39,413 Data Protection Officers jobs in the United States

Human Health Project (HHP) is a holistic health literacy charity. Our mission is to improve the health of the underserved and vulnerable through holistic information, education and advocacy. Our objective is to empower people to manage their own health with improved outcomes and no medical errors. For more information, please visit our website including viewing our "Shared Patient Information" program page which includes 50 pages of reports on both our Migraine and Lupus and feedback received from people who reviewed the reports in the section, "What Our Members are Saying" - and our "Healthcare Access Program" which includes short video courses in our Learning Academy - , Patient Advocacy Workshops in Los Angeles, - and in Northern Ireland - and our Online Peer to Peer Events -

Information Security Officer: Protect the Future of Personalized Health

Join Human Health Project and help us build a unified, secure patient experience driven by data and AI.

Our Mission

At Human Health Project , we believe true wellness starts with understanding your health. Beyond our core holistic health literacy programs , we are launching an ambitious digital initiative: a Unified Patient Experience . This platform will use data and AI to deliver personalized, accessible health guidance to patients, dramatically improving individual outcomes.

The Opportunity

We are seeking a highly skilled and mission-driven Information Security Officer (ISO) to lead our security and compliance efforts. This is a critical leadership role that ensures the privacy and trust of our users remain paramount as we leverage sensitive patient data and cutting-edge AI.

You won't just be maintaining security; you'll be building it into the very foundation of a groundbreaking product that will revolutionize health literacy.

What You Will Do

• Lead Security Strategy: Develop, implement, and manage a comprehensive information security program for the charity, focusing specifically on securing our new Unified Patient Experience platform and its underlying data infrastructure.
• Ensure Compliance: Oversee adherence to all relevant health data privacy regulations (e.g., HIPAA, GDPR, etc., depending on location) and maintain continuous compliance across all programs.
• Secure AI/Data Pipeline: Establish SecDevOps practices and security protocols for our AI/ML pipelines , ensuring the integrity, confidentiality, and ethical use of anonymized patient data.
• Risk Management: Conduct regular risk assessments, penetration testing coordination, and vulnerability management to protect against evolving threats.
• Champion Security: Serve as the organization's expert on information security, privacy, and data governance, training staff and promoting a culture of security awareness.

What You Will Bring

• Proven experience as an Information Security Officer, CISO, or equivalent senior security role.
• Deep expertise in health data security, privacy regulations (e.g., HIPAA, GDPR, COPPA) , and compliance frameworks.
• Strong understanding of cloud security (AWS, Azure, or GCP) , modern web application security, and security best practices for data lakes/warehouses .
• Familiarity with the security challenges and best practices related to Artificial Intelligence and Machine Learning development.
• Relevant certifications (e.g., CISSP, CISM, CISA) are a significant asset.

If you are passionate about security, dedicated to holistic health, and ready to protect the data that powers a better patient experience, we encourage you to apply.

Summary: The Information Security Officer will play a critical leadership role in our organization, reporting directly to the Senior Vice President (SVP) and Chief Information Security Officer (CISO). This individual will be instrumental in building and managing key security programs, including threat and vulnerability management, cyber incident response, data security, data protection, security engineering, and cyber risk management and governance. As the right hand to the SVP, the Information Security Officer will have a significant impact on our overall security posture and will be a key contributor to our mission of safeguarding our information assets.

Job Responsibilities:

Leadership and Collaboration

• As a trusted advisor and right hand to the SVP and CISO, provide strategic direction and support in information security, offering technical leadership and mentorship to the security team.
• Collaborate with IT, DevOps, and application teams to integrate security practices, act as a subject matter expert for threat detection and vulnerability management.
• Represent the organization in cybersecurity audits, assessments, and compliance activities.

Reporting

• Work closely with other members of the Enterprise Technology Risk Management Team to develop metrics (KRI/KPI) reporting as it relates to Technology Risk Management adherence throughout the bank.

Compliance and Continuous Improvement

• Ensure compliance with relevant legal, regulatory, and industry standards related to information security.
• Foster a culture of continuous improvement by staying up-to-date with the latest security trends, technologies, and best practices.

Threat and Vulnerability Management

• Develop and manage a comprehensive threat and vulnerability management program that identifies, assesses, and mitigates risks to our information systems.

Security Engineering and Design

• Lead the security engineering and design efforts to integrate security into the development lifecycle of our systems and applications

Data Security and Protection

• Establish and enforce robust data security and protection policies and procedures to safeguard sensitive information.

Cyber Security Risk Management and Governance

• Implement a comprehensive cyber risk management framework that includes risk assessment, risk mitigation, and governance policies.

