Chief Information Security Officer (CISO)


Chief Information Security Officer (CISO)

Reports To

<p>Chief Financial and Administrative Officer (CFAO)</p>

The CISO will lead and oversee teams and strategy for information security governance. Success for this role entails designing and delivering a long-term information security strategy and roadmap inclusive of programs, policies, procedures, security operations and escalations protocols of key issues to CAQH executives.  

Specific Responsibilities
  • Developing and implementing CAQH enterprise-wide security strategies and communicating them effectively across company leadership and the Board of Directors that are Best in Class. 

  • Providing alignment within the security, solutions, technology and business leadership teams regarding threat vectors, risk levels, and operational security. Engage and partner with teams to ensure technology solutions are built with appropriate security considerations.

  • Driving Cybersecurity strategic guidance to the Executive Leadership Team to aid in strategic decision making with a Cyber lens.
  • Offering subject matter expertise on behalf of CAQH both in the broader Governance, Risk and Compliance community as well as with clients, prospects, corporate cyber insurance carriers and the CAQH Board of Directors. This role is critical in driving influence through thought leadership and industry presence.

  • Championing a culture of compliance at CAQH and implementing adherence to cybersecurity measures across the organization.
  • Leads and oversees the activities of the incident response team, manages incidents, and leads CAQH’s confidential security investigations.

  • Creating and managing all CAQH vendor IT Security risk strategy and protocols (negotiate contractual requirements, assess vendor controls, establish ongoing monitoring processes, interface with vendor security leadership, address issues as they arise etc.).

  • Advising the Board of Directors and Executive Leadership Team on enterprise-wide security strategy and recommended approach. 

  • Strict adherence to security requirements set forth by customer contracts, state, and federal governance standards, and HITRUST security framework.

  • Defines the organizational structure of the IT Security team and collaboratively negotiates and establishes the IT Security roles & responsibilities across all CAQH departments.

  • Leads and oversees the activities of the security team, including vendor security organizations, succession planning, and workload balancing.

  • Establishes and sustains organization-wide security standards, process improvements, governance processes, and performance metrics to ensure that people, processes, and technology mitigate both internal and external threats. 

  • Responsible for recommending and managing a budget that aligns with the organization's financial and risk management strategies. 

  • Interfaces with potential partner/customer senior security leadership and the legal department to assist in the execution of new business opportunities, including reviewing and negotiating security requirements in customer contracts and management of existing relationships.

  • Serves as a trusted partner with the legal/compliance department to monitor compliance with and enforce privacy and security policies and the CAQH Code of Conduct. Serves as a source of information/analysis on Cybersecurity legislation and activities both domestically and internationally.

  • Prepares and conducts security briefings for the Board of Directors and other relevant leadership meetings and as requested. 

  • Develop and manage a standard CAQH security approach that identifies synergies across all company vendors and segments. 

  • Attracts, motivates, develops, and retains highly skilled leaders, champions, and models leadership development.

  • Leads the evaluation and selection of information security service products impacting the governance, risk, and compliance team. 

  • Implements governance based on best practices and validates alignment with projects and major initiatives at CAQH. 

Established in late 2013 to provide IT Security and Privacy policies, the CISO function reports to the Chief Financial and Administrative Officer, with a strong dotted line to the Chief Technology Officer. The CISO will lead and oversee teams and strategy for information security governance. Success for this role entails designing and delivering a long-term information security strategy and roadmap inclusive of programs, policies, procedures, security operations and escalations protocols of key issues to CAQH executives. 


Managing continuous improvement and cost reduction opportunities in a cloud-based (MS-Azure) environment are important as is providing strategic leadership and direction for new security technology needs of CAQH and ensuring alignment with business objectives in cooperation and collaboration with the solutions technology team. Accountable for enabling business velocity while consistently increasing the CAQH security posture. 


This is a full-time, exempt, remote position. Candidates must apply on the CAQH Careers Page to be considered for the role.

Knowledge, skills and abilities
  • Demonstrated success leading large-scale initiatives/transformations within health plan/member driven environments and/or vendor relationships to health plans.

  • Successful exposure to Cloud-based data environments with a particular focus on MS-Azure.

  • Ability to assess and manage different levels of risk tolerance and risk exposure across the organization, balanced against security investment.

  • Demonstrated ability to communicate information security risks, strategies and concepts to the executive leadership team, Board of Directors and CAQH clients.

  • Demonstrated ability to lead and influence others to successfully implement IT Security initiatives at an organization-wide level.

  • Ability to generate enthusiasm and understanding of the information security vision and how each role contributes to the achievement of that vision.

  • Possess good planning and time management skills. Highly organized and efficient with excellent follow-up skills.

  • Proven excellent interpersonal skills with strong and persuasive oral and written communication skills.

  • Ability to operate in a fast-paced and changing environment, while remaining focused on results and goals.

  • Ability to exercise consistent professionalism and good judgment during conflict and resolve differences constructively.

  • Minimum of twelve (12) of information security management experience including seven (7) years of leading an information security organization (previous Chief Information Security Officer position is preferred).  Health plan or vendor experience to health plans necessary.

  • Seven (7) or more years’ experience implementing and operating programs covering information security risk, compliance, and governance space with a strong working knowledge of NIST, HIPAA, HITRUST, SOC 2 Type 2, PCI, and other federal and state regulations as they relate to healthcare.

  • 3-5 years information security experience within an Azure or other cloud infrastructure environment.

  • Experience managing in an environment with a combination of internal and outsourced business processes highly desired.

  • Experience in organizations with minimum PHI and PII record counts in the tens of millions required.

  • Experience managing IT Security on an Agile product development organization required.

Supervisory Experience:

  • The CISO will lead a team including an IT Security Director, two or more staff analysts and relevant contractors and vendors.

  • Bachelor’s Degree Required, concentration in Business, or Information Systems preferred, master’s preferred. 


  • Certified information systems security professional (CISSP) designation is required. 
  • SaFE certifications helpful, but not required.