Chief Information Security Officer (CISO)

DISCLOSURES

The specific statements shown in each section of this job description are not intended to be all-inclusive. They represent typical elements and criteria considered necessary to perform the job successfully. The job’s responsibilities/tasks may be modified and/or expanded over time. Company will inform the personnel member when changes in the respective job description are made.

ABOUT ENTERPRISE MANAGEMENT SOLUTIONS, LLC

Enterprise Management Solutions, LLC (Enterprise) is a full-spectrum administrative and operational management firm headquartered in Baltimore, Maryland. We provide contracted infrastructure support to independently governed organizations in sectors such as behavioral health, primary care, supportive housing, food service, commercial real estate, and nonprofit development.

Enterprise does not own or govern the organizations we serve. Instead, we operate as a trusted administrative services provider under formal contractual agreements, offering high-level back-office services that allow our clients to focus on mission execution and program delivery.

Our scope of service includes:

Comprehensive fiscal systems and multi-entity accounting

Human resource infrastructure and staff onboarding

Legal compliance and audit readiness

Technology integration and IT systems governance

Organizational growth planning and fiscal sustainability analysis

Federal and state grant compliance, budget monitoring, and reporting

Financial and operational performance dashboards

CEO- and executive-level strategy support

Our goal is to relieve mission-driven companies of administrative burden by overseeing financial and operational systems that allow leadership teams to focus on quality care and innovation.

COMPANY WEBSITE: https://enterprisemanagement.org/

COMPANY PHONE NUMBER: (667) 309-5345

HUMAN RESOURCES PHONE NUMBER: (667) 309-5345 ext. 10

POSITION TITLE: Chief Information Security Officer (CISO)

ALTERNATE TITLE(S): Chief Cybersecurity Officer (CCSO), Chief Security Officer (CSO – Cybersecurity), Senior Cybersecurity Executive

COMPANY: Enterprise Management Solutions, LLC (in support of all customer companies under contract)

DIVISION: Technology & Information Security

DEPARTMENT: n/a

UNIT: n/a

BENEFITS PACKAGE: This position is eligible for standard W-2 employee benefits, including but not limited to those outlined in the Company’s official benefits package. Eligibility and participation are subject to the terms and conditions of the applicable plans. Full details are provided in the current benefits package documentation.

WORK SCHEDULE: Two days per week: Tuesday and Thursday, 8:00 AM – 5:00 PM (daily lunch break from 12:00 PM – 1:00 PM)

ACCOUNTABLE TO: Chief Executive Officer (COO, in absence of CEO)

ACCOUNTABLE FOR: Oversight of cybersecurity strategy, data protection, regulatory compliance, and the supervision of all information security systems, personnel, and vendors across all affiliated companies. This role is responsible for ensuring uninterrupted cybersecurity operations, incident response readiness, and cross-training protocols to protect critical client and company assets.

CLASSIFICATION: W-2 employee; part-time hourly

COMPENSATION RANGE: Ranges between $55.00 per hour to $90.00 per hour, and is commensurate with experience, expertise, verified credentials, and available company budget.

ANTICIPATED TRAVEL: Up to 10% of the time (interoffice and site-based meetings)

WORKPLACE POLICY: This is a 100% in-office role at Baltimore HQ, two days per week. Remote work or telework is prohibited unless explicitly pre-approved in writing by the CEO.

SUMMARY OF POSITION RESPONSIBILITIES
The Chief Information Security Officer (CISO) serves as the organization’s highest-ranking cybersecurity executive, responsible for designing, implementing, and maintaining a resilient information security program that safeguards company and client systems against internal and external threats.

The CISO oversees all areas of cybersecurity including policy development, risk management, threat detection, incident response, and compliance with federal and state regulations (HIPAA, HITECH, GDPR, SOC2, PCI-DSS, NIST, and others as applicable).

This role also ensures that Enterprise delivers all contracted Information Security, IT Governance, and Cybersecurity Risk Management services to affiliated entities, protecting sensitive healthcare, housing, financial, and client records.

