Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Chief Security Officer

Maestro Health

Chief Security Officer

Chicago, IL
Full Time
Paid
  • Responsibilities

    U.S. healthcare today is confusing, inefficient, and expensive. Maestro Health is on a mission to change that.

    Our team of Maestronites (yep, that's what we call ourselves) is revolutionizing not only the way we view health and benefits but also the way we live with our benefits. We're a team that takes our work (but not ourselves) seriously and loves the occasional Seinfeld reference—just Google “the Maestro Seinfeld episode” and you'll see why we chose our name. We're owned by AXA and we're growing fast. Really fast. So, we're looking for hard-working, talented, passionate, and like-minded people who want to join us on our mission. Sound like a team you'd love to join? Good news for you: we're hiring.

    WHAT YOU'LL BE DOING:

    The CHIEF SECURITY OFFICER (CSO) AT MAESTRO HEALTH REPORTS TO THE CHIEF LEGAL OFFICER AND OVERSEES, MANAGES, AND COORDINATES ALL FUNCTIONS RELATED TO ENTERPRISE Physical Security, Information Security, and Business Continuity Programs. The purpose of this role is to protect our employees, customers, and shareholders by ensuring the security and safety of Maestro Health assets managed either directly by Maestro Health or by a third party on its behalf.

    The CSO establishes vision, policies, strategies, and execution framework for operating, measuring, improving and scaling these programs.  The CSO will be a business-minded leader with demonstrated leadership and technical capabilities in companies over $500M in size and that operate in regulated industries.

    The CSO will define and implement strategies that assess and facilitate control improvements on a risk priority basis for all Maestro Health locations, business functions, and its technology portfolio.  This will be accomplished by establishing key relationships and strong partnerships within the organization and with external partners.  These perspectives will enable the CSO to review and evaluate the level of protection, access, and resource allocation when developing budgets, plans, and deploying resources across the company.

    WHAT SUCCESS LOOKS LIKE:

    Policy and Governance

    • Develop policies and collaborate on standards, procedures, and tool decisions.
    • Develop and mature security and operational resilience frameworks to ensure the business and technology portfolio are protected against significant and likely threats.
    • Oversee and manage governance processes including developing program status reporting for internal and Board of Directors visibility.
    • Review and develop approaches that ensure compliance with regulatory frameworks.

    Engineering and Design

    • Assist and collaborate with business and technology teams to develop and implement security and resiliency architectures, standards and controls for business processes and the technology portfolio both internally and for third-party relationships.
    • Educate the organization on emerging strategies and champion innovative, cost-effective solutions that accelerate program maturity.
    • Collaborate to ensure Maestro Health's proprietary and third-party products and services are designed and implemented to meet control expectations.

    Process Ownership and Execution – including analysis, measurement, and reporting.

    • Lead and coordinate business continuation/resilience planning, testing, measurement, and reporting.
    • Collaborate and advise the technical recovery and resilience program.
    • Conduct and maintain business impact assessments for enterprise business systems and processes.
    • Develop and manage awareness programs to promote best practices and ensure all employees and third parties are aware of security and resilience practices and responsibilities.
    • Develop and oversee incident response management including managing and directing response efforts for security and business interruption events.
    • Lead threat management to include internal and external threat monitoring, assessment, information dissemination, and action planning to address identified risks.
    • Conduct risk assessments including logical and physical security posture and testing programs.
    • Collaborate with internal and external parties on investigative matters, including internal audit teams.
    • Review and consult on access and identity management processes.
    • Assess third-party security and resilience risks across the supplier and partner ecosystem, integrating results with business impact assessments, and enforcing third-party compliance and improvements.

    WHAT YOU NEED:

    • Bachelor's degree in computer science or related discipline and/or equivalent business experience.
    • 10+ years of previous experience in cyber-security, risk, audit, and/or control-related disciplines. Previous experience as a CISO or CSO is desired.
    • Experience managing budgets up to $5M and administrative management and team development of at least 10 staff.
    • Security, Business Continuity, and/or risk and control certifications a plus (CISM, CISSP, PSP, CBCP, or equivalent).
    • Direct experience in technical security architecture and design and/or managing teams that perform these functions including full-stack technology architectures (infrastructure through applications) both on-premises and cloud-based.
    • The proven track record for developing, managing, improving, and scaling risk and control functions.
    • Ability to operate in a nimble, growth-oriented, fast-moving, and complex environment while focusing on risk-appropriate safeguards and negotiating conflicting demands.
    • Excellent written and verbal communications with the ability to communicate across a range of stakeholders to collaboratively influence consensus and results.
    • Results-focused using a risk and reward tradeoff approach, compromising as appropriate across the risk continuum.
    • Sets ambitious, but realistic goals for operating and control improvements.
    • Works across key stakeholders to achieve goals overcomes obstacles and plans contingencies.
    • Exhibits a strong sense of urgency and bias for action.
    • Direct experience operating in a variety of regulatory and security compliance frameworks such as HIPAA, PCI, GLBA, ISO, NIST, HITRUST, SOC, SSAE, or similar.
    • Strong experience in managing third-party relationships

    WHY WORK AT MAESTRO HEALTH?

    • Personal, Vacation and Sick Time
    • Medical and Prescription
    • Dental
    • Vision
    • Life and Disability
    • Health and Wellness programs
    • 401k with Employee Match
    • Figo – Pet Insurance
    • Kashable

    We have great perks in each of our offices, along with a fun, energetic, and fast-paced environment, and WHAT WILL REALLY DRIVE YOU IS OUR VISION. Maestro Health is making employee health & benefits people-friendly again by making healthcare easy to understand, tools easy to use, and costs easy to control. We are aiming to become a household name within the employee health & benefits space.

    We can't do that without great people. We want to hear “WOW! That was the best job and business experience I ever had!” from every Maestronite – past, present, and future. You should be personally challenged, laugh, work your tail off, and look forward to coming to work.

    ARE YOU READY TO BECOME A MAESTRONITE? LET'S DO THIS.

    Maestro Health is an equal opportunity workplace.  We are committed to equal opportunity regardless of race, color, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, or veteran status.