The Chief Information Security Officer (CISO) for LifeLabs is responsible for developing and leading the execution of a comprehensive information security and risk management program to protect the organization ensuring information assets and business consumers are adequately supported and protected from cyber threats. The CISO is responsible for setting strategic direction for LifeLabs in alignment with Quest Diagnostics and ensuring all regulatory and compliance requirements are met.
The CISO position requires a pragmatic leader with strong skills in technology and business management. This role requires an integrator of people and processes, a thought leader, a problem solve, an effective communicator and solid domain competency in a number of specialized technology domains.
The LifeLabs CISO will report directly to the SVP and Chief Security Officer for Quest Diagnostics with a dotted line to the CIO of LifeLabs.
Status: Full Time
Number of Positions: 1
Start Date: ASAP
Internal Application Deadline: 1 August 2025
LifeLabs operates under a Hybrid workforce model. Further details will be provided during the interview stage.
Core Accountabilities:
Develop and Implement the Security Strategy for Cloud and Network
Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program for LifeLabs ensuring alignment with Quest Diagnostics. Collaborate with executive leadership to align security initiatives with enterprise programs and business objectives. Ensure Cyber Security First is core to all LifeLabs technology services and becomes a cultural norm at LifeLabs Establish and develop long term continuous improvement strategy for security practice Develop cybersecurity technology and control objective roadmap to achieve desired level of security posture and maturity Evaluate IT threat landscape, devising cyber security policy and controls to reduce risk. Develop cyber resiliency to rapidly recover from hacking, security incidents, or infringements. Oversee security architecture, including the planning, buying, and deployment of security hardware and software, and making sure IT and network infrastructure is designed with best security practices in mind. Develop internal goals/processes and metrics to measure their effectiveness (e.g. OKRs) Establish and Ensure Governance, Risk and Compliance (GRC) Management Ensure the organization is properly advised and positioned to manage technology and cyber risk across all IT and business services Lead auditing and compliance initiatives, ensuring adaptability to evolving compliance regulations Maintain Program compliance with all regulatory obligations Conduct annual tabletop exercises to validate and test business continuity plans and cybersecurity incident response plans Report security risk threshold violations to the Enterprise Risk Management function and educate executive team on risk treatment and mitigation strategies Manage expectations and participate in legal related activities around security incidents Manage vendor relationships and third-party risk assessments.Lead Security Training and Awareness
Ensure a structured cyber security and risk awareness program is in place to educate staff and affiliates on their roles and responsibilities in providing a safe and secure business environment Develop and successfully implement, effective and pragmatic security awareness strategy and culture Prepare employees with the tools, skills, resources, relationships, and capabilities to protect against information security risks. Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program. Communication and Stakeholder Relations Prepare and present regular reports on the status of the information security program to senior management of LifeLabs and Quest Collaborate with business leaders to prepare and present updates to external stakeholders including customers and government partners.Performance, Engagement and Development of Team
· Lead a team of Cyber security professionals ensuring a focus on performance, engagement and development of team members. · Develop and implement a plan for continuous growth and development of team members. · Build a plan to lead demonstrating our LifeLabs values, capabilities and People Strategy ensuring the attraction and retention of talent. · Build a culture of accountability, continuous improvement, and service excellence.Required Education:
Bachelor’s or master’s degree in computer science, Information Systems, Cybersecurity, or a related field. 10+ years of experience in information security and IT risk management, with at least 5 years in a leadership role. Strong knowledge of information security frameworks, standards, and best practices. Excellent leadership, communication, and interpersonal skills. Experience with cloud security, incident response, and regulatory compliance. Working knowledge of cloud security design patterns and technologies, secure use of SaaS, and cloud security tools. Network design experience to support IoT and OT as well IT systems, connectivity to private and public cloud systems.Designation (if applicable): One or more Professional Security Certifications:
Certified Information Security Manager (CISM) – Associate of ISACA designation GIAC Strategic Planning, Policy, and Leadership (GSTRT) Systems Security Certified Practitioner (SSCP) – Associate of (ISC)² designation GIAC Security Leadership Certification (GSLC) SANS Security Awareness Professional (SSAP) Certified Information Systems Security Professional (CISSP) - (ISC)² (GCIA, GSNA, GLEG, GCIH, CISA, CEH, GCED, Security +)