Chief Information Security Officer

We are building a World Class Service Center and invite you to join a team of people who are committed to a core objective of supporting life changing service and providing professional expertise to the operations and leaders we support.

About the Company

Pennant Services is one of the most dynamic and progressive companies in the rapidly expanding senior living, home health, hospice, and home care industries. Affiliates of Pennant Services now operate 111 senior living, home health, hospice and home care operations across 14 states and we are growing! These operations have no corporate headquarters or traditional management hierarchy. Instead, they operate independently with support from the “Service Center,” a world-class service team that provides the centralized clinical, legal, risk management, HR, training, accounting, IT and other resources necessary to allow on-site leaders and caregivers to focus squarely on day-to-day care and business issues in their individual agencies.

Something else that sets us apart from other companies is the quality of our most valuable resources – our people! We are dedicated to living out our culture as defined by our core values, “CAPLICO”:

Customer Second

Accountability

Passion for Learning

Love One Another

Intelligent Risk Taking

Celebrate

Ownership

By incorporating these principles at all levels of our organization, our employees feel valued and excited about their impact on our service center team members and operational partners. Our culture fosters excellence both personally and professionally and promotes development that leads to continued success.

Job Summary:

The IT Security Officer and Director (CISO) is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. This role will oversee and coordinate security efforts across the company, including information technology, human resources, communications, legal, and other groups, and will identify security initiatives and standards.

Key Responsibilities:

Develop and Implement Security Strategy:

• Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.
• Work with senior management and corporate risk governance teams to determine acceptable levels of risk for the organization.
• Collaborate with other departments to ensure security measures are integrated into all aspects of the organization's operations.
• Stay current with emerging security trends, threats, and technologies, and recommend enhancements to the security program.

Security Operations:

• Lead incident response planning and investigation of security breaches and assist with any associated disciplinary and legal matters.
• Direct the installation and use of security tools (e.g., firewalls, data encryption, IDS/IPS) to protect sensitive information.
• Monitor and manage security systems and tools to detect and respond to security threats and incidents.
• Conduct regular security assessments and vulnerability scans to identify and mitigate security risks.
• Conduct thorough investigations of security breaches and incidents, implementing corrective actions and documenting findings.
• Provide security awareness training and education to employees to promote a culture of security.
• Prepare and present regular reports on the status of the information security program to senior management.

Compliance and Governance:

• Ensure compliance with the changing laws and applicable regulations.
• Coordinate and track all information technology and security-related audits, including scope of audits, units involved, timelines, auditing agencies, and outcomes.
• Manage and continuously improve information security governance processes.

SOX Audits:

• Oversee IT's internal controls for SOX (Sarbanes-Oxley) audits to ensure compliance with financial reporting requirements.
• Work closely with the internal audit team and external auditors to provide necessary documentation and evidence of IT controls.
• Identify and remediate any deficiencies in IT controls to maintain SOX compliance.

HIPAA Compliance:

• Ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA) by implementing and maintaining robust security measures.
• Conduct regular audits and assessments to ensure the protection of Protected Health Information (PHI).
• Provide training and resources to staff on HIPAA compliance requirements and best practices.

Risk Management:

• Identify and assess risks to the organization's information and IT assets and recommend mitigation strategies.
• Develop and maintain the enterprise IT risk register.

Team Leadership and Development:

• Oversee the selection and training of information security staff.
• Develop security awareness programs and communicate to employees about the importance of information security.

Liaison and Coordination:

• Act as a liaison with the company's senior management and the board of directors, ensuring that security issues are prioritized and budgeted appropriately.
• Coordinate security initiatives with other departments to ensure integrated risk management.

Security Architecture:

• Collaborate with the IT department to design and implement secure IT architectures and networks.
• Ensure that security architectures and strategies are in alignment with the organization’s goals and objectives.

Qualifications:

Education:

• Bachelor’s degree in Computer Science, Information Systems, Business Administration, or related field.
• Master’s degree preferred.

Experience:

• Minimum of 10 years of experience in a combination of risk management, information security, and IT roles.
• At least five years in a senior leadership role.

Certifications:

• Professional security management certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or similar credentials.

Skills and Abilities:

• Strong understanding of current and emerging security technologies and how they align to evolving business needs.
• Excellent project management, organizational, and leadership skills.
• Strong communication and interpersonal skills, with the ability to communicate security-related concepts to a broad range of technical and non-technical staff.
• Ability to influence and build consensus at all levels of the organization.

Personal Attributes:

• High integrity and ethical standards.
• Strong analytical and problem-solving skills.
• Ability to remain calm and composed under pressure.
• Commitment to continuous learning and development.

About The Pennant Group

We are proud to be affiliated with the Pennant Group, Inc. (NASDAQ: PNTG). Pennant was created in 2019 in connection with The Ensign Group, Inc.’s (NASDAQ: ENSG) spin-off of its home health, hospice, and senior living businesses. We believe that through our innovative operating model, we can foster a new level of patient care and professional competence at our independent operating subsidiaries and set a new industry standard for quality home health and hospice and senior living services. You can learn more about The Pennant Group at www.pennantgroup.com