Vice President, Chief Information Security Officer (CISO)

Quest Diagnostics - Secaucus, NJ3.7

Full-timeEstimated: $120,000 - $150,000 a year
Recognized by FORTUNE magazine as one of the “World’s Most Admired Companies,” Quest Diagnostics is the world's leading provider of diagnostic testing, information and services that doctors and patients need to make better healthcare decisions. They are pioneers in developing innovative diagnostic tests and advanced healthcare information technology solutions that help improve patient care.

With corporate headquarters in Secaucus, NJ, Quest Diagnostics is a Fortune 500 company, traded on the New York Stock Exchange and included in the Dow Jones Sustainability World Index. With 2017 revenues of $7.7 Billion, and approximately 42,000 employees and 2,100 patient locations across the US, Quest Diagnostics serves half of the physicians and hospitals in the US with their large variety of products and services.

The company offers the broadest access to diagnostic testing services through its network of laboratories and patient service centers, and provides interpretive consultation through its extensive medical and scientific staff. Quest Diagnostics also provides services to employers, life insurance companies, other commercial labs, clinics, health plans, government agencies, and organizations involved in clinical trials research.

Approximately 150 million times each year, patients and their physicians rely upon Quest Diagnostics results to make important healthcare decisions.

Quest Diagnostics Healthcare IT solutions connect over 165,000 physicians. Approximately one third of U.S. physicians – and many of the country’s leading hospitals and health systems – relies on Quest Diagnostics healthcare information solutions to foster better patient care and improve their business performance.

FORTUNE magazine's "World's Most Admired Companies" list

Fortune magazine’s Fortune 500 list

Forbes Global 2000

Barron’s 500

Member of the Dow Jones® Sustainability World Index

Consistently named one of the best places to work in U.S. business journal rankings

Diagnostic Testing Services:
Quest Diagnostics is the world’s leading provider of diagnostic testing, information and services that patients and doctors need to make better healthcare decisions. Their services range from routine blood tests — such as total cholesterol, Pap testing and white blood cell count — to complex, gene-based and molecular testing. They perform medical tests that aid in the diagnosis or detection of diseases, measure the progress or recovery from a disease or confirm that an individual is free from disease. In addition, they have specialized expertise in cancer, cardiovascular diseases, infectious diseases, and neurology.

In the $60 Billion and growing US Diagnostic Testing Market, Quest Diagnostics is the leader. Quest Diagnostics’ reputation as a leading innovator, provider of high value, low cost solutions and its financial strength and flexibility make it well positioned to capitalize on the evolving healthcare landscape.

Quest Diagnostics’ long-term strategy is to become the undisputed world leader in diagnostic testing, information and services. To drive this profitable growth, Quest Diagnostics plans to leverage capabilities to create differentiation:

Deliver Innovative Solutions

Leverage their Unparalleled Access and Distribution Network

Expand their relationships with large payors and health systems

Deliver Superior Patient Experiences

Position Description:
The Vice President, Chief Information Security Officer (CISO) is responsible for establishing and maintaining an Enterprise wide information security program to ensure that Information Technology and information assets are adequately protected. This position is responsible for setting the overall strategy for information security in alignment with compliance and regulatory requirements, technology and business strategy. The CISO will lead the efforts of evaluating and reporting information security risks, develop proactive programs to prevent, detect and protect the company’s assets, will work proactively with the business and technology teams to implement practices that meet defined policies and standards for information security and oversees all IT risk management activities. This role serves as the process owner of all ongoing activities related to the availability, integrity and confidentiality of customers, business partners, employees and business information, in compliance with the organization's information security policies. A key element of this role is to work with executive management to determine acceptable levels of risk for the organization.

The CISO position requires a visionary leader with strong skills in technology and business management. This role requires an integrator of people and processes, a thought leader, a problem solver, an effective consultant and solid domain competency in the field of information security. This role must be highly knowledgeable about the business environment and must ensure that information systems are maintained in a fully functional, secure mode. The position reports to the Chief Information/Digital Officer.

