Performant Corporation is an Equal Opportunity Employer (Minorities/Females/Disabled/Veterans).

Start Over with Job Search
Returning Applicant?  Login Now

Sr. Director, Information Security Officer (ISSO)
Job Code:2018-10-1R-005
Location:Remote - Livermore, CA
Status:Regular Full Time
The Sr. Director of Information Security ISO is the company Information Security Officer (ISO), and is responsible for establishing, monitoring and enforcing information security/security standards and policies company-wide. S/he is also responsible for the development and maintenance of company-wide information security strategies, including information security investments/capital planning, and overseeing the execution of plans reporting to Sr. Leadership. Oversees the creation and maintenance of information security policy, leads on-going company-wide security risk management, risk assessment and status reporting efforts, and is responsible for the creation and roll-out of security awareness and training programs Company-wide. The ISO advises Sr. Leadership and collaborates with the VP Technology and other executive’s through-out the Company who are responsible for directing projects for application, network and systems security, as well as other functional areas across the company. Responsible for review and direction of information security audit and regulatory compliance. Is charged with the responsibility for building an accountable, information security-conscious culture and a system security infrastructure built on high quality standards backed-up by effective operational procedures as well as regular status monitoring and reporting activities.

•Exercises the usual authority of a manager related to all budgetary and human resources issues including staffing, performance management, coaching, training, development, and recommendations for promotions, salary reviews and terminations. Ensures procedures and assigned staff are in compliance with contract requirements, federal, state, and local regulations, and company policy.  
•Serves as an advisor to senior management in the development, implementation and maintenance of a company-wide information security/security infrastructure, which ensures best practice control objectives for system integrity, availability, confidentiality, accountability and assurance within the context of the company's risk tolerance as set by senior management.
•Develops strategic plans for information security aligned with the company’s business and strategic initiatives.
•Develops and maintains information security capital budget and resources and evaluates the ROI of information security investments to meet business needs while balancing continuous improvement/efficiencies and expense control.
•Develops, implements and publishes information security standards, polices and guidelines.
•Leads the company’s interaction and subsequent response to all 3rd party information system audits whether in conjunction with client ATO (Authority to Operate) or in the evaluation of company systems and processes for new client engagements.
•Ensures the information security management program is in compliance with applicable laws, regulations, contractual requirements, and policies to minimize or eliminate risk and address audit findings.
•Monitors information security/security trends and evolving technologies. Researches, evaluates, designs, tests, and recommends new or updated information security hardware or software, and analyzes its impact on the existing environment; providing technical and managerial expertise for the administration of security tools. 
•Collaborates effectively with Information Technology teams in the design, development, implementation, and problem resolution regarding security architecture and related projects and initiatives for company-wide protection.
•Serves as the subject matter expert and consultative partner to technology peers and executive management on a broad range of information security standards and best practices e.g. the ISO/IEC 27000 series, the NIST Computer Security Division Special Publications (NIST800-53)and Federal Information Processing Standards (FIPS-200), the Payment Card Industry Data Security Standard (PCIDSS),Health Insurance Portability and Accountability Act (HIPAA), and offers strategic and tactical security guidance for all relevant Company projects, including the evaluation and recommendation of technical controls.
•Consults with executive management to determine acceptable levels of risk for the enterprise through the implementation of an Information Security Steering Committee.
•Oversees incident response planning and management of security incidents and events to protect corporate assets (e.g. information, critical infrastructure, intellectual property, and reputation), such duties to include overseeing the investigation of security breaches and assisting Human Resources and Corporate Counsel with disciplinary and legal matters associated with such breaches.
•Protects the integrity, confidentiality, and availability of information in the custody of or processed by the company and subcontractors.
•Conducts regular and ongoing monitoring of and reporting on Company-wide compliance with information security/security standards and policies.
•Effectively builds, leads, and drives continuous development of an effective and collaborative information security team, ensuring focus and delivering results on initiatives aligned with company priorities.
•Ensures requirements for ongoing training for Information Security roles are planned and completed.
•Additional responsibilities may be assigned, as required, by management
•Adheres to all company, departmental and client policies, procedures and requirements. Maintains clearances and licenses as required for position based upon assignment. 
•Completes assigned training on time and with acceptable scores. Demonstrates understanding of training materials and applies knowledge in appropriate situations.
Required Skills and Knowledge:
•Strong ability to work collaboratively with various technology and business leaders to mutually achieve business and security goals.
•Excellent written and oral communication skills.
•Broad healthcare and collections industry understanding and knowledge of security approaches that support the operational processes.
•Comprehensive knowledge of government and regulatory agencies policies/procedures from a security and audit perspective.
•Knowledge of technological trends and developments in the area of information security and risk management

Physical Requirements
•Performs duties in a busy standard office environment with moderate noise level
•Sits or stands at a desk during scheduled shift, reaching as needed to use office equipment.
•May make and return calls using an office phone system; 
•Views a computer monitor, types on a keyboard and uses a mouse. 
•Reads and comprehends information in electronic (computer) or paper form (written/printed). 
•Types frequently, but not constantly, using a keyboard and mouse. 
•Occasionally lifts/carries/pushes/pulls up to 10lbs
•Travel as required to meet business needs which may be approximately 10-15%
Education and Experience:
•Experience with current IT security technologies
•Experience working with the U.S. Federal government, preferably with the Department of Education, Department of Treasury and with the Centers for Medicare and Medicaid Services (CMS)
•Experience partnering with business groups and leadership on client contractual requirements and responses from RFI/RFQ through implementation and ongoing change as it relates to information security
•Experience building and leading effective information security teams
•Experience building and managing capital and expense budgets for information security infrastructure and resources, balancing available budget, compliance requirements and business priorities.
•Bachelor's degree or equivalent experience in an information technology discipline with more than 10 years of experience in the information security field, which must include experience managing a staff of security personnel.
•Professional information security certification, e.g. Certified Information Security Manager (CISM) desireable
•Certified Information Systems Security Professional (CISSP) desirable