This listing has expired and therefore is not publicly viewable.

Chief Information Security Officer
Company Highmark Health
Location Remote
Preferred GIAC Certifications GSLC, GSTRT
Travel 0%
Salary Not provided
Contact Name Highmark Recruiter
Contact Email careers2/at/
Expires 2023-03-20

Job Description


This position is responsible for connecting business processes and policy directives with technically sound Security and Governance measures to drive down risk and increase awareness throughout Highmark, it’s subsidiary operations and provider groups. The Chief Information Security Officer (CISO) is a member of Highmark’s governance structure (including leadership from Audit, Legal, Privacy, Corporate Security, HR, Business Continuity and and Risk Management) and is accountable for partnering with them while developing, communicating and executing a comprehensive security strategy aligned with the business strategy and supported through Executive sponsorship. The CISO maintains oversight responsibility for all matters pertaining to enterprise information security, while balancing security needs with strategic business plan, identifying risk factors and determining solutions. The CISO plays a critical role in the following activities: facilitating/consulting mergers/acquisitions/divestitures, preserving reputation and brand, improving IT and operational efficiencies, achieving compliance with corporate policies and regulations and protecting intellectual property. The CISO is accountable to operationalize functions that include, security oversight, security engineering, security operations, security risk management, security compliance management, IT business continuity and IT disaster recovery.


Balances security needs with strategic business plan, while identifying risk factors and determining solutions. Maintains oversight responsibility for all matters pertaining to enterprise information security.

Monitors industry trends and regulations. Interprets impact on organization and enacts security policies and procedures that provide business operations protection and meet core business requirements.

Represents organization with respect to inquiries from customers, partners, regulators and the general public regarding security strategy.

Oversees the selection, testing, deployment and maintenance of security hardware and software products, as well as outsourced arrangements

Plans, prepares and tests responses to security events and business disruptions.

Develops monitoring procedures to ensure risks to environments can be monitored. Develops and champions education awareness campaigns to both business and technical functions to foster a security conscious culture across the organization.

Responds to security threats and breaches.

Other duties as assigned or requested.



Bachelor’s Degree
10 years of experience of administrative aspect of IT production support systems
10 years’ experience in consulting, professional services or Health Care Security
5 years of experience with SSAE 16, Gramm-Leach –Bliley and Sarbanes-Oxley, NIST or ISO
5 years of experience with a GRC tool
5 years as a CISSP (Certified Information System Security Professional)


Master’s degree
4 years of HIPAA experience

Knowledge, Skills and Abilities

Strong background in security frameworks, IT application of security frameworks, security software tools

Relationship Management -- develop, influence and nuture trust-based relationships between business units and IT

Creative Problem-Solver to aid competitiveness and act as a positive change agent

Excellent written and interpersonal communication skills

Ability to align IT with strategical business needs and act proactively

Strong financial analytical skills are required.