Chief Information Security Officer

About The Position

Requirements

• 7+ years of progressive experience in information security
• 3+ years of experience in a healthcare environment
• 5+ years of leadership or management experience
• Bachelor’s degree in information security, Computer Science, Information Technology, or related field (required)

Nice To Haves

• Master’s degree (preferred)
• CISSP – Certified Information Systems Security Professional
• CISM – Certified Information Security Manager
• HCISPP – Healthcare Information Security and Privacy Practitioner

Responsibilities

• Lead Enterprise Security Strategy
• Define and execute a forward-looking information security strategy aligned with organizational and clinical priorities
• Establish scalable, enterprise-wide security frameworks, policies, and standards
• Partner with executive leadership to integrate cybersecurity into broader business and technology strategies
• Protect Critical Systems & Data
• Safeguard the confidentiality, integrity, and availability of ePHI and other sensitive data across the organization
• Identify, assess, and mitigate cybersecurity risks in a complex healthcare environment
• Strengthen defenses against evolving threats through proactive monitoring and continuous improvement
• Drive Compliance & Governance
• Ensure compliance with HIPAA, HITECH, and applicable federal and state regulations
• Align security practices with industry standards such as NIST and ISO frameworks
• Lead audit readiness efforts and support regulatory and accreditation requirements, including Joint Commission standards
• Lead Incident Response & Risk Management
• Oversee incident response capabilities, including detection, investigation, containment, and recovery
• Develop and maintain robust risk management and remediation strategies
• Provide clear, timely communication and reporting during security events
• Advance Security Through Technology & Innovation
• Partner with IT to embed security across infrastructure, applications, and digital health technologies
• Oversee security practices related to cloud environments, identity and access management, and data protection
• Ensure secure integration of EHR systems and medical devices
• Build a Culture of Security Awareness
• Champion security awareness and training programs for teammates and clinical staff
• Promote a culture of accountability and shared responsibility for protecting patient and organizational data
• Lead & Develop High-Performing Teams
• Build, mentor, and lead a high-performing information security team
• Establish clear goals, performance expectations, and professional development pathways
• Foster collaboration across teams to drive security maturity and operational excellence
• Provide Strategic Insight to Leadership
• Deliver regular security updates, risk assessments, and actionable insights to executive leadership and the board
• Translate complex technical risks into clear business impact and strategic recommendations
• Strengthen Enterprise Partnerships
• Collaborate with IT, Compliance, Legal, Risk, and operational leaders to embed security across all functions
• Manage third-party/vendor risk and ensure strong external security practices
• Expertise & Leadership Capabilities
• Deep knowledge of healthcare regulations (HIPAA, HITECH) and security frameworks (NIST, ISO/IEC 27001)
• Experience in risk assessment, incident response, and security operations in complex environments
• Strong understanding of EHR systems, medical device security, and healthcare technologies
• Expertise in cloud security, identity & access management, and data protection strategies
• Experience managing third-party/vendor security risk