Chief Information Security Officer

About The Position

Requirements

• 12+ years of progressive IT/security experience, including at least 5 years in a senior leadership role.
• Proven knowledge of cybersecurity frameworks, controls, and risk management methodologies (e.g., NIST CSF, CIS Controls).
• Experience in healthcare and HIPAA compliance strongly preferred.
• Demonstrated ability to build, lead, and inspire high-performing security teams.
• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or related field (Master’s preferred).

Responsibilities

• Develop and maintain a comprehensive cybersecurity vision