Chief Information Security Officer

Save to Favorites

Human Health Project (HHP)’s has a three- pronged foundation: Holistic Peer-to-Peer Information, Education and Support. Our objective is to empower people to manage their own health with improved outcomes and no medical errors. For more information, please visit our website including viewing our Real World Data program page which includes 50 pages of reports on our Migraine and Lupus pilot programs and feedback received from people who reviewed the reports in the section, "What Our Members are Saying" https://humanhealthproject.org/hhp-real-world-data-program/

Job Overview:
HHP is looking for a volunteer Chief Information Security Officer to join a mission driven non-profit organization. This position requires a security professional that is hands-on, as well as a strategist that will develop and lead HHP’s Cybersecurity Program and team. The CISO will partner with HHP’s CTO/CIO.

Responsibilities:

• Develop, implement and monitor a strategic, comprehensive information security and IT risk management program
• Responsible for authoring and performing periodic reviews of the Cybersecurity Policy and related Standard Operating Procedures designed to protect company communications, systems, and assets from both internal and external threats
• Responsible for overseeing and performing periodic system access control and security configurations
• Work directly with business units to facilitate risk assessment and management process
• Align with information security management framework (i.e., ISO 27001 and NIST)
• Lead the Privacy & Security Council monthly meetings to ensure the consistent application of policies and standards across all security projects, systems, and services
• Lead the Incident Response Process
• Responsible for managing security monitoring and reports
• Partner with business stakeholders to raise awareness of risk management concerns
• Assist with the overall business technology planning, providing a current knowledge and future vision of our security program
• Provide leadership to the information security organization
• Recruit and train additional volunteers to build out the security team
• Assign and oversee the daily tasks of security personnel while ensuring all direct reports are actively working toward established milestones
• Determine and define clear deliverables, roles, and responsibilities for staff members required for specific projects or initiatives
• Hold regular security team and 1-on-1 meetings to determine progress and address any questions or challenges regarding projects and tasks
• Manage relevant systems/tools used by the security team (i.e., HostedScan, Coalition, WPScan, Detectify, etc.)
• Work in a multidisciplinary team with other professionals
• Make suggestions for improvements and work with colleagues to gather user feedback
• Assist in managing and ensuring the implementation of the Cybersecurity Awareness and Training Program

• Hands on security professional that leads by example
• Degree in business administration or a technology-related field
• Professional security management certification a plus
• Prior work experience in healthcare & life sciences sector is a plus
• Minimum 2 years of experience in a combination of risk management, information security, and IT jobs
• Knowledge of Infosec management frameworks (i.e., ISO/IEC 27001, and NIST)
• Knowledgeable with Open Web Application Security Project (OWASP)Excellent written and verbal communication skills and high level of personal integrity
• Experience with Learning Management Systems (LMS)
• Experience with contract and vendor negotiations and management
• Experience with Cloud computing/Elastic computing across virtualized environments
• Understanding of HIPAA, GDPR, and HITRUST
• Excellent time management and organizational skills
• Strong sense of personal accountability regarding decision-making
• Strong analytical thinking and problem-solving skills
• Sense of ownership and pride in your performance
• Fast and reliable internet connection
• Team player

• General knowledge with software development teams
• Working knowledge of systems/tools: Trello, Google Workspace, Slack, Zoom