Other Responsibilities

• Performs other job-related duties as assigned.

Job Requirements:

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field (or equivalent experience) required.
• A Master's degree or a relevant advanced certifications (e.g., CISSP, CISM, OSCP, CEH, GIAC) are highly desirable.
• Minimum of 10 years of experience in information security, with a proven track record of leadership and management in security roles.
• Excellent leadership and interpersonal skills, with the ability to collaborate effectively with cross-functional teams and senior executives.
• Ability to think strategically and develop long-term plans for the organization's security posture.
• Strong verbal and written communication skills, with the ability to present complex security information clearly and concisely.
• Proven ability to analyze complex security issues and develop effective solutions.
• Ability to adapt to changing security landscapes and emerging threats.
• High ethical standards and a commitment to protecting the organization's information assets.
• Deep understanding and experience with implementing or maintaining ISO 27001 cyber security framework.
• Strong technical knowledge of security technologies, tools, and practices. Experience in threat and vulnerability management, incident response, data security, and security engineering.
• Familiarity with frameworks such as MITRE ATT&CK, NIST CSF, ISO27001 CSF, and OWASP.
• Knowledge of Cyber security risk assessment frameworks.
• Strong analytical, problem-solving, and decision-making skills.
• Excellent communication and leadership abilities.

Columbia Bank offers the following benefits:

• Medical, Dental, Vision and Rx which are contributory.
• Bonus programs.
• Employee Stock Option Program (ESOP).
• Life Insurance, Long Term Disability and Accidental Death and Dismemberment (LTD&AD&D).
• Paid Time Off (PTO) which includes Personal and Vacation Time.
• Paid Sick Time.
• Bank Holidays.
• Employees may participate in the 401k program.

Schedule:

This role is eligible for a hybrid schedule; 3 days in the office and 2 days work from home based on business need.

Columbia Bank and its affiliates is an Equal Opportunity Employer, including individuals with disabilities and veterans.

This role is located in New York City and will require a hybrid work schedule of at least 2 days in office per week.

This role is for Vice President level candidates.

About the Bank:

Sumitomo Mitsui Trust Bank, Limited was established through the merger of The Sumitomo Trust and Banking Co., Ltd with Chuo Mitsui Trust and Banking, Ltd. on April 1, 2012. We are one of the largest asset managers in Asia and number one among Japanese financial institutions by AUM, with approximately $850 Billion USD in AUM. The Bank provides an assortment of financial solutions and manages a broad spectrum of financial products across its global branches.

Department Overview:

The Americas Division ("AD") was established in the Sumitomo Mitsui Trust Bank, Limited, New York Branch) ("SMTBNY") to perform corporate functions and supervise U.S. entities. Established under the AD are the "Global Banking Unit ("GBU"), Americas Division" and "Global Markets Unit ("GMU"), Americas Division" which performs business functions. Information Risk Governance ("IRG") provides oversight to information and cyber security risk by maintaining and improving branch wide framework that is in-line with the Head Office and regulatory requirements and addresses Confidentiality, Integrity, and Availability for information assets. IRG establishes appropriate policies, procedures, measurement, and monitoring processes to proactively assess and evaluate cyber security and information security risks inherent in the Branch Operations. IRG is directly involved in all information and cyber security related projects, matters, and issues.

Your Role Overview:

To assist the Head of the Department with the day-to-day management and operation of the department. To assume the role of Information Security Officer and take the lead on overseeing the timely completion of the department's critical risk management projects. To provide direct assistance to the Head of the Department with regards to accomplishing the department's goals and objectives. To manage, guide and mentor other staff members with the preparation and completion of their assigned tasks. To contribute significantly to the overall success of the department in all key risk management and cyber security areas.

Directly oversee completion of all critical projects, assist the HOD with implementing desired operational strategies and procedures. Recommend ways to improve efficiency, effectiveness, and productivity. Focus on proactive day-to-day operations. As ISO, assist with overseeing all information and cyber security matters.

Your Duties and Responsibilities:

1. Maintain and improve the information risk framework with guidance from HOD, address regulatory requirements, residual information risks specific to NY Branch Operations.
2. Provide Information Security subject-matter-expertise to senior management.
3. Work with IRT and coordinate incident responses to cyber security events.
4. Keep abreast of industry wide information risk issues that could potentially have an impact on Branch Operations.
5. Establish processes for communicating data classification guidelines and its governance.
6. Oversee employee information security awareness training.
7. Assesses and evaluates critical risk management projects:
   1. Annual Risk Assessment.
   2. Semi-annual Vulnerability Assessments.
   3. Special Risk Assessments done for a Particular Purpose
   4. Trend analysis of key risk management concepts and principles
8. Attend the ISSRM and Branch Risk Management related meetings.
9. Performs key information risk governance related tasks as described below:
   1. Provides User Access Control Governance.
   2. Monitors, analyzes and follows-up on Information Risk events/issues.
   3. Reviews information risk and proactively advises as necessary on: IT Projects/Issues Management process, Change Management Process, significant changes to IT procedures, IT Asset Management Report, key IT Vendor Contracts, IT Disaster Recovery Plan/Process, Record Retention Process, any related audit findings, etc.
   4. Establish and maintain Information Risk Key Risk Indicators (KRI).
   5. Periodically updates IT resources on Information risk related practices.
   6. Manages all information and cyber security policy and procedures manuals.
10. Assist with the management of all matters related to Information Security and Information Risk Management, including directing appropriate Information/Applications Risk Assessments.

Your Qualifications:

1. Certification in Information Security (CISSP) required.
2. 8+ years of Information Security related experience, IT Audit experience, preferred.
3. Knowledge of Information Security principles, terminologies, and technologies required.
4. Knowledge of Information Risk Management framework and principles required.
5. Ability to analyze and design information security monitoring procedures and activities preferred.
6. Detailed Knowledge and expertise in Technology Risk Assessments and Risk Analysis required.
7. Excellent written and verbal communication skills, required.
8. Good computer skills in Microsoft Office Excel and Word required.
9. Strong project management and people management skills. preferred

Why you should join SuMi Trust:

SuMi Trust embraces flexible ways of working when the business and role permits. We provide employees with a hybrid working model, allowing for in-office work and work from home. Our diverse and inclusive environment along with our global presence enables us to collaborate and communicate to meet our business needs. We believe that efficient teams need truth, loyalty, and a strong sense of purpose to balance risk and their targets. We make sustainable business decisions to improve our society and the world. We believe that each person brings a unique value that drives the business though their creativity and passion.

• The Employee Benefits package includes: Paid Time Off, medical, HSA, vision, dental, FSA, 401(k), profit sharing, legal plan, cancer indemnity plan, disability insurance, life insurance, employee assistance program, commuter benefits, business travel accident, paid volunteer day, paid memberships, paid seminars, and tuition assistance.
• We offer many socialization opportunities for wellness, financial wellbeing, runs/walks, team building, happy hours, and activities to support the Sustainable Developmental Goals.

Check out our LinkedIn for our employee experience:

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law. SuMi Trust provides reasonable accommodations for employees and applicants with disabilities consistent with applicable law. If you need a reasonable accommodation during the application

Job Type

Full-time

Description

About us:

ConnectOne Bank proves that putting people first is a better way to do business. At ConnectOne, we're builders - of businesses, communities, and equity. Most importantly, we're building opportunities. Our mission is to ensure our employees feel empowered to make important decisions, reach their potential and truly make an impact.

ConnectOne is a growth organization by design; it is part of our DNA and we take pride in seeing our employees grow with us. Founded in 2005 by an entrepreneur, we have grown into a high-performing commercial bank, inspiring a new model for our industry's future. By embracing technology and all the ways it can help us become a world-class service organization, we support small business owners by fueling their mission.

People First is the blueprint for our culture. It is at the foundation of everything we do and the decisions we make. At

ConnectOne, you have the opportunity to be a part of a dynamic culture and team. Develop your forward-thinking skills, thrive in an entrepreneurial setting, and succeed at "a better place to be".

ConnectOne Bank is an Equal Housing and Equal Opportunity Lender, and a member of the Federal Deposit Insurance Corporation.

About this role:

The Information Security Officer will assist ConnectOne Bank in upholding the utmost standards of risk and cyber security within the organization. The candidate will lead all aspects of the Bank's dedication to safeguarding the confidentiality, integrity, and availability of all physical and electronic information assets within the institution. The candidate will plan, direct, and coordinate the Bank's data and cybersecurity policies and guidelines to ensure that all information systems are secure, and safeguarded throughout the Bank and follow privacy, customer trust and information security laws and regulations applicable to financial institutions.

