Chief Information Security Officer (CISO)

Full Job Description

The Department of Behavioral Health and Developmental Disabilities (BHDD) seeks an experienced Chief Information Security Officer (CISO) that specializes in IT risk management and cybersecurity.

This position will be onsite in BHDD Headquarters, State of South Carolina Health Campus, 400 Otarre Parkway, Cayce, SC 29033.

Most of your time will be spent with the BHDD security team and you will participate in a regular cadence with DIS.

Your expertise will be leaned on for advisement of executive leadership and on information security program requirements.

You will impact and direct the implementation of information security policies, processes, and procedures.

A key portion of this role is dedicated to communicating security both at the executive leadership level and throughout agency operations to facilitate adoption of security best practices.

• Develop and execute a comprehensive, long-term information security strategy aligned with business goals and security strategy.
• Lead vendor risk management and supply chain security, overseeing third-party security assessments.
• Communicate complex technical risk concepts to non-technical stakeholders clearly and concisely.
• Manage regular intrusion detection and vulnerability reporting, audit group reviews, and coordination of all required completions according to applicable policies and procedures.
• Develop a balanced scorecard and business metrics to measure the effectiveness of the security management program and increase maturity.
• Monitor external threat environment and 3rd party risk for emerging threats and advise relevant stakeholders on appropriate course of action.
• Determine acceptable levels of risk and manage risk and coordinate with the State SOC for incident response system to include monitoring, evaluations, tests, audits, and mitigation strategies to reduce or eliminate identified vulnerabilities.
• Coordinate with State SOC for incident response efforts during cyber breaches to minimize downtime and protect patient care
• Develop, coordinate and deliver security awareness training for agency employees.
• Ensure all information owned, collected, or controlled by the agency is processed and stored in accordance with applicable laws and requirements.
• Oversee evaluation, selection, and implementation of information security solutions that are innovative, cost-effective, and minimally disruptive.
• Control access to agency systems and data while mitigating risks through administrative, physical and technical controls.
• Develop and implement a strategic long-term information security strategy and road map to ensure protection of assets.
• Ensure security management program complies with applicable laws, regulations, and contractual requirements.
• Lead the development of up-to-date information security policies, procedures, standards, and guidelines and oversee their approval, dissemination, and maintenance.

Requirements

• A bachelor's degree in computer science or related field and at least eight (8) years of experience in information security, four (4) of which are in a leadership role.
• Relevant experience may be substituted for the bachelor's degree on a year-for-year basis.
• Candidate must be able to pass a background check and a CJIS fingerprint background check.
  
  
  

Qualifications

Preferred Qualifications:

• Executive cybersecurity management experience with a behavioral health or clinical field environment preferred.
• Electronic Health Record cybersecurity experience is preferred.

Additional Requirements:

• Expert level knowledge of security administration for various operating systems and software.

• Knowledge of security, privacy, risk, and control frameworks and standards such as NIST, CIS, CJIS, HIPAA, FERPA,

  PCI, and the SC DIS-200.

• Expert analytical problem-solving skills and ability to develop project plans for information security systems.

• Expert knowledge and understanding of information risk concepts and principles, and ability to relate business needs and security controls.

• Expert ability to document and present security findings clearly and logically.

• Ability to explain information security concepts to audiences outside the field and to executive-level staff.

• Knowledge of South Carolina state government procedures and processes.

• Knowledge of South Carolina state procurement and contracting principles.

• Experience with contract and vendor negotiations.

• Professional certifications such as CISSP, CISM, CCISO, GIAC, CIPM, CIPP or similar.

Additional Information

The Department of Behavioral Health and Development Disabilities is committed to providing equal employment opportunities to all applicants and does not discriminate based on race, color, religion, sex {including pregnancy, childbirth, or related medical conditions including, but not limited, to lactation), national origin, age (40 or older), disability or genetic information.

The South Carolina Department of Behavioral Health and Development Disabilities offers an exceptional benefits package for full-time (FTE) employees:

• Health, dental, vision, long-term disability, and life insurance for employees, spouse, and children.

• 15 days annual (vacation) leave per year

• 15 days sick leave per year

• 13 paid holidays

• Paid parental leave

• S.C. Deferred Compensation Program available (S.C. Deferred Compensation)

• Retirement benefit choices *

• State Retirement Plan (SCRS)

• State Optional Retirement Program (State ORP)

*Enrollment in one of the listed plans is required for all FTE employees; please refer to the contribution section of

hyper/inked retirement sites for the current contribution rate of gross pay.