Chief Information Security Officer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Technology, or arelated field. Master's degree preferred.
• Minimum of 10+ years of progressive experience in information security, with at least 5 years in a senior leadership role (e.g., CISO, VP of Security).
• Demonstrated experience or deep understanding of the regulatory and security challenges in both the healthcare and higher education/research sectors is mandatory.
• CISSP, CISM, or similar relevant certifications.

Responsibilities

• Develop and implement a comprehensive, long-term information security strategy and roadmap aligned with the business goals, academic mission, and patient care objectives of both the university and hospital.
• Lead the security organization, providing mentorship, guidance, and training to security staff and cross-functional teams.
• Establish security governance frameworks, policies, and standards to ensure effective risk management and compliance.
• Manage the information security budget and procurement of necessary security technologies and services.
• Oversee all security risk assessments and audits, ensuring timely remediation of identified vulnerabilities.
• Ensure compliance with applicable laws, regulations, and standards, including but not limited to: Healthcare (Hospital Focus): HIPAA/HITECH (Privacy and Security Rules), CMS (Centers for Medicare & Medicaid Services) requirements, and relevant state-specific healthcare data regulations. Higher Education/Research (University Focus): FERPA (Family Educational Rights and Privacy Act), NIST SP 800-171 (for controlled unclassified information/research), and PCI DSS (Payment Card Industry Data Security Standard) for handling student payments and donations.
• Manage the incident response program, including planning, testing, and leading the response to significant security breaches or incidents across both institutional environments.
• Direct the selection, implementation, and maintenance of security systems andtools (e.g., SIEM, firewalls, IDS/IPS, endpoint protection, etc.).
• Oversee the vulnerability management, penetration testing, and security monitoring programs.
• Collaborate with IT and Engineering teams to integrate security by design into all new systems, research projects, and clinical technologies.
• Serve as the primary spokesperson for information security matters to senior leadership, the Board, faculty, staff, students, and patients.
• Develop and manage institution-wide security awareness and training programs tailored to the unique risks and requirements of clinicians, researchers, and students.
• Report on the security posture and significant risk exposures to executive management and the Board of Directors on a regular basis.

Benefits

• Comprehensive medical, dental, and vision insurance, plus mental health support
• PTO, paid holidays, flexible work arrangements
• Competitive salary, 403(b) with company match
• Ongoing training, tuition reimbursement, and career advancement paths
• Wellness programs, commuter benefits, and a vibrant company culture