In this role you will:

• Support the Bank's "People First" focus and rules of engagement-maintaining a professional demeanor, working as an active member of the CNOB team, providing all clients excellent service, always striving to make ConnectOne Bank "A Better Place to Be".
• Use a thorough knowledge of industry practices in relation to current data/cyber security solutions and management of data/cyber security.
• Support the Bank on project boards to ensure strong security posture for ongoing compliance. As well as prepare written reports as needed.
• Take charge of Incident Response Plan, conducting annual plan testing, and ensuring training is comprehensive and covers up-to-date policies and protocols.
• Develop, enforce, and evaluate guidelines on information protection and risk assessments that affect every department within the Bank, supporting the IT Risk Management procedure.
• Review the results of the data protection audit making recommendations for improvements. This will involve liaison with senior staff across the organization
• Evaluate, assess, provide insights, and suggest improvements for the advancement and expansion of the technology infrastructure, Cybersecurity, and technological systems.
• Protect systems by defining access privileges, control structures, and resources.
• Work with collaborators to define business and systems requirements for new technology security implementations.
• Recognize problems by identifying abnormalities, reporting violations.
• Collect data on current cybersecurity measures for risk analysis and write systems status reports regularly.
• Grant credentials to authorized users, supervise access-related activities, and check for unregistered information changes.
• Help lead employee training to prevent phishing and other forms of cyberattack.
• Monitor constantly for attacks and run appropriate defensive protocols if a breach occurs.
• Conduct testing to identify vulnerabilities and collaborate with the cybersecurity team to update defensive protocols when vital.
• Keep users advised by preparing performance reports, communicating system status.
• Lead with a focus on cybersecurity, handle IT teams and develop strategies for cybersecurity efforts. Write rules and regulations regarding cybersecurity decisions.
• Ensure the development, deployment, operations, implementation, and support of component information systems that are consistent with cyber security policies and procedures.
• Serve as a first responder to any cyber security event within the department and perform vital functions in identifying, mitigating, reviewing, documenting, and reporting findings.
• Lead 3rd party security tests to ensure they align with institution's criteria.
• Lead the vendor relationship of the bank's IT Security solutions to ensure performance remains consistently at a high level and in line with industry standards.
• Ensure all documentation pertaining to IT Security is maintained and provided to vital individuals when requested for bank audits.

Must haves:

• Knowledge of IT Security standards, protocols and industry procedures.
• Knowledge of LAN/WAN/SD-WAN networking and current standards of protocols.
• Knowledge of relevant Federal and State banking regulations.
• Hands-on exposure to providing IT Security, IT Networking, and IT Systems operational support in a medium to large scale organization, with innovative computing systems.
• Excellent leadership ability.
• Strong analytical skills and problem-solving skills with the ability to research, explain and recommend solutions in security situations.
• Understanding of securing and hardening networks and connected devices systems to keep them current with industry standards.
• Work in a team environment as well as individually.
• Superb communication and interpersonal skills.
• Strong "People First" interest and ability.
• Ability to analyze problems and find solutions.
• Ability to deliver the bank's cyber security status to upper management when required.
• Bachelor's Degree required in computer science, information management or equivalent
• At least 10 years of dynamic experience in Information Technology/Cyber Security and banking industry
• Must be an intelligent and persuasive leader who can serve as an effective member of the senior management team and who is able to communicate security-related concepts to a broad range of technical and non-technical staff. Acting as a liaison IT and business process owners.

Bonus Points For:

• Certification such as CISA, CISM or CISSP (or willingness to pursue)
• Master's degree or equivalent experience preferred

Additional information

Benefits:

• World class health, vision, and dental benefits on day one
• 401k with employer match
• Hybrid work from home (depending on role)
• Employee appreciation events (team building, softball games, food truck days, etc.)
• Employee assistance programs (EAP)
• Wellness programs (flu shot, preventive care, health programs and services discounts, etc.)
• Tuition reimbursement
• Employee Discount perks
• CNOB Community Service Events

.and much, much more!

Studies have shown that individuals from underrepresented groups, may only apply to roles if they meet 100% of the qualifications. Roles evolve over time, especially with innovation, and you may be just the person we need. We hope you're open to learning new skills and growing with us. We encourage you to apply to continue making us "a better place to be!"

ConnectOne Bank is an equal opportunity employer and does not discriminate with respect to any term, condition or privilege of employment based on race, color, religion, sex, sexual orientation, gender identity or expression, age, disability, military or veteran status, marital status, or status of an individual in any group or class protected by applicable federal, state, or local law.

ConnectOne Bank also provides reasonable accommodations for qualified individuals with disabilities in accordance with the Americans with Disabilities Act and applicable state and local laws. If an accommodation is needed to participate in the job application or interview process, please contact Talent Acquisition.

#IND123

Salary Description

$175,000-$230,000

Be part of a team that unleashes the power of leading-edge technologies to help improve the health and well-being of those most vulnerable in our country and communities. Working at Gainwell carries its rewards. You'll have an incredible opportunity to grow your career in a company that values work flexibility, learning, and career development. You'll add to your technical credentials and certifications while enjoying a generous, flexible vacation policy and educational assistance. We also have comprehensive leadership and technical development academies to help build your skills and capabilities.

