Oak Street Health is a rapidly growing, innovative company of community-based healthcare centers delivering higher quality health and wellness care that improves outcomes, manages medical costs and provides an unmatched experience for adults on Medicare in medically underserved communities. By providing holistic, comprehensive and integrated care right in our patients' communities, we can help keep them healthy and reinvest cost savings in further care for those same communities and others. Since 2013, Oak Street Health has brought its singular approach to tens of thousands of people across the nation. With an ambitious growth trajectory, Oak Street Health is attracting and cultivating team members who embody Oak Street values and are passionate about our mission to rebuild healthcare as it should be.

For more information, visit www.oakstreethealth.com.

Role Description:

The Chief Information Security Officer (CISO) is responsible for security strategy, security program oversight and security architecture development and implementation for the organization. The role covers all security technologies and services, physical and logical access control, and user profile management. The CISO also has responsibility for all data/information security policies, standards, evaluations, roles, and organizational awareness. The CISO will work closely with a security committee to ensure that technological and physical access controls and policies meet the organization data security requirements. The CISO is responsible for managing data and information risks related to product development, technology solutions, crisis management, data privacy and regulatory compliance. The role also directs the adoption and implementation of policies and procedures, manages cyber threat analysis activities and guides the development of the information security technical architecture and security standards, controls, procedures and guidelines for the computer platforms, applications and networks, including utilization of cloud technologies. The CISO is responsible for all security audits, internal, required by customers and governmental agencies.

Core Responsibilities:

• Work with Functional Areas to implement practices that meet defined policies and standards for information security.
• Coordinate information security and risk management projects with technology and operations groups as well as business teams.
• Provide strategic and tactical security guidance for all IT projects, including the evaluation and recommendation of technical controls.
• Direct the preparation activities to support HITRUST, SOC-2, SOX, customer and other audits.
• Develop, manage and improve a comprehensive information security risk-based program to ensure the integrity, confidentiality and availability of information assets.
• Develop an IT security architecture roadmap that will identify security controls, and identify and assess current and new technologies that will enforce the organization's security priorities.
• Develop, maintain, and promote information security policies, standards and guidelines.
• Ensure that controls comply with contractual obligations, corporate policies, and legal and regulatory requirements.
• Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.
• Define and facilitate the information security risk assessment process and work effectively with technology group in implementation of security measures.
• Provide strategic risk guidance and consultation for corporate IT projects, including the evaluation and recommendation of technical standards and controls.
• Establish and implement a process for incident management to effectively identify, respond, contain and communicate a suspected or confirmed incident.
• Identify, assess, and prioritize IT risks to data and systems, including external threats, cyber-crimes, internal threats and third-party risks. Advise relevant stakeholders on the appropriate courses of action to mitigate or eliminate risk.
• Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security or disaster event.
• Other duties as assigned.

What are we looking for?

• Bachelor degree in Information Security, Computer Science, Management of Information Systems, or related field required. Master's preferred.
• Minimum of 8 years of experience in a combination of risk management, information security and information technology fields. At least 4 years of experience in a senior leadership role. 
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
• Poise and ability to act calmly and competently in high-pressure, high-stress situations.
• Knowledge and demonstrated experience of relevant legal and regulatory requirements, such as HITRUST, SOC-2, SOX, HITECH, HIPAA Privacy & Security and other CMS regulations and guidelines.
• Knowledge of common information security management frameworks, such as NIST.
• Experience in dealing with internal / external auditors and senior company management.
• Strong process discipline in a continuous improvement environment. 
• Experience managing cost center and departmental financial functions like budgets, etc.
• Demonstrated capabilities in leadership, innovation, problem solving, influencing, organizing and relationship building.
• Strong interpersonal, written, and oral communication skills with all levels of staff.
• Someone who embodies being "Oaky."

What does being "Oaky" look like?

• Radiating positive energy
• Assuming good intentions
• Creating an unmatched patient experience
• Driving clinical excellence
• Taking ownership and delivering results
• Being scrappy

Why Oak Street?

Oak Street Health offers our coworkers the opportunity to be at the forefront of a revolution in healthcare, as well as:

• Collaborative and energetic culture
• Fast-paced and innovative environment
• Competitive benefits including paid vacation and sick time, generous 401K match with immediate vesting, and health benefits

Oak Street Health is an equal opportunity employer. We embrace diversity and encourage all interested readers to apply to oakstreethealth.com/careers.