|Date Posted||July 8, 2019|
Executive Director, Chief Information Security Officer
Recognized by FORTUNE magazine as one of the “World’s Most Admired Companies,” Quest Diagnostics is the world's leading provider of diagnostic testing, information and services that doctors and patients need to make better healthcare decisions. They are pioneers in developing innovative diagnostic tests and advanced healthcare information technology solutions that help improve patient care.
With corporate headquarters in Secaucus, NJ, Quest Diagnostics is a Fortune 500 company, traded on the New York Stock Exchange and included in the Dow Jones Sustainability World Index. With 2017 revenues of $7.7 Billion, and approximately 42,000 employees and 2,100 patient locations across the US, Quest Diagnostics serves half of the physicians and hospitals in the US with their large variety of products and services.
The company offers the broadest access to diagnostic testing services through its network of laboratories and patient service centers, and provides interpretive consultation through its extensive medical and scientific staff. Quest Diagnostics also provides services to employers, life insurance companies, other commercial labs, clinics, health plans, government agencies, and organizations involved in clinical trials research.
Approximately 150 million times each year, patients and their physicians rely upon Quest Diagnostics results to make important healthcare decisions.
Quest Diagnostics Healthcare IT solutions connect over 165,000 physicians. Approximately one third of U.S. physicians – and many of the country’s leading hospitals and health systems – relies on Quest Diagnostics healthcare information solutions to foster better patient care and improve their business performance.
• FORTUNE magazine's "World's Most Admired Companies" list
• Fortune magazine’s Fortune 500 list
• Forbes Global 2000
• Barron’s 500
• Member of the Dow Jones® Sustainability World Index
• Consistently named one of the best places to work in U.S. business journal rankings
Diagnostic Testing Services:
Quest Diagnostics is the world’s leading provider of diagnostic testing, information and services that patients and doctors need to make better healthcare decisions. Their services range from routine blood tests — such as total cholesterol, Pap testing and white blood cell count — to complex, gene-based and molecular testing. They perform medical tests that aid in the diagnosis or detection of diseases, measure the progress or recovery from a disease or confirm that an individual is free from disease. In addition, they have specialized expertise in cancer, cardiovascular diseases, infectious diseases, and neurology.
In the $60 Billion and growing US Diagnostic Testing Market, Quest Diagnostics is the leader. Quest Diagnostics’ reputation as a leading innovator, provider of high value, low cost solutions and its financial strength and flexibility make it well positioned to capitalize on the evolving healthcare landscape.
Quest Diagnostics’ long-term strategy is to become the undisputed world leader in diagnostic testing, information and services. To drive this profitable growth, Quest Diagnostics plans to leverage capabilities to create differentiation:
• Deliver Innovative Solutions
• Leverage their Unparalleled Access and Distribution Network
• Expand their relationships with large payors and health systems
• Deliver Superior Patient Experiences
The Chief Information Security Officer (CISO) is responsible for establishing and maintaining an Enterprise wide information security program to ensure that Information Technology and information assets are adequately protected. This position is responsible for setting the overall strategy for information security in alignment with compliance and regulatory requirements, technology and business strategy. The CISO will lead the efforts of evaluating and reporting information security risks, develop proactive programs to prevent, detect and protect the company’s assets, will work proactively with the business and technology teams to implement practices that meet defined policies and standards for information security and oversees all IT risk management activities. This role serves as the process owner of all ongoing activities related to the availability, integrity and confidentiality of customers, business partners, employees and business information, in compliance with the organization's information security policies. A key element of this role is to work with executive management to determine acceptable levels of risk for the organization.
The CISO position requires a visionary leader with strong skills in technology and business management. This role requires an integrator of people and processes, a thought leader, a problem solver, an effective consultant and solid domain competency in the field of information security. This role must be highly knowledgeable about the business environment and must ensure that information systems are maintained in a fully functional, secure mode. The position reports to the Chief Information Officer.