Summary

As a Senior Regional Information Security Manager (RISM), you will be accountable for all security-related deliverables and compliance requirement for the accounts in your assigned region. In a typical engagement, you operate as a leader and trusted advisor in the organization, working with executive leadership, senior management and focusing specifically on health care industry regulated security requirements and environments in relation to client business objectives. The RISM helps understand and mitigate operational issues and concerns, as the accountable leader, that will plan and manage the delivery for the accounts under purview. Additionally, as a Senior RISM responsibility may include support of special information security projects and programs assigned as part of the Office of the Business Information Security Officer (BISO) as leadership discretion.

This requires the ability to interact and influence at a senior managerial level within client organizations such as Information Governance and IT Security leads. You will be able to demonstrate industry expertise and understanding of the security governance and compliance. Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the National Institute of Standards and Technology (NIST) 800-53 framework is what the Information Security Organization will be reviewing, maintaining, and helping to assess on each designated account or health care product within Gainwell Technologies and its partners.

Your role in our mission

• Lead Security operational governance activities of multiple Accounts and/or Products.
• Escalation contact for designated region and accounts that align under the region.
• Multi-3rd party services and supplier management.
• Driving delivery excellence in security tooling and business operations (Ensuring avoidance of non-performance / non-compliance contractual penalties).
• Ensure that vulnerability management that aligns to account service level agreements (SLAs).
• Relationship management with Gainwell Technologies suppliers to client.
• Ensure that the account security plan for the selected account(s) and Products is current and working.
• Manage and report security incidents to upper management, engage as a point of leadership for incidents.
• Ensure Audit preparation, facilitation and remediation for each account and Product(s).
• Escalation contact for all Security and Compliance within given region and/or Product(s).
• Manage Security Risk and Exception to standards management.
• Ensure knowledge and implementation of security fundamentals, policies and standards (regulatory and contractual).
• Escalate and resolve Security Incidents with the Security Incident Response team.
• Coordinate delivery of Security Metrics and Reporting in support of contractual commitment.

What we're looking for

• At least 8 years management experience as a service delivery manager with 12 or more employees.
• At least 10 years' experience working in a risk management, audit, security or technical delivery role.
• Experience as a manager of security staff, consultants, architects and/or engineers.
• Experience in working with senior security management including information governance and compliance'.
• Good understanding of Assurance Practices and Risk Management, with hands on experience.
• Experience of security processes and standards, in particular NIST 800-53, and/or ISO27001.
• Knowledge of security audit and accreditation processes.
• Ability to adapt to new security regimes.

What you should expect in this role

• Functionally reports to the Director of Information Security as part of the Delivery organization led by the Business Information Security Officer (BISO) to coordinate effort, solutions, and promote Security Practices.
• Works in conjunction with the Account Delivery Executives and Client Delivery Leaders.
• Partners and collaborates with Information Security staff and partners to leverage existing solutions and promote common standards.

This posting is intended for pipelining. We will accept applications on an ongoing basis.

The pay range for this position is $90,900 - $129,900 per year, however, the base pay offered may vary depending on geographic region, internal equity, job-related knowledge, skills, and experience among other factors. Put your passion to work at Gainwell. You'll have the opportunity to grow your career in a company that values work flexibility, learning, and career development. All salaried, full-time candidates are eligible for our generous, flexible vacation policy, a 401(k) employer match, comprehensive health benefits, and educational assistance. We also have a variety of leadership and technical development academies to help build your skills and capabilities.

We believe nothing is impossible when you bring together people who care deeply about making healthcare work better for everyone. Build your career with Gainwell, an industry leader. You'll be joining a company where collaboration, innovation, and inclusion fuel our growth. Learn more about Gainwell at our company website and visit our Careers site for all available job role openings.

Gainwell Technologies is an Equal Opportunity Employer, where all qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical condition), age, sexual orientation, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

Job Summary:

The BISO is a dedicated security professional that is able to balance risk management and Cybersecurity requirements, leading a team of regional Business Information Security Officers. The role requires business acumen, technical acumen and strong consultative skills. Business operational understanding is critical because this role will engage with business leaders and operations stakeholders to enhance understanding, identification, and management of business risks.

Duties and Responsibilities:

• Provide independent and objective oversight and monitoring for the implementation of Cybersecurity across Sysco's operating companies.

• Direct and manage Security Leads across regions.

• Translate Policy(s) and Standards set forth by the Cybersecurity Risk and Compliance Management Team into the environment.

• Increase awareness and foster accountability for security across the enterprise.

• Facilitate bidirectional communication between operations teams globally and enterprise security while advocating for both in a balanced manner.