The CISO plays a critical role in aligning technology security with enterprise goals, while proactively mitigating risks across all operational areas.

SCHEDULED DUTIES AND RESPONSIBILITIES

Cybersecurity Strategy & Leadership

Develop and execute a company-wide cybersecurity program aligned with business and client requirements.

Translate the CEO’s strategic vision into measurable, risk-based security initiatives.

Conduct long-term security planning, including disaster recovery and business continuity.

Risk Management & Regulatory Compliance

Ensure strict compliance with HIPAA, HITECH, GDPR, SOC2, PCI-DSS, NIST, and state regulations.

Perform enterprise-wide risk assessments and vulnerability scans.

Maintain and update incident response, breach notification, and audit readiness protocols.

Threat Monitoring & Incident Response

Direct the Security Operations Center (SOC) or equivalent vendor-managed services.

Oversee intrusion detection, SIEM monitoring, log review, and malware defense.

Lead incident response, forensic investigation, and breach communication with executive leadership.

Identity, Access, and Data Security

Manage identity and access management systems, including MFA and privileged access controls.

Oversee endpoint, mobile device, and server security configurations.

Ensure encryption, secure backups, and data loss prevention across all platforms.

Vendor & Third-Party Oversight

Review vendor contracts, security certifications, and compliance attestations.

Establish standards for secure integration with external technology providers.

Lead vendor risk management and third-party security audits.

Internal Policies & Training

Develop internal cybersecurity policies, acceptable use guidelines, and SOPs.

Deliver quarterly staff training on phishing, ransomware, and cybersecurity awareness.

Conduct simulated incident drills and security tabletop exercises.

Collaboration & Executive Support

Advise the CEO and COO on cybersecurity risks and budget needs.

Partner with CFO, HR, and Operations Managers to ensure cross-department compliance.

Provide security briefings to the Board of Directors and client executives.

UNSCHEDULED DUTIES AND RESPONSIBILITIES

Respond to emergent cybersecurity threats or system alerts.

Support investigations of insider threats, fraud, or data misuse.

Participate in interdepartmental workgroups to integrate new systems securely.

Maintain active knowledge of evolving threats, ransomware tactics, and industry best practices.

Lead recovery efforts in the event of a cyber-attack or natural disaster affecting IT infrastructure.

PHYSICAL DEMANDS

Prolonged periods sitting at a desk and working on a computer.

Occasional lifting up to 25 pounds.

WORKING CONDITIONS

Cross-functional collaboration with executives and technical staff.

100% in-office role at Baltimore HQ (two days per week, no remote or hybrid unless CEO approved).

Travel up to 10% may be required for audits, client meetings, or incident response.

Must be available during scheduled hours with flexibility for emergent needs.

COMPETENCIES AND SKILLS

Visionary leadership with deep technical and cybersecurity acumen.

Expertise in risk management, incident response, and compliance frameworks.

Skilled in cloud security (AWS, Azure, Google Cloud), SaaS protection, and on-premises systems.

Strong command of cybersecurity frameworks: NIST CSF, ISO 27001, COBIT.

Familiarity with healthcare IT and HIPAA/HITECH security requirements.

Effective communicator able to brief executives and train staff.

Demonstrated ability to lead multidisciplinary teams and manage security vendors.

LEVEL OF EDUCATION / TRAINING / QUALIFICATIONS

Master’s degree in Cybersecurity, Computer Science, or Information Technology (required).

Certified Information Systems Security Professional (CISSP) in good standing (required).

Additional certifications (CISM, CISA, CCSP, CRISC) strongly preferred.

Minimum 8–10 years of progressive cybersecurity leadership experience, with at least 5 years in a senior or CISO role.

Experience overseeing security in healthcare, housing, financial, or government environments strongly preferred.

Demonstrated track record of regulatory compliance, successful incident response, and enterprise-level security program development.