Duties and Responsibilities:
• Develop, implement and monitor a strategic, comprehensive enterprise wide Information Technology security and risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization
• Develop, maintain and execute a proactive Information Security Strategy that evolves with the business needs. Provide expert leadership in the development, implementation, and maintenance of an information security program and associated infrastructure which entails the monitoring of information security trends internal and external to the organization and keeping senior management informed about information security-related issues that could affect the organization
• Manage the enterprise's IT Security organization, consisting of direct reports and indirect reports (such as individuals in other areas of IT) including providing security guidance, hiring, training, staff development, performance management and annual compensation review
• Develop, communicate and ensure compliance with organizational security policies, standards, and guidelines
• Provide guidance and advocacy regarding prioritization of IT investments that impact information security and risk including the management of the information security budget and monitor for variances
• Create and manage information security/ risk management awareness and training programs for all employees, contractors and approved system users
• Work directly with IT and business entities to facilitate IT risk analysis and risk management processes, identify acceptable levels of risk, while balancing with business needs, and establish roles and responsibilities regarding information classification and protection
• Responsible for presenting overall IT risk, specifically in the ERM corporate process to include the IT areas of compliance, security, performance, and availability
• Monitor information security trends internal and external to Quest Diagnostics and keep Quest Diagnostics senior management informed about information security-related issues and activities affecting the organization
• Provide subject matter expertise to executive management on a broad range of information security standards and best practices, such as PCI, HIPAA, NIST, etc
• Provide strategic and tactical security guidance for all IT projects, including the evaluation and recommendation of technical security and contractual controls
• Liaison with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures
• Coordinate information security and risk management projects with staff from the IT organization and business teams
• Ensure that security programs are following applicable laws, regulations and policies to minimize or eliminate risk and audit findings
• Facilitate the conduction and responses to various internal and external security related audits.
• Create and facilitate the information security risk assessment and threat and vulnerability processes, including reporting and oversight of remediation efforts to address negative findings
• Ensure the Corporation maintains an effective Cybersecurity program to protect critical IT assets and customer and corporate data
• Assist various teams in the investigation of security incidents and events to protect corporate IT assets, including intellectual property, confidential data, and other IT fixed assets while protecting the company's reputation
• Coordinate the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources
• Develop operational and strategic relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program
• Facilitate business alignment and communications by forming an information security steering committee or advisory board such as a Security Council
• Conduct security vendor risk assessments for those external suppliers that have possession of organizational confidential/sensitive data
• Develop and manage information security budgets and monitor them for variances.
• Liaise between the information security team and corporate compliance, physical security, internal audit, legal and HR management teams as required
• Understand potential threats, vulnerabilities, and control techniques and communicate this information to departmental system administrators
1. Director, IT Security Sr. – 4 direct reports + Tech Center staff in Hyderabad, India.
2. Director, IT Security – 6 direct reports + Tech Center staff in Hyderabad, India.
3. Manager, IT Security – 10 direct reports + Tech Center staff in Hyderabad, India.
4. Spec, IT Security - Lead
• BA/BS degree preferably in computer science/information systems
• MBA a plus Professional (CISSP) or Certified Information Security Manager (CISM)
• Minimum 10 years in information and IT security
• Minimum five years' experience in a security-related thought leadership or management capacity
• Proven ability to operate within a healthcare business environment.
• Perform job duties with frequent interruptions or distractions
• Adjust priorities quickly as circumstances dictate.
• Ability to interact professionally with colleagues and/or customers for different purposes in different contexts.
• Ability to collaborate across the organization.
• Maintain composure under pressure
• Performs a variety of duties, often changing from one task to another
• Ability to comprehend and follow verbal or written instructions
• Effective verbal communication
• Effective written communication
• Concentrate on tasks
• Ability to making decisions
• Examine/observe details
• Certified Information Systems Auditor (CISA) or Certification for the Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)
Skills & Abilities:
• Information security strategies within global IT environment
• Knowledgeable in information security trends while developing policies and standards along all levels
• Able to develop programs and guidelines
• Travel 10%
• Health Care experience desirable
The successful candidate for CISO will demonstrate through education and experience the following competencies:
• Executive Leadership and strategy
• Compliance and Risk Management
• HTAS capabilities: Digital Dexterity, Focus on the Customer, Knowing the Business, Collaborate with Others, Promote Strategic Alignment, Adaptability
Please Log In or Register to Upload a Resume and complete the online Application by visiting questdiagnostics.com/careers, clicking “Job Search” and following the prompts. Because of the large number of applicants to job openings, Quest Diagnostics will only contact qualified candidates to be interviewed.
Sr. Talent Acquisition Partner – Executive Recruitment
Quest Diagnostics, Inc.
Office: (614) 519-5015
Senior Executive Search Consultant Quest Diagnostics, Inc.
Office: (201) 424-6742