• Escalate risks and exceptions to Cybersecurity Risk and Compliance Management Team and Change Management.

• Participate in and assist with security incident readiness and response training & awareness including supporting cybersecurity incident response activities.

• Oversee responsibilities for both security and business continuity (governance, reporting, compliance, risk assessments, etc.).

Education Preferred:

• Education (Bachelor's Degree or above) related to Computer Science, Cybersecurity, Information Technology, or related fields

Experience Required:

• 10+ years experience of Cybersecurity and or information risk management

• Knowledge and understanding of the design of the operational systems and operations environments

• knowledge of application and product system development lifecycle and tools and appsec protocols.

• Understand applications running in the operations environment and the resulting network traffic

• In-depth understanding of cybersecurity solutions and requirements within the food and service industry

• Excellent communication skills, with an ability to tailor and engage communication across all levels of the organization

Licenses/Certifications Preferred:

• Certified Information on Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Information Systems Security Architecture Professional (ISSAP), Information Systems Security Engineering Professional (ISSEP), GIAC Response and Industrial Defense (GRID)

Language Requirements:

• Fluency in written and spoken English.

Physical Demands:

• Reasonable accommodations will be made to enable individuals with disabilities to perform the essential functions of this job.

Travel Requirements:

Up to 25%

AFFIRMATIVE ACTION STATEMENT:

Applicants must be currently authorized to work in the United States. We are proud to be an Equal Opportunity and Affirmative Action employer, and consider qualified applicants without regard to race, color, creed, religion, ancestry, national origin, sex, sexual orientation, gender identity, age, disability, veteran status or any other protected factor under federal, state or local law. This opportunity is available through Sysco Corporation, its subsidiaries and affiliates.

