Director, Chief Information Security Officer (CISO)
About The Position
The Staff Pad is seeking a Chief Information Security Officer (CISO) on behalf of a leading healthcare organization in Helena, Montana. This executive leader will establish and maintain the enterprise security vision, strategy, and program to safeguard all information assets—including PHI and sensitive clinical, administrative, and operational data. The CISO will oversee risk management, regulatory compliance, security operations, incident response, and the development of a strong security culture across the organization. This role requires both strategic leadership and deep technical expertise within the healthcare sector. The CISO leads the enterprise cybersecurity program, ensuring the protection of systems, data, and clinical technologies while supporting patient safety and operational continuity. This leader will oversee governance, risk, compliance, and security operations, working closely with executive leadership to guide security strategy and response.
Requirements
- Minimum 7 years of progressive experience in Information Security; senior leadership or CISO-level experience preferred.
- Strong healthcare industry background, including understanding of EHR systems and PHI protection.
- Proven expertise in enterprise cybersecurity architecture, IAM, cloud security, and threat detection tools.
- Demonstrated experience conducting and managing enterprise risk assessments.
Responsibilities
- Develop and execute a long-term information security strategy aligned with organizational goals.
- Build and maintain an enterprise security framework (NIST CSF, 405D, ISO 27001, HITRUST, etc.).
- Advise executive leadership and the Board on security posture, threats, and mitigation plans.
- Manage the information security budget and security technology investments.
- Lead enterprise risk assessments and prioritize mitigation initiatives.
- Ensure compliance with HIPAA/HITECH, GDPR, and other relevant data privacy regulations.
- Oversee creation and enforcement of security policies, procedures, and standards.
- Direct internal and external audit readiness and remediation (HITRUST, SOC 2, etc.).
- Manage a robust vendor and third-party risk management program.
- Lead security operations, including threat/vulnerability management, IAM, SIEM, and endpoint protection.
- Oversee development and testing of Incident Response, Disaster Recovery, and Business Continuity plans.
- Serve as executive incident manager during security events, breaches, and investigations.
- Ensure security of EHR systems, medical devices, and clinical technologies.
- Build and lead a strong GRC and SecOps team.
- Drive organization-wide security awareness and training initiatives.
- Partner with IT, Clinical Operations, Legal, HR, and other departments to embed security into systems and workflows.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Director
Education Level
No Education Listed
