Job Information
NantHealth, Inc. VP, CISO, Systems & Engineering in Philadelphia, Pennsylvania
Reference #: R2300 Are you ready to link your passion with a purpose? At NantHealth, we build technology that simplifies healthcare. We manage the data and decisions that help the healthcare industry deliver better patient care.NantHealth's products target specific pain points that inhibit healthcare from reaching its full potential. Our payer-provider collaboration solutions increase operational efficiency, unlock savings, and enhance communications. Our treatment plan validation capabilities help payers better manage costs for oncology and autoimmune conditions. We're seeking innovative thinkers who love doing meaningful work. If you're looking to bring your skills and expertise to a growing technology company, it's time for you to join us!
To ensure we can provide the best in healthcare tech, we focus on building the best team. Through holding true to our core values - clarity, empathy, collaboration, integrity, a sense of community, and a pioneering approach - we are creating a vibrant culture where ideas can blossom, people can thrive, and success can flourish.
NantHealth is seeking their next VP, Chief Information Security Officer (CISO) to lead the information security and risk management program. In this role, you have a primary responsibility to identify and anticipate areas of risk, and develop a comprehensive global enterprise and product security strategy and creating a culture of Cybersecurity by working with Product, Engineering, IT, Internal Audit, and Business Leadership.
Our ideal candidate will lead all aspects of information security, application security, corporate security, security operations, and technology risk and compliance. You will partner with various teams to develop, implement, maintain, and continually improve the strategic and risk-based Information Security, Data Privacy, and Risk & Compliance programs. As CISO, you must be knowledgeable about both internal and external business environments and ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory and contractual obligations. In addition to protecting NantHealth assets, you share accountability with other Senior Business leaders to ensure NantHealthclients information and assets are protected.
Responsibilities include, but are not limited to:
Lead the information security function across the company to ensure consistent and high-quality information security management in support of the business goals. Set the vision and strategic direction for the Information Security and Risk Management program that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensure senior stakeholder buy-in and mandate. Conduct a thorough evaluation of our security posture, identify gaps, and set priorities, then create and execute a security program. Lead security assessment and testing processes, including but not limited to penetration testing, vulnerability management, and secure software development at a global level. Lead the development of security initiatives and policies to mitigate risks to the organization, its brands and reputation as the result of adverse incidents.Plan for and manage incident response plans while minimizing the effect on the business. Be responsible for the design and architecture of security systems and controls. Supervise the governance of security policies and security controls. Support compliance activities including external audits and regulatory compliance projects. Manage relationships with external information security technology vendors and specialized information security professional services firms. Work with the internal business partners to ensure that information security requirements are included in contracts by liaising with vendor management and procurement organizations. Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of t e information security program, facilitate appropriate resource allocation, and increase the maturity of the information security, andprovide regular reporting on the current status of the information security program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program. Build and nurture external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks. Represent the company in regulatory engagements and liaise with the enterprise application teams to build alignment between the security and enterprise architectures, thus ensuring that information security requirements are implicit in these architectures and security is built in by design. Work with the compliance staff to ensure that all information owned, collected, or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy. Define and facilitate the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings. Ensure that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines and implementing security tooling and automation efforts across the organization. Interpret applicable regulatory obligations and translate them into action.
Education & Experience Requirements:
Degree in business administration or a technology-related field required.
Professional security management certification
Minimum of eight to 12 years of experience in a combination of risk management, information security and IT jobs
Minimum 5 years of previous experience in a senior leadership role, including salaried direct-reports
Knowledge, Skills, and Abilities:
Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.
Excellent written and verbal communication skills and high level of personal integrity
Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
Experience with contract and vendor negotiations and management including managed services.
Specific experience in Agile (scaled) software development or other best in class development practices.
The salary range for remote US-based applicants for this position is below. The specific rate will depend on the successful candidate's qualifications, prior experience as well as geographic location. $170,000 - $230,000 base salary, plus bonus potential.
We value each of our employee's total wellness. From robust medical, dental, and vision insurance, to financial planning assistance, to physical and mental wellness discounts, including an optional annual subscription to the Headspace app and unlimited access to LinkedIn Learning, we understand that our company succeeds when our employees succeed as individuals.
Additional notable benefits include: Paid Time Off (hourly) / Flex Time Off (salaried) programs for Full Time employees Growth and Development opportunities 401(k), including a 3% company match Paid Holidays Paid Parental Leave, including a flexible return-to-work program Employee Assistance Program Discounts on popular cell phone plan providers Life & Disability Insurance Travel Assistance Education Assistance Program And much more!
NantHealth is a mandatory vaccinat