We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Mercy Health Corporation jobs

Senior Director and Chief Information Security Officer

Mercy Health Corporation
$152,113.70/Yr - $243,381.92 /Yr.
vision insurance, paid time off, retirement plan
United States, Wisconsin, Janesville
580 N Washington St (Show on map)
May 16, 2025
Overview

The Mercyhealth Sr. Director and Chief Information Security Officer (CISO) is responsible for establishing and maintaining the vision, strategy and program to ensure information assets and technologies are adequately protected across the entire Mercyhealth organization. The individual will be part of the Digital and Technology Solutions leadership team. Reporting to the VP/Chief Information Officer, the individual will be responsible for technology security across the entire continuum. As a member of the office of the CIO (OCIO), collaborates and interacts with all OCIO council members regarding operational, financial, legal, program management, audit services and special project planning. A key responsibility will be collaborating with key business and IT leaders to develop security policies, standards, guidelines, and procedures to ensure the confidentiality, integrity, and availability Mercyhealth' s systems and data. The individual will interact at the executive level with third party organizations that provide services to Mercyhealth to ensure the security and IT resiliency needs of Mercyhealth are being met.


Responsibilities

Essential Duties and Responsibilities

  • Develop Security Program. Provide leadership in the development and implementation of a complete information technology security program for Mercyhealth. The security program will encompass the protection of data and technology assets internal to the enterprise as well as with third party services providers.
  • Polices and Procedure. Oversee the development, implementation and maintenance of policies and procedures across the organization to reduce information and information technology risk. Such policies and procedures will include security access and controls, data management, and incident handling and reporting.
  • Security Initiatives. Work with executives and governing bodies to prioritize security investments based on risk analysis. Oversee teams responsible for the delivery of approved initiatives.
  • Security Test / Audit. Evaluate and improve the effectiveness of all implemented security measures and procedures. Leverage penetration and vulnerability testing and conduct internal audits.
  • Risk Assessments. Develop and implement a Risk Assessment Program which will define, identify, and classify critical assets, assess threats and vulnerabilities regarding those assets and implement safeguard recommendations.
  • Audit Support. Provide support for external audits, including planning, review of findings, and assistance with remediation needs.
  • Incident Response. Ensure the development and implementation of Information Security and other IT related disasters that could impact business operations and an Incident Handling program, including a detailed Security, Disaster Recovery and Business Continuity Incident Response plan.
  • Forensics. Ensure that there are appropriately trained internal resources in the field of IT forensics, as well as aligned external forensics expert resources to leverage as needed.
  • Security Standards. Oversee the development of identification, authentication and access control standards balancing operational needs with regulatory requirements and data protection best practices.
  • Innovation - While utilizing current technologies to protect the organization from the possibility of data breaches, the CISO needs to prepare the organization for future threats.
  • Leadership - Strong leadership and team development is critical to success in this position.
  • Regulatory Compliance. Consistently keep aware of IT security regulatory requirements and changes impacting our organization. Ensure that the Security Program keeps Mercyhealth in a compliant state. Monitor and report on compliance status.
  • Education/Security awareness. Develop training materials and communications to educate all associates on matters of Information Security. Present to and update executive leadership on strategies, successes, and challenges in the area of Information Security.

Culture of Excellence Behavior Expectations

To perform the job successfully, an individual should demonstrate the following behavior expectations:

Quality - Follows policies and procedures; adapts to and manages changes in the environment; Demonstrates accuracy and thoroughness giving attention to details; Looks for ways to improve and promote quality; Applies feedback to improve performance; Manages time and prioritizes effectively to achieve organizational goals.

Service - Responds promptly to requests for service and assistance; Follows the Mercyhealth Critical Moments of service; Meets commitments; Abides by MH confidentiality and security agreement; Shows respect and sensitivity for cultural differences; and effectively communicates information to partners; Thinks system wide regarding processes and functions.

Partnering - Shows commitment to the Mission of Mercyhealth and Culture of Excellence through all words and actions; Exhibits objectivity and openness to other's views; Demonstrates a high level of participation and engagement in day-to-day work; Gives and welcomes feedback; Generates suggestions for improving work: Embraces teamwork, supports and encourages positive change while giving value to individuals.

Cost - Conserves organization resources; Understands fiscal responsibility; Works within approved budget; Develops and implements cost saving measures; contributes to profits and revenue.

Education and Experience

*3+ years security leadership required.
*7+ full-time experience in information systems security planning, auditing, design, testing, implementation, and maintenance required.
*Experience with National Institute of Standards and Technology (NIST) required.
*Thorough knowledge of healthcare privacy and information security policies, procedures, regulations, and laws.
*Working knowledge of information systems and related technologies such as data networking, end-user applications, data center operations, customer support, general IT controls and processes, server and PC hardware, operating systems, monitoring tools, encryption, and wireless networking.
*Healthcare experience preferred.

Certification and Licensure

*CISSP certification required.
*Certified Information Systems Auditor (CISA) preferred.
*Other relevant certifications such as Certified in Healthcare Security (CHS) and Certified Security Compliance Specialist (CSCS) preferred.

Special Physical Demands

The Special Physical Demands are considered Essential Job Functions of the position with or without reasonable accommodations.
While performing the duties of this Job, the employee is regularly required to talk or hear. The employee is frequently required to sit. The employee is occasionally required to stand; walk; use hands to finger, handle, or feel and reach with hands and arms. The employee must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, peripheral vision, depth perception and ability to adjust focus.

Level of Supervision

Responsibilities include interviewing, hiring, and training employees; planning, assigning, and directing work; appraising performance; rewarding and disciplining employees; addressing complaints and resolving problems; employee adherence to annual education and certification requirements

Supervises

Directly supervises members of the information security team. Supervisory responsibilities are conducted in accordance with directives of management, the organization's policies, and applicable laws.


Benefits

Mercyhealth offers a generous total rewards package to eligible employees including, but not limited to:

* Comprehensive Benefits Package: Mercyhealth offers a retirement plan with competitive matching contribution, comprehensive medical, dental, and vision insurance options, life and disability coverage, access to flexible spending plans, and a variety of other discounted voluntary benefit options.

* Competitive Compensation: Mercyhealth offers market competitive rates of pay and participates in various shift differential and special pay incentive programs.

* Paid Time Off: Mercyhealth offers a generous paid time off plan, which increases with milestone anniversaries, to allow employees the opportunity for a great work-life balance.

* Career Advancement: Mercyhealth offers a number of educational assistance programs and career ladders to support employees in their educational journey and advancement within Mercyhealth.

* Employee Wellbeing: Mercyhealth has a focus on wellbeing for employees across the organization and offers a number of tools and resources, such as an employer-sponsored health risk assessment and a Wellbeing mobile application, to assist employees on their wellbeing journey.

* Additional Benefits: Mercyhealth employees have access to our internal and external employee assistance programs, employee-only discount packages, paid parental and caregiver leaves, on-demand pay, special payment programs for patient services, and financial education to help with retirement planning.

Applied = 0
MORE JOBS LIKE THIS

(web-7fb47cbfc5-rmspx)