Omnicell logo
Omnicell

A leader in transforming the pharmacy care delivery model

Senior Business Information Security Officer

Security EngineerSecurity EngineerFull TimeRemoteSeniorTeam 1,001-5,000H1B SponsorCompany SiteLinkedIn

Location

United States

Posted

9 days ago

Salary

0

Seniority

Senior

Job Description

Senior Business Information Security Officer

Omnicell

Role Description The Sr. Business Information Security Officer (BISO) serves as the primary bridge between Omnicell’s Enterprise Security Team and designated lines of business and functions. This role helps business units understand, adopt, and operationalize security policies and processes in a way that enables secure growth while meeting regulatory, customer, and audit expectations. - Aligns security priorities with business strategies and go-to-market plans. - Translates technical risk into clear business and regulatory impact for leaders. - Simplifies and integrates security into processes, projects, and technology initiatives. - Builds trust and credibility with executives, product teams, IT, Legal, and Privacy. The BISO partners closely with Enterprise Security pillars (Cyber Architecture & GRC, SecOps, Product/Cloud Security, IAM, Third-Party Risk, Resilience), Privacy, Legal, and commercial, services, and operations leadership. Qualifications - 7+ years of experience in information security, cybersecurity, or IT risk management, with at least 3+ years in a customer- or business-facing security role (e.g., BISO, Security Architect, GRC, Product/Cloud Security, or similar). - Demonstrated experience working with complex, multi-business-unit or enterprise stakeholders, ideally in highly regulated industries (e.g., healthcare, life sciences, finance, or public sector). - Proven ability to translate complex technical risks into business language for VP- and director-level audiences. - Strong understanding of: - Enterprise security programs (policies, standards, risk registers, CAPs). - Core domains such as IAM, network and cloud security, data protection, third-party risk, incident response, and BCDR. - How security controls are evidenced and evaluated in audits and certifications (e.g., HITRUST, SOC 2, HIPAA/HITECH compliance activities). - Excellent written and verbal communication and storytelling skills, including the ability to create executive-ready narratives and lead productive discussions with non-security stakeholders. - Strong influence, relationship-building, and prioritization skills in a complex, matrixed organization. Requirements - Participate in business reviews, portfolio planning, and steering committees to ensure security and privacy requirements are identified early. - Provide clear, risk-based guidance on new initiatives (e.g., product launches, SaaS and cloud deployments, integrations, use of AI, new market segments), documenting recommended controls and trade-offs. - Help business leaders balance growth, customer expectations, and regulatory obligations with Omnicell’s security, privacy, and compliance standards. - Ensure business units operate within Omnicell’s Global Cybersecurity Policy Suite, Enterprise Security Policy, and supporting standards (e.g., IAM, Network Security, Data Protection, Incident Response, Third-Party Risk). - Interpret global policies in the context of regulations and frameworks (e.g., HIPAA/HITECH, HITRUST, SOC 2, state privacy laws such as CCPA/CPRA, payer/provider security requirements). - Maintain a documented security engagement model for stakeholders, including RACI for key controls, decision rights, and escalation paths. - Represent the security risk posture and control maturity in enterprise security and IT risk governance forums. - Maintain a security risk register aligned with NIST CSF v2.0, Omnicell’s risk taxonomy, and enterprise risk processes. - Coordinate or lead risk and privacy impact assessments for systems, data flows, and business processes, in partnership with Privacy, Legal, Product, and IT. - Translate assessment findings into corrective action plans (CAPs) with clear owners, timelines, and mapping to applicable control frameworks (e.g., NIST CSF, NIST 800-53, HITRUST, SOC 2, Omnicell policies, and relevant regulations). - Contribute data to enterprise security metrics and dashboards (e.g., vulnerabilities, incident trends, IAM metrics, training completion) and help drive remediation and continuous improvement. - Embed security into programs and projects (e.g., cloud migrations, data center moves, partner integrations, major customer programs, M&A integrations, and divestitures) by ensuring requirements are captured and designs align with enterprise reference architectures and policies. - Partner with Product/Cloud Security and IT to ensure hosted workloads follow standards across segmentation, logging, IAM, PAM, CSPM, DLP, EDR, and related controls. - Support data classification and handling for operations, ensuring that confidential information, PHI, and PII are managed per Omnicell policies and applicable US laws and regulations. - Promote and coordinate security training and awareness tailored for audiences (commercial, operations, support, engineering, and partners). - Support customer security assessments, RFPs, due diligence, and contract negotiations for opportunities, ensuring accurate and consistent representation of Omnicell’s security posture. - Collaborate with Legal, Privacy, and Enterprise Security to provide timely, high-quality responses to regulators, auditors, and key strategic customers. - Coordinate evidence collection and responses for audits and certifications that include scope (e.g., HITRUST, SOC 2, ISO 27001, HIPAA-related assessments). - Help maintain and improve customer-facing security narratives and documentation relevant to healthcare providers, health systems, and other regulated customers. - Act as a key security lead for incidents impacting systems, customers, or data, in accordance with global Incident Response policies and playbooks. - Coordinate with SecOps, Privacy, Legal, and leadership on triage, containment, remediation, and required customer or regulatory notifications (e.g., HIPAA breach notifications). - Ensure lessons learned from incidents and near misses are captured and drive durable improvements (policy updates, new controls, training, or process changes). - Partner with Enterprise Resilience / BCDR leaders to align continuity and recovery plans for operations with security and risk priorities. - Build and maintain trusted relationships with general managers, functional leaders, IT, Product, and strategic partners. - Influence decision-making by presenting clear, concise narratives on risk, options, and recommended paths that align with Omnicell’s risk appetite and customer commitments. - Mentor security champions and points of contact within business units to distribute ownership of security beyond Enterprise Security. - Champion a strong “security and privacy by design” culture across operations, reinforcing Omnicell’s core values (Do the Right Thing, Passionate Transformer, Relationships Matter, Intellectually Curious). Benefits - Corporate office, hybrid, or remote work arrangements within the United States, consistent with Omnicell policies. - Collaboration across US time zones, with coordination with international stakeholders as needed. - Flexibility to support critical security incidents, urgent vulnerabilities, or customer escalations outside of standard business hours when required. Travel Requirements - Occasional travel (10–20%) to: - Omnicell US offices and hubs. - Customer and partner sites. - Periodic enterprise or security team meetings; limited international travel as needed.