**Duration: 12+ Months Contract**
**Candidate MUST be a SC resident or willing to relocate to SC prior to starting the role at their own expense.**
**Job Summary:**
**Scope of the Project:**
The **SCDHHS Office of Cybersecurity (OCS)** is responsible for the security and compliance of **SCDHHS Information Systems and Data** . OCS seeks an expert **Senior ISSO** to oversee (and actively participate in) the day-to-day security and compliance requirements of complex information system operating environments. A successful Senior ISSO will lead the establishment, implementation, and/or enhancement of Information Systems Security and Compliance efforts based on State/Agency Policy/Standards and Regulatory Guidance such as **FISMA, NIST, CMS MARS-E, HIPAA,** etc.
**Daily Duties / Responsibilities:**
The Senior ISSO will report to the ISSO Team Lead in OCS and operate as an experienced cybersecurity consultant to SCDHHS leadership, business units, business partners, and vendors.
**Security Program Experience:**
Leadership experience with **CMS MARS-E, ARC-AMPE** , or other **FISMA Risk Management Framework (RMF)** compliant programs is strongly desired and will be given the highest weight. Experience should include well-documented success in the development and maintenance of **System Security Plans (SSPs), Privacy Impact Assessments (PIAs), Interconnection Security Agreements (ISAs), Computer Matching Agreements (CMAs),** and related interviews and audit/assessment activities to complete and verify these and other **RMF/Assessment and Authorization (A&A)** tasks and artifacts.
Experience with development and integration of **RMF/A&A** tasks and artifacts in RMF-type roles such as **ISSO, Information Security Architect, Security Control Assessor,** etc., into the **System Development Life Cycle (SDLC)** is ideal.
Experience in security as related to **Cloud Services and Vendor Management** is considered desirable for this position.
**Technical Knowledge:**
Hands-on experience with any or all the following technologies would be considered desirable for this position:
+ Archer (eGRC)
+ Enterprise NoSQL Database
+ IBM System 390/zSeries
+ Linux and Windows Servers
+ Network Firewalls, Intrusion Prevention Systems (IPS), Switching and Routing Infrastructure
+ Security Information and Event Management (SIEM) Solutions
+ Identity and Access Management (IAM) Solutions
**General Duties and Responsibilities:**
+ Perform detailed architectural reviews and risk analysis of security-related requests in order to make sound decision-making recommendations, such as:a. Network Design and Information Flowb. System and Data Access Modelsc. Review Firewall Rule Requests (Ports, Protocols, and Services)d. Baseline Configuration Management Deviation Requestse. Vulnerability Management
+ Champion the design, development, implementation, and/or ongoing maturation of SCDHHS security and compliance efforts.
+ Audit and assess internal agency systems as well as business partner/service provider information system security controls.
+ Utilize Microsoft Office software suite, System Center Service Manager (Ticketing System), Archer eGRC System, Bizagi, Atlassian, and other products to document and report on information gathered during audit and assessment activities or other OCS efforts.
+ Perform security and compliance reviews of contracts, Business Associate Agreements, Data Usage/Sharing Agreements, and other types of documents and artifacts.
+ Serve as primary point of contact for third-party audits and/or assessments of agency and business partner systems.
+ Collaborate with agency leadership, business partners, and other parties/stakeholders to provide recommendations for security and compliance risk mitigation efforts.
**Required Knowledge/Skills:**
+ Must have a strong working knowledge of **FISMA, NIST, CMS MARS-E,** and **HIPAA Security and Privacy.**
+ 5+ years of experience in IT working with and/or auditing **IBM System 390/zSeries, Windows, Linux, Databases (Relational and Non-Relational), Networking Infrastructure,** and **Web-based Applications.**
+ Prior experience working within a **FISMA Compliant Program.**
+ Prior experience in working with any **eGRC Systems.**
+ Prior **Health Information Technology** experience.
+ **ISC(2), ISACA, SANS GIAC** and/or other Information Security Certification is required.
+ Ability to work independently and as a member of a team.
+ Ability to collaborate and coordinate with multiple teams and vendors.
+ Ability to multitask and prioritize tasks effectively in order to meet deadlines.
+ Experience and training with eGRC solutions.
+ Ability to engage diverse audiences of varying technical and non-technical skill levels to ensure effective alignment of technical requirements to business objectives.
+ Ability to collaborate and coordinate efforts amongst multiple teams and vendors in fulfillment of SCDHHS OCS initiatives.
+ Ability to multitask and prioritize tasks effectively in order to meet deadlines in a results-oriented environment.
+ Must have intermediate to advanced skills in Microsoft Office products ( **Word, Excel, PowerPoint, Visio** ) to include working with templates and style guidelines for branding consistency.
+ Keen attention to detail while maintaining the ability to see the big picture.
+ Ability to absorb, retain, and communicate complex processes.
+ Ability to accept changes and constructive criticism and remain flexible in dealing with leadership and teams of varying technical and business knowledge.
**Preferred Requirements/Skills:**
+ BS Degree in Computer Science or similar discipline or 10+ years of experience in the field or a related area.
+ Prior **ITIL** experience in the area of **Information Security Management.**
**Required Skills (Ranked in Order of Importance):**
+ 5+ years of experience in IT working with and/or auditing **IBM System 390/zSeries, Windows, Linux, Databases (Relational and Non-Relational), Networking Infrastructure,** and **Web-based Applications.**
+ Prior experience working within a **FISMA Compliant Program.**
+ Prior experience working with any **eGRC Systems.**
+ Prior **Health Information Technology** experience.
**Preferred Skills (Ranked in Order of Importance):**
+ Prior **ITIL** experience in the area of **Information Security Management.**
**Required Education/Certifications:**
+ **ISC(2), ISACA, SANS GIAC** and/or other Information Security Certification is required.
**Preferred Education/Certifications:**
+ Bachelor's degree in a related area or 10+ years of experience in the field or in a related area.
**About US Tech Solutions:**
US Tech Solutions is a global staff augmentation firm providing a wide range of talent on-demand and total workforce solutions. To know more about US Tech Solutions, please visit ( .
US Tech Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

**Job Summary:**
The BISO is a dedicated security professional that is able to balance risk management and Cybersecurity requirements, leading a team of regional Business Information Security Officers. The role requires business acumen, technical acumen and strong consultative skills. Business operational understanding is critical because this role will engage with business leaders and operations stakeholders to enhance understanding, identification, and management of business risks.
**Duties and Responsibilities:**
+ Provide independent and objective oversight and monitoring for the implementation of Cybersecurity across Sysco's operating companies.
+ Direct and manage Security Leads across regions.
+ Translate Policy(s) and Standards set forth by the Cybersecurity Risk and Compliance Management Team into the environment.
+ Increase awareness and foster accountability for security across the enterprise.
+ Facilitate bidirectional communication between operations teams globally and enterprise security while advocating for both in a balanced manner.
+ Escalate risks and exceptions to Cybersecurity Risk and Compliance Management Team and Change Management.
+ Participate in and assist with security incident readiness and response training & awareness including supporting cybersecurity incident response activities.
+ Oversee responsibilities for both security and business continuity (governance, reporting, compliance, risk assessments, etc.).
**Education Preferred:**
+ Education (Bachelor's Degree or above) related to Computer Science, Cybersecurity, Information Technology, or related fields
**Experience Required:**
+ 10+ years experience of Cybersecurity and or information risk management
+ Knowledge and understanding of the design of the operational systems and operations environments
+ knowledge of application and product system development lifecycle and tools and appsec protocols.
+ Understand applications running in the operations environment and the resulting network traffic
+ In-depth understanding of cybersecurity solutions and requirements within the food and service industry
+ Excellent communication skills, with an ability to tailor and engage communication across all levels of the organization
**Licenses/Certifications Preferred:**
+ Certified Information on Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Information Systems Security Architecture Professional (ISSAP), Information Systems Security Engineering Professional (ISSEP), GIAC Response and Industrial Defense (GRID)
**Language Requirements:**
+ Fluency in written and spoken English.
**Physical Demands:**
+ Reasonable accommodations will be made to enable individuals with disabilities to perform the essential functions of this job.
**Travel Requirements:**
Up to 25%
AFFIRMATIVE ACTION STATEMENT:
Applicants must be currently authorized to work in the United States. We are proud to be an Equal Opportunity and Affirmative Action employer, and consider qualified applicants without regard to race, color, creed, religion, ancestry, national origin, sex, sexual orientation, gender identity, age, disability, veteran status or any other protected factor under federal, state or local law. This opportunity is available through Sysco Corporation, its subsidiaries and affiliates.