Duties and Responsibilities:
Develop, implement and monitor a strategic, comprehensive enterprise wide Information Technology security and risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization

Develop, maintain and execute a proactive Information Security Strategy that evolves with the business needs. Provide expert leadership in the development, implementation, and maintenance of an information security program and associated infrastructure which entails the monitoring of information security trends internal and external to the organization and keeping senior management informed about information security-related issues that could affect the organization

Manage the enterprise's IT Security organization, consisting of direct reports and indirect reports (such as individuals in other areas of IT) including providing security guidance, hiring, training, staff development, performance management and annual compensation review

Develop, communicate and ensure compliance with organizational security policies, standards, and guidelines

Provide guidance and advocacy regarding prioritization of IT investments that impact information security and risk including the management of the information security budget and monitor for variances

Create and manage information security/ risk management awareness and training programs for all employees, contractors and approved system users

Work directly with IT and business entities to facilitate IT risk analysis and risk management processes, identify acceptable levels of risk, while balancing with business needs, and establish roles and responsibilities regarding information classification and protection

Responsible for presenting overall IT risk, specifically in the ERM corporate process to include the IT areas of compliance, security, performance, and availability

Monitor information security trends internal and external to Quest Diagnostics and keep Quest Diagnostics senior management informed about information security-related issues and activities affecting the organization

Provide subject matter expertise to executive management on a broad range of information security standards and best practices, such as PCI, HIPAA, NIST, etc

Provide strategic and tactical security guidance for all IT projects, including the evaluation and recommendation of technical security and contractual controls

Liaison with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures

Coordinate information security and risk management projects with staff from the IT organization and business teams

Ensure that security programs are following applicable laws, regulations and policies to minimize or eliminate risk and audit findings

Facilitate the conduction and responses to various internal and external security related audits.

Create and facilitate the information security risk assessment and threat and vulnerability processes, including reporting and oversight of remediation efforts to address negative findings

Ensure the Corporation maintains an effective Cybersecurity program to protect critical IT assets and customer and corporate data

Assist various teams in the investigation of security incidents and events to protect corporate IT assets, including intellectual property, confidential data, and other IT fixed assets while protecting the company's reputation

Coordinate the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources

Develop operational and strategic relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program

Facilitate business alignment and communications by forming an information security steering committee or advisory board such as a Security Council

Conduct security vendor risk assessments for those external suppliers that have possession of organizational confidential/sensitive data

Develop and manage information security budgets and monitor them for variances.

Liaise between the information security team and corporate compliance, physical security, internal audit, legal and HR management teams as required

Understand potential threats, vulnerabilities, and control techniques and communicate this information to departmental system administrators

Supervision Exercised:
Director, IT Security Sr. – 4 direct reports + Tech Center staff in Hyderabad, India.

Director, IT Security – 6 direct reports + Tech Center staff in Hyderabad, India.

Manager, IT Security – 10 direct reports + Tech Center staff in Hyderabad, India.

Spec, IT Security - Lead

BA/BS degree preferably in computer science/information systems

MBA a plus Professional (CISSP) or Certified Information Security Manager (CISM)

Minimum 10 years in information and IT security

Minimum five years' experience in a security-related thought leadership or management capacity

Proven ability to operate within a healthcare business environment.

Perform job duties with frequent interruptions or distractions

Adjust priorities quickly as circumstances dictate.

Ability to interact professionally with colleagues and/or customers for different purposes in different contexts.

Ability to collaborate across the organization.

Maintain composure under pressure

Performs a variety of duties, often changing from one task to another

Ability to comprehend and follow verbal or written instructions

Effective verbal communication

Effective written communication

Concentrate on tasks

Ability to making decisions

Examine/observe details

Certified Information Systems Auditor (CISA) or Certification for the Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)

Skills & Abilities:
Information security strategies within global IT environment

Knowledgeable in information security trends while developing policies and standards along all levels

Able to develop programs and guidelines

Special Requirements:
Travel 10%

Health Care experience desirable

Personal Competencies:
The successful candidate for CISO will demonstrate through education and experience the following competencies:

Executive Leadership and strategy



Compliance and Risk Management

HTAS capabilities: Digital Dexterity, Focus on the Customer, Knowing the Business, Collaborate with Others, Promote Strategic Alignment, Adaptability

All requirements are subject to possible modifications to reasonably accommodate individuals with disabilities. Quest Diagnostics is an Equal Opportunity Employer: Women / Minorities / Veterans / Disabled / Sexual Orientation / Gender Identity.

All requirements are subject to possible modifications to reasonably accommodate individuals with disabilities. Quest Diagnostics is an Equal Opportunity Employer: Women / Minorities / Veterans / Disabled / Sexual Orientation / Gender Identity or Citizenship.

  • cb*