Position Description:
FCSO is an Equal Employment/Affirmative Action Employer
The primary business of First Coast Service Options, Inc. is administering programs that serve Medicare beneficiaries. We focus on customer service, continuous improvement, and compliance. Our employees are committed to living by the values: The right things, the right way.
The Corporate Information Security Official (CISO) is the top information security role in the Company responsible for protecting information and privacy for its employees and customers. The CISO will design, implement and manage a successful information security management system (ISMS) by establishing a security strategy and achieving goals consistent with the Company’s strategic and business objectives. This role will ensure ISMS compliance with federal, statutory, contractual and customer requirements. The CISO will provision and manage resources necessary to direct and enforce all aspects of the ISMS features, including but not limited to access control, monitoring, media protection, configuration management, incident response, etc., and report significant issues to key stakeholders (leadership, customers, shareholder, etc.) in accordance with reporting requirements.
• Lead and manage information security resources, including the security team, vendors, contractors and subcontractors.
• Fulfill the key personnel role of Systems Security Officer, as defined in the Company’s CMS contracts.
• Lead and manage all aspects of the ISMS features, including but not limited to access control, monitoring, media protection, configuration management, incident response, etc., and report significant issues to key stakeholders (leadership, customers, shareholder, etc.) in accordance with reporting requirements.
• Define security objectives to safeguard the Company’s assets and equipment, intellectual property, computer systems and human resources.
• Define and communicate ISMS goals, objectives and metrics and the ISMS environment for operational management.
• Develop, implement and manage the Company’s information security policy and procedures consistent with the ISMS. Specifically, physical protection responsibilities will include asset protection, access control systems, etc. Information protection responsibilities will include network security architecture, network access and monitoring policies, employee education, training and awareness.
• Define and manage relationships with other organizations, such as the Company’s shareholder, vendors, contractors and subcontractors.
• Serve as a member of the Enterprise Risk Management Committee (ERMC) and participate as a subject matter expert regarding information security initiatives.
• Maintain relationships with key officials and colleagues in government agencies (CMS, OIG, etc.), and effectively interact with external auditing firms.
• Coordinate incident response planning, security-related investigations and associated disciplinary and legal matters, in collaboration with the Compliance Officer and General Counsel.
• Collaborate with the Risk Management office on business continuity and disaster recovery planning.
• Continuously evaluate ISMS compliance with requirements set forth by customers, as well as federal, statutory and contractual requirements, including CMS core security requirements, through testing, auditing, etc.
• Report vulnerabilities and provide feedback to executive leadership and management.
• Ensure technical and operational security controls are incorporated into new systems and applications through participation in business planning groups and the review of new systems, installations and other major changes.
• Ensure ISMS requirements are included in RFPs, contracts and subcontracts.
• Perform ISMS risk assessments and develop and implement appropriate mitigation strategies, contingency plans and compensating controls.
• Ensure that effective System Security, IT Systems Contingency and disaster recovery plans are in place and tested.
• Manage and enforce all aspects of the ISMS features, including but not limited to access control, monitoring, media protection, configuration management, incident response, etc., and report significant issues to key stakeholders (leadership, customers, shareholder, etc.) in accordance with reporting requirements.
• Provide advice and assistance to internal personnel and external entities (subcontractors, contractors and vendors) concerning the security of information and critical data processing capabilities.
• Manage an inventory of all major information systems and update annually or as major changes occur.
• Measure and report progress against ISMS goals and objectives.
To Apply Visit First Coast Service Options, Inc.
Qualifications:
• Bachelors or Masters Degree in IT field, e.g., Computer Science, Information Systems Management, Information Security, etc.
• Ten (10) years of managerial experience in computing or related technology areas, of which 5 years must be high-level information security strategy and operations.
• Must demonstrate excellent verbal and written communication skills.
• Extensive experience with data and computer security.
• Professional certification – Certified Information Systems Security Professional (CISSP)
• Prior experience as a CISO in an organization with federal government contracts.
• Oversight of IT Audit and Compliance functions
• Working knowledge of the following:
o BPSSM (Business partner system security manual)
o CMSR (CMS minimum security requirements)
o DISA STIG (defense information system agency security technical implementation guide)
o CMS Section 912 Audits
o CFO Audits
o FISMA assessments
o HIPAA
o CFACTS (CMS FISMA controls tracking system)
o SSP (system security plan)
o Business Continuity Planning
o Disaster Recovery
Article source: http://jobview.monster.com/Corporate-Information-Security-Official-Job-Jacksonville-FL-US-108177936.aspx
View full post on National Cyber Security