Strategic Consultant

First Health Advisory’s Strategic Consultant is responsible for engaging with senior and executive client leadership, providing strategic guidance and industry expertise, security program leadership, consulting team coordination, mentorship of junior team members, and skillful execution of client security projects. The Strategic Consultant is intended to be a senior strategic advisor for First health clients. This role must function at a Chief Information Security Officer level of expertise, engage with, and provide guidance for client executive level staff, deliver exceptional customer service, and ensure project deliverables meet all client objectives and are completed on time.

Responsibilities

• Reinforce and provide guidance for First Health business strategies
• Manage delivery of First Health projects according to scope of work and contractual obligations
• Identify and mitigate risks which may impact successful delivery of projects
• Mange Analysts, Consultants, Third Party Vendors, and others assigned to First Health projects and delegate tasks as appropriate
• Act as a leadership point of liaison between the First Health project team and First Health leadership team
• Provide industry-specific expertise and guidance to clients
• Brainstorm strategies for client security program growth, positive change, and improvement
• Lead presentations and organize team meetings
• Solve problems through helpful recommendations and practical suggestions
• Mentor junior team members as needed
• Additional responsibilities and duties as assigned

Duties

• Knowledge and experience with information security frameworks and controls including NIST Cyber Security Framework (CSF), NIST 800-53, ISO 2700x, PCI-DSS, HIPAA, HITRUST, 405(d) HICP, etc.
• Knowledge of and experience with assessing and developing enterprise security programs and reporting on organizational risk management strategies and tactics
• Experience communicating with and presenting strategic security program findings and recommendations to senior management and executive leadership of highly regulated organizations
• Capable of explaining security, technology, and similar complex topics to management, leadership, and executives
• Experience in developing, creating, updating, managing, and communicating the importance of organizational policies related to information security, risk management, and similar corporate topics
• Organizational management experience including leadership, budget management, staff management, organizational chart assessment, and related leadership experience and knowledge
• Collaborate with senior leaders and departments to assess risks, coordinate mitigation efforts, establish internal controls, respond to incidents, and manage concerns.
• Ensure clients are operating to the highest security standards and adequately protected from threats
• Develop security policies to comply with security requirements as defined by client
• Provide direction for Enterprise Risk Management, Disaster Recovery, and Policies and Procedures

Desired Skills and Experience

• Requires a minimum of 8 years of experience in information security, risk management, compliance, and/or governance
• Additional experience in information technology, data governance, cloud security, or similar fields strongly preferred
• Significant experience with legal and regulatory compliance standards and security frameworks and controls such as NIST Cyber Security Framework (CSF), NIST 800-53, ISO 2700x, PCI-DSS, HIPAA, HITRUST, 405(d) HICP, etc.
• Ability to translate regulatory requirements into practical business considerations and recommendations
• Ability to proactively identify opportunities for continuous improvement
• Solid understanding of information security, IT networks and technology stacks
• Experience with process, risk and controls management including development of security program roadmaps, project plans and driving program maturity
• Experience with security products and knowledge of IT security technologies
• Prior IT and/or cybersecurity hands-on technical experience preferred
• Experience working in the healthcare industry
• Facilitates clear and effective communication between technical and non-technical stakeholders.
• Minimum 5 years of project management experience
• Minimum 5 years security program leadership experience

Education

• Bachelor or Master’s Degree – Computer Science, Information Technology, Cybersecurity or similar, or equivalent work experience
• Industry-recognized certification in information security strongly preferred: CISSP, CRISC, CISM, HCISSP, or similar