**This can be a remote opportunity**
The Rite Aid Information Security Program is designed to protect information and critical resources from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities. The objective in the development and implementation of this Information Security Program is to create effective administrative, technical, and physical safeguards in order to protect Rite Aid and its subsidiaries' data. The Chief Information Security Officer (CISO) works collaboratively with the business units to assure compliance with government, healthcare, business, and other regulatory policies and laws related to information security and privacy. The CISO assesses information systems, oversees and deploys security awareness programs, assists in responding to patient security inquiries, develops the security and privacy components that support overall Rite Aid business strategy, leads board-level presentations on cybersecurity, and develops strategies to reduce risk and allow for business continuity. The primary purpose of the Vice President / CISO position is to set and maintain the overall corporate strategy concerning cyber security within the Rite Aid Information Security Program. This includes leading the development of information security strategies, technology best practices, vulnerability management, access controls, vendor risk management, cloud security, security architecture and Disaster Recovery / Contingency Planning. The position will manage the development and delivery of IT security standards, architecture and systems to ensure data and information security across the company.
Experience / Requirements
- Provide leadership, vision and direction for Information Security initiatives that support and protect the company's business objectives and requirements.
- Responsible for identifying internal and external information security risks; performing risk assessments and cost benefit analysis to determine appropriate level of security controls for monitoring IT systems and other document processing systems.
- Develop and implement a comprehensive plan, program and architecture for information systems security.
- Develop and maintain the Information Security Incident Response Playbook on an annual basis. Perform an annual TABLE TOP exercises with senior management of the corporation. Responsible for setting strategy to integrate all subsidaires within the Incident Response Playbook.
- Maintain role as technical expert for information security policies, practices and procedures; ensure information security policies, procedures and updates are communicated appropriately.
- Evaluate, test and assist in the selection of manual and/or automated security control solutions that promote safeguarding of assets, including monitoring compliance with approved processes.
- Coordinate information systems security efforts with third party auditors and outside vendors.
- Develop ongoing risk management program for all vendor technology environments that service Rite Aid customers.
- ReviewPerform risk assessments of all Rite Aid vendors on a recurring basis to ensure vendors meet Rite Aid security standards.
- Perform and DEA assessments together with security partners.
- With the help of the Information Security Staff perform the following: Complete ongoing security training for associates; Manage user access; New hire and termination procedures over all applications; Manage and report information security incidents, Conduct security compliance reviews annually; Maintain PCI-DSS compliance throughout the company and subsidiaries; Maintain HITRUST CSF compliance for select subsidiaries
vendor contracts for required security and privacy provisions in combination with Legal and the Privacy Office.
- Bachelor's Degree in Arts/Sciences (BA/BS) Information Systems or Computer Science required.
- Master's degree in Arts/Sciences (MA/MS) preferred.
- 10 years of experience in Cloud Technologies, Modern Application Development, Technology Operations required.
- 7 years of experience in Strong Network relationships with Industry Peers, Vendors and Government Agencies preferred.
- Certified Information Security Auditor (CISA) required
- Certified Information Systems Manager (CISM) required
- Certified Information Systems Risk & Control (CRISC) required
- Certified Information Systems Security Professional required