Ciso

Position Summary:

The Chief Information Security Officer will lead the team of security staff responsible for the internal and external security for AHCO in both cyber and physical. s. Responsible for identifying, evaluating, and reporting on physical and information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk position of the AdaptHealth. Works with key IT offices, data custodians, governance groups, and business and other key stakeholders in the development of security and application policies and best practices. 

Essential Functions and Job Responsibilities:

• Facilitates and manages the development, modification, and operation of security protocols that protect physical locations, employees, and information assets
• Establish and govern overall performance management framework to objectively measure risk, compliance, and threat vulnerabilities across all internal and external parties
• Establishes annual and long-range security and compliance goals; defines security strategies, metrics, reporting mechanisms, and services for continual program improvements
• Establish information security policies and procedures and oversees the effective dissemination of policies, standards, and procedures to the organization
• Conducts periodic audits and due diligence checks of security protocols, evaluating systems for vulnerabilities.
• Recommends modifications to security protocols as required.
• Develops and/or provides training and guidance on acceptable use, risk management, incident response, and security protocols to employees.
• Periodically briefs senior management on status of security system and protocols.
• Establishes external relationships to understand evolving threats, networks with broader cybersecurity industry leaders representing AdaptHealth
• Functionally responsibility to lead and establish an integrated physical and cyber security program, associated capabilities, tools, and services to identify, protect, monitor, detect, respond, and report.
• Ensures that monitoring operations comply with all applicable government regulations and standards.
• Maintains current knowledge of emerging security threats, technical challenges, and developments in system protection and IT security standards.
• Maintain patient confidentiality and function within the guidelines of HIPAA.
• Completes assigned compliance training and other educational programs as required.
• Maintains compliant with AdaptHealth’s Compliance Program.
• Performs other related duties as assigned.

Management / Supervision: 

• Responsible for selection and hiring of qualified staff, ensuring an effective on-boarding, and providing comprehensive training and regular feedback 
• Accomplishes staff results by communicating job expectations; planning, monitoring, and appraising job results; coaching, counseling, and disciplining employees; developing, coordinating, and enforcing systems, policies, procedures, and productivity standards 
• Establishes annual goals and objectives for the department based on the organization’s strategic goals 
• Responsible for achieving organizational performance and retention goals, including timely completion of performance evaluations 

Competency, Skills and Abilities:

• Excellent management and leadership ability.
• Demonstrated problem-solving and analytical skills.
• Excellent verbal and written communication skills.
• Proficient experience in information security auditing, risk assessments, compliance, analysis, and engineering.
• Excellent analytical skills, the ability to manage multiple projects under strict timelines, and the ability to meet overall objectives while working well in a demanding, dynamic environment.
• Project management skills including financial/budget management, scheduling, and resource management.
• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.

Education and Experience Requirements:

• Bachelor’s degree in Computer Science, Information Management, or equivalent; Master’s degree preferred.
• Fifteen (15) years of experience with a combination of risk management, information security, and information technology experience. At least four must be in a senior leadership role.
• Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or similar credentials.

Physical Demands and Work Environment:

• Work environment will be stressful at times, as overall office activities and work levels fluctuate
• Must be able to bend, stoop, stretch, stand, and sit for extended periods of time
• Subject to long periods of sitting and exposure to computer screen
• Ability to perform repetitive motions of wrists, hands, and/or fingers due to extensive computer use
• Metal ability to lead others and change processes in a fast-paced work environment
• Must be able to lift 30 pounds as needed
• Excellent ability to communicate both verbally and in writing
• May be exposed to angry or irate customers or patients
• Must be able to travel as needed
• Ability to effectively communicate both verbally and written with internal and external customers with the ability to demonstrate empathy, compassion, courtesy, and respect for privacy.