Our Story

In July 2019, Fourth joined forces with HotSchedules to become the global leader in end-to-end restaurant and hospitality management technology solutions. Together, the merged company now represents the world’s largest and only provider of end-to-end restaurant and hospitality management solutions for customers across the globe and of all sizes, from a single location or franchisee restaurant to a global restaurant or hotel chain. The combined company’s complete software-as-service (SaaS) solution suite including scheduling, time & attendance, applicant tracking, training, inventory management / procurement, HR / benefits and payroll services now serves customers in 120,000 locations worldwide and is supported by a dedicated, unified team across offices in the US, UK, Bulgaria, China, Australia, and UAE.

Interested in joining our smart, fun, and talented team?

Position Overview

We are seeking a Senior Information Security Officer (SISO) to lead our
global security programme. This is a hands-on leadership role
responsible for building, scaling, and maturing a robust, audit-ready
security function. You will define our 3-year strategy and oversee
implementation across infrastructure, applications, risk, compliance, and
operations, ensuring Fourth continues to meet the highest standards of
trust, resilience, and regulatory excellence.

You will report directly to the CFO and partner with executive
stakeholders, product, engineering, legal, IT, compliance, and customer
teams. Your work will directly impact our ability to grow securely in
complex, regulated environments such as SaaS, fintech, and global data
services.

Primary Responsibilities

Security Strategy & Leadership
Define and execute a long-term security roadmap aligned with
business goals. Advise executive leadership and the board on risk
posture, threats, and programme maturity.

Risk, Compliance & Governance
Own security policies, risk registers, and internal controls. Ensure
ongoing compliance with global standards (SOC 1/2, ISO 27001,
GDPR, HIPAA, CCPA). Lead external audits and client assessments.

Cloud & Infrastructure Security
Oversee security across Azure-based SaaS environments. Ensure
secure architecture, access control, and vendor security.

Application & DevSecOps
Embed security into CI/CD pipelines and development lifecycles.
Promote secure coding, threat modelling, and secure-by-default
practices.

Security Operations & Incident Response
Lead detection, response, and recovery activities. Manage
vulnerability remediation, threat intelligence, and crisis response,
including simulations and playbooks.

Customer Trust & Stakeholder Engagement
Represent the business in client security reviews, RFPs, and
external audits. Align security with commercial objectives and
customer expectations.

Team, Culture & Awareness
Build a strong security culture across the company. Lead
awareness campaigns, mentor security team members, and manage
external partners.

Key Skills and Competencies

• 8+ years in information security with 3+ years in a senior
  leadership role.
• Proven success building and operating security programmes in
  Azure and SaaS businesses with agile environments.
• Hands-on familiarity with threat modelling, vulnerability
  management, and detection/response tools.
• Strong knowledge of ISO 27001, SOC 2, GDPR, HIPAA, CCPA, and
  related frameworks.
• Skilled in executive communication and cross-functional
  collaboration.

Preferred Experience and/or Qualifications

• Experience in regulated industries (fintech, healthcare, education,
  etc.).
• Familiarity with SSDLC, privacy frameworks, cryptography, and
  AI/ML security.
• Certifications: CISSP, CISM, CISA, CCSP, ISO 27001 Lead
  Implementer, or equivalent.
• Experience leading security culture change, board-level exercises,
  and external audits.

Benefits

Holidays. We all need to rest so you get 25 basic holidays with the option to grow up to 30 with service + your birthday off + bank holidays!

⌚️ ️Flexible working! Use our flexible working hours and hybrid working environments to manage it.