Related Categories

Related Job Pages

More Security Engineer Jobs

Title: Help Desk - Security Analyst Location: Winchester, Virginia Job Description: Employment: Full-time, W-2 employee of our Winchester, Virginia-based client Location: Winchester, VA. On-site at the CPA firm (160 Exeter Drive) 2–3 days per week — closer to 3. Remote the remainder. Reports to: The security team of our Winchester, Virginia-based client; coordinates day-to-day with the CPA firm's IT and security leadership Compensation: Base salary $62,000–$67,000, commensurate with experience About the engagement We are recruiting on behalf of our Winchester, Virginia-based client for a hybrid Help Desk + Security Analyst role embedded inside their anchor CPA firm engagement. Time splits roughly 50/50: half supplementing the CPA firm's internal help desk, half working as a security analyst inside the security program our client manages on the firm's behalf. The hire is our client's hands-on presence in the CPA firm's office. This is a strong seat for someone who wants to grow into deeper security work without giving up the IT generalist skills that keep them sharp and useful. Responsibilities Help Desk (~50%) - Tier 1 / Tier 2 end-user support: workstations, accounts, productivity software, common application issues - Microsoft 365 administration (Exchange Online, Teams, SharePoint, Entra ID basics) - Hardware support, imaging, and provisioning alongside the CPA firm's IT team - Ticket queue ownership and triage Security (~50%) - Vulnerability management: scan operations, finding triage, remediation tracking with IT and end users - Phishing simulation campaigns: planning, deployment, reporting, follow-up training - Security ticket triage and investigation (EDR alerts, email security, identity) - Incident response support under the senior leadership of our Winchester, Virginia-based client - Routine hygiene: access reviews, configuration checks, hardening tasks Required Experience - 2–4+ years across IT support / help desk / junior SOC or security analyst work (any combination) - Strong Microsoft 365, Azure, and Windows endpoint fundamentals - Familiarity with vulnerability scanning workflows — not an expert, but knows what a CVSS score is and how to drive a fix - Solid customer service instincts: patient, professional, willing to help - Lives within reliable commuting distance of Winchester, VA, and can be on-site 2–3 days per week Preferred Experience - Security+, Network+, or equivalent certifications - Experience with EDR platforms (Microsoft Defender, SentinelOne) - Prior exposure to phishing simulation tools (KnowBe4, etc.) - Curiosity about offensive security — there is real room to grow toward pentest and red-team adjacent work over time Compensation - Base salary $62,000–$67,000, commensurate with experience - Full benefits: medical, dental, vision, and 401(k) with employer match - Paid time off and supported professional development

