance. Success in this role will depend on the ability to collaborate with a number of key constituents, both internal and external. He or she will be a consensus builder with a track record of integrating people and processes to drive a cohesive security strategy for a complex and diverse enterprise
- Assist with various projects as assigned.
- Other duties as assigned.
Additional responsibilities may include focus on one or more departments or locations. See applicable addendum for department or location specific functions.
PHYSICAL DEMANDS AND WORKING CONDITIONS:
- The physical demands and work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Ability to travel as needed (estimated at 50% to 70%)
- May be responsible for the direct supervision of various levels of staff.
- Bachelor’s Degree (Bachelor's Degree/University Degree and/or Undergraduate Diploma in Information Security, Information Technology, Computer Science, Engineering or Mathematics or equivalent experience)
EXPERIENCE AND REQUIRED SKILLS:
- 15+ years’ experience.
- 5+ years’ experience internal senior management level role (e.g., Vice President); or 5+ years’ external experience in a senior management level role.
- Mastery level understanding of information security concepts, principles and drivers
- Mastery level understanding of security, privacy, IT audit and legal security standards, guidelines and principles, including relevant US and global laws, regulations and policies related to Personal Health Information (PHI) and Personal Identifying Information (PII)
- Mastery level understanding of information technology within a large, highly-distributed organization
- Strong understanding of state of the art security technology and technical concepts
- Demonstrated ability to leverage advanced knowledge of a business structure and components of a product or service to identify current state for a project or endeavor; Ability to analyze gaps caused by change initiatives and determine potential opportunities
- Experience conducting and/or coordinating technical security scanning, penetration testing, social engineering testing, application security testing, mobile device security analysis, network security analysis/operations
- Experience with enforcing secure coding practices, threat modeling, identity and access management, and/or security incident response/recovery
- Industry-recognized information security management certifications such as: Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) desired
- Proficiency with common information security management frameworks
- Multiple years of successful leadership experience operating within a complex corporate or consulting organization preferably including experience in a health care organization
- Demonstrated ability to communicate effectively with stakeholders and customers regarding technical concepts
- Comprehensive understanding of strategic planning and program management
- High degree of personal integrity and ethics as well as a passion for securing data systems and networks
- Constantly striving for excellence using objective, transparent and agreed-upon standards
- Excellent written and verbal communication and presentation skills for leadership, technical and business audiences
- Exhibits strong leadership and management skills, business acumen, and the ability to build relationships to influence and drive change
- Prior knowledge and/or experience with budget management
- Superior analytical/problem solving ability; Superior critical thinking skills
- Strong ability to communicate across all levels of the organization
- Ability to work under constantly changing conditions and tight deadlines
- Ability to manage multiple goals and deadlines
EO/AA Employer: Minorities/Females/Veterans/Disability/Sexual Orientation/Gender Identity
Fresenius Medical Care North America
Dialysis services, products, pharmaceuticals, and associated therapies
Company Type: Public Company
Company Size: 10,001+