Chief Information Security Officer (CISO) | PAM Health Corporate

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, Information Systems, or related field required.
• Minimum of 10 years progressive information security experience, including 5+ years in senior leadership with accountability for enterprise security program delivery.
• Demonstrated experience in healthcare environments (provider and/or post-acute preferred), including protection of ePHI, regulatory readiness (HIPAA/HITECH), incident response leadership, and third-party/vendor risk management.
• Experience with cloud security, identity governance, security operations, and partnering with IT and clinical/operational leaders.
• Deep knowledge of cybersecurity principles and controls, including identity and access management, encryption, network security/segmentation, endpoint security, logging/monitoring, vulnerability management, and secure configuration baselines.
• Strong understanding of healthcare security and compliance requirements, including HIPAA/HITECH and safeguarding of ePHI; ability to translate regulatory requirements into operational controls and evidence.
• Proven ability to lead incident response and crisis communications, coordinate cross-functional teams, and drive post-incident remediation.
• Ability to communicate risk clearly to executives and non-technical stakeholders; produce actionable metrics, dashboards, and executive summaries.
• Demonstrated leadership skills: team development, vendor/partner management, negotiation, and influence without authority.
• Strong analytical and decision-making skills; sound judgment under pressure; ability to prioritize based on patient safety, operational resilience, and risk reduction.
• High integrity and commitment to confidentiality, professionalism, and stewardship of organizational resources.

Nice To Haves

• Master’s degree (e.g., MS, MBA, MHA) preferred.
• Current security leadership certifications strongly preferred (e.g., CISSP, CISM, CISA, CRISC).
• Healthcare security/privacy training and continuing education expected.
• Preferred experience includes: security program governance (NIST CSF), risk assessment and remediation planning, vulnerability/patch management, security monitoring, ransomware preparedness, business continuity/disaster recovery testing, and business associate/vendor security due diligence.

Responsibilities

• Leads the enterprise cybersecurity program across corporate and facility environments, including networks, endpoints, servers, cloud services, applications, EHR/clinical systems, identity and access management, and third parties that create, receive, maintain, or transmit ePHI.
• Develop and maintain a multi-year information security strategy and roadmap aligned to PAM Health’s risk appetite, clinical needs, and business objectives.
• Establish security governance (policies, standards, and procedures) and oversee a risk-based security program aligned to recognized frameworks (e.g., NIST CSF), healthcare requirements, and organizational priorities.
• Oversee HIPAA Security Rule administrative, physical, and technical safeguard alignment for ePHI, including periodic risk analysis, risk management plans, and documentation/evidence required for audits and assessments.
• Own enterprise cybersecurity risk management: maintain a security risk register, drive prioritization, ensure remediation tracking, and provide executive-level risk reporting and metrics.
• Direct security operations, including vulnerability management, threat detection/monitoring, security tooling strategy, and response processes (internal team and/or managed security service providers).
• Lead incident response preparedness and execution: develop and test playbooks, coordinate tabletop exercises, manage escalation, ensure lessons-learned remediation, and coordinate regulatory/contractual notification readiness.
• Partner with IT and business leaders to embed security into architecture and delivery (security-by-design), including secure configuration baselines, segmentation, encryption standards, logging, and change management.
• Oversee identity and access management governance (role-based access, privileged access, access reviews, and least-privilege) to support “minimum necessary” access principles for ePHI.
• Establish and operate a third-party risk management program for vendors/business associates, including due diligence, security requirements in contracting, periodic reassessments, and remediation tracking.
• Collaborate with Privacy, Compliance, Legal, and HR on security awareness, training, and enforcement of policies and sanctions related to security and acceptable use.
• Oversee business continuity and disaster recovery security requirements in partnership with IT/Operations, including ransomware resilience, backup protections, and recovery testing.
• Provide executive-level communication on security posture, material risks, and improvement plans; prepare reporting suitable for senior leadership and Board/Board committees as applicable.
• Stay current on healthcare cyber threats (including ransomware and third-party/supply chain risks) and translate emerging risks into actionable mitigation strategies.
• Promotes cooperation, fairness and equity; shows respect for people and their differences; works to understand perspectives of others; demonstrates empathy; brings out the best in others and in his/her team.
• Coaches, evaluates, develops, and inspires staff; sets expectations; recognizes achievements.
• Demonstrates accountability and sound judgment in managing company resources; appropriate understanding of confidentiality and company values; adheres to and supports company policies, procedures and safety guidelines.
• Identifies problems and involves others in seeking solutions; conducts appropriate analysis and searches for best solutions; effectively and efficiently implements appropriate responses to correct problems; responds promptly and effectively to new challenges.
• Makes clear, consistent decisions; acts with integrity in all decisions; distinguishes relevant from irrelevant information; makes timely, appropriate decisions.
• Understands company vision and aligns priorities accordingly; measures outcomes; uses feedback to redirect as required; evaluates alternatives; appropriately organizes complex issues to desirable resolution.
• Connects with peers, subordinate employees and all customers; actively listens; clearly and effectively shares information; demonstrates effective oral and written communication skills; negotiates effectively.
• Strives for efficient, effective, high-quality performance in self and in the department; delivers timely and accurate results; resilient when responding to matters that are challenging; takes initiative to make improvements.
• Motivates others; accepts responsibility; maintains high morale in department; develops trust and credibility; expects honest and ethical behavior of self and staff.
• Encourages cooperation and collaboration; builds effective teams; works in partnership with others; is flexible; responsive to the needs of others.
• Maintains up-to-date skills through involvement with professional organizations and/or continuing education.
• Maintains the highest level of customer service via courtesy, compassion and positive communication.
• Promotes the mission and vision of PAM Health within the work environment and the community.
• Respects dignity and confidentiality by adherence to all applicable policies and procedures.
• Works in a manner that promotes safety; wears clothing appropriate to the performance of the job.
• Participates in OSHA required training.
• Follows universal precautions as appropriate for position; complies with Employee Health requirements for continued employment.
• Reports unsafe practices to management.
• Knows own role in case of an emergency.

Benefits

• competitive pay
• generous paid benefit time
• excellent insurance options
• opportunities for professional growth through our Education Advancement Program