Virginia
$62K - $67K / year
Full TimeRemoteTeam 201-500H1B No Sponsor

• Develop and execute a territory plan for UAE enterprise and strategic accounts; map white space, key stakeholders, and buying centers. • Build and manage a healthy pipeline aligned to quarterly and annual targets; create multi-threaded executive relationships. • Lead complex sales cycles for professional and managed services (e.g., advisory/assessments, implementation, managed XDR/SIEM, cloud & identity security). • Run discovery, solution shaping, value articulation, and ROI/TCO narratives with senior client stakeholders. • Recruit, enable, and co-sell with key partners, drive deal registration, joint go to market, and partner-led pipeline. • Build trusted advisor relationships with C-suite, security leaders, IT operations, and procurement/commercial teams. • Navigate UAE procurement processes (tenders/RFPs/RFIs, vendor pre-qualification, contract reviews) and coordinate internal approvals (legal, finance, delivery). • Own pricing, proposals, SoWs, and risk mitigation; drive compelling bids with presales and solution architects. • Land, expand, and renew multi‑year service contracts; identify cross‑sell/upsell motions across security, cloud, network, data, and compliance services. • Conduct QBRs/EBRs with clients and partners; track outcomes against success metrics and SLAs.

United Arab Emirates

Security / Cryptography Engineer

CE Labs

CE Labs designs and builds systems where security comes first — applied cryptography and rigorous engineering, backed by formal methods where correctness matters most.

Role Description At CE Labs, which we just spun off from Cryspen, we're all about creating the core security and privacy tools for the apps of tomorrow. We do everything from advanced, end-to-end encrypted protocols such as MLS to handling all the cryptography underneath. Plus, we assist others in bundling these into SDKs and applications. We are looking for a systems-minded engineer fluent in Rust to join our small team. Your main focus will be translating RFCs, complex cryptographic primitives, and academic papers into production-ready, safe, and highly optimized software. You will also actively help us design and create entirely new protocols and standards. - Develop and implement cryptographic protocols to enhance system security. - Collaborate with internal and external teams to integrate security protocols and cryptography into software applications. - Conduct security audits and vulnerability assessments to identify and mitigate risks. - Stay updated on the latest advancements in security and cryptography and apply them to our projects. - Work closely with clients to understand their security needs and provide tailored solutions. Qualifications - Strong foundation in applied cryptography and understanding of cryptographic protocols. - Experience with software development in Rust, specifically in security-focused applications. - Excellent problem-solving skills and the ability to work collaboratively in a small team setting. - A plus: A degree in Computer Science, Engineering, or a related field, or equivalent experience. - A plus: Interest in formal methods and their application in ensuring system correctness. Benefits - Flexible working hours - Public transportation benefits - Remote work - Room to grow personally and professionally - Family-friendly work environment - 4 day work week Company Description CE Labs designs and builds systems where security comes first — applied cryptography and rigorous engineering, backed by formal methods where correctness matters most.

Worldwide

Role Description The IT Security Program Manager is responsible for executing and managing the day-to-day operations of Recovery Centers of America’s cybersecurity program. This role will coordinate and perform audits, oversee third-party risk management, manage RCA’s security awareness and phishing programs, drive policy governance, and ensure the timely resolution of open risk items and vulnerabilities. - Manage the daily operations of RCA’s cybersecurity program under the guidance of the CISO. - Coordinate and track the completion of internal and external security audits, including HIPAA, SOC 2, and NIST-based assessments. - Maintain and monitor the Information Security Risk Register, ensuring timely resolution of identified issues and mitigation of critical findings. - Lead tabletop exercises and incident response simulations to test and improve RCA’s preparedness and business continuity planning. - Collaborate with RCA leadership and department heads to ensure that security policies and controls are understood and effectively implemented across all business units. - Manage the third-party risk assessment program, ensuring that all vendors with access to PHI or critical systems undergo security evaluation and periodic reassessment. - Review BAAs, security questionnaires, and compliance attestations; ensure corrective action for identified gaps. - Partner with Procurement and Legal to integrate security requirements into new and existing vendor contracts. - Work with the CISO to review, update, and publish information security policies, standards, and procedures in accordance with HIPAA, HITECH, and NIST frameworks. - Develop dashboards and recurring reports to track security metrics, compliance posture, and program maturity for presentation to the CISO and executive leadership. - Monitor and interpret changes to regulatory requirements, ensuring timely updates to RCA’s compliance program. - Administer and optimize RCA’s KnowBe4 Security Awareness and Phishing Training Program. - Track user engagement and training completion rates, and provide metrics and recommendations to leadership. - Develop creative awareness campaigns to strengthen RCA’s security culture. - Identify and track critical infrastructure vulnerabilities, working with IT and Infrastructure teams to ensure remediation and continuous monitoring. - Oversee MDM security, ensuring appropriate device controls, encryption, and enforcement of mobile security policies. - Support the CISO in analyzing threat intelligence, vulnerability trends, and endpoint security performance (e.g., CrowdStrike, firewall alerts). - Ensure continuous compliance with HIPAA, HITECH, and NIST 800-53 / 800-171 requirements. - Coordinate with Compliance, Legal, and Clinical leadership to ensure consistent risk management practices. - Participate in post-incident reviews, documenting lessons learned and recommending process improvements. Qualifications - Bachelor’s degree in Information Security, Computer Science, Information Technology, or related field required. - Minimum of 5–7 years of progressive experience in cybersecurity, IT risk management, or audit within a regulated environment (preferably healthcare). - At least 2 years in a program management or leadership role overseeing information security functions. - Strong working knowledge of HIPAA, NIST 800-53, HITRUST, and security risk management frameworks. - Certifications (preferred but not required): Security +, CISSP, CISM, CRISC, HCISPP, or equivalent security certification. - PMP or similar project management certification is a plus. Technical Skills - Understanding of endpoint protection, SIEM tools, MDM platforms (e.g., Intune), and vulnerability management solutions. - Experience with vendor risk tools, audit tracking systems, and compliance reporting. - Familiarity with Microsoft 365 Security Suite, KnowBe4, and GRC platforms. Core Competencies - Strong analytical and problem-solving skills. - Excellent written and verbal communication skills, with the ability to translate technical risks for non-technical stakeholders. - Highly organized and detail-oriented, with the ability to manage multiple priorities simultaneously. - Demonstrated ability to build cross-functional relationships and drive accountability. - Passionate about RCA’s mission and maintaining the privacy and security of patient information. Travel - Limited travel is required for this position. - This position is primarily a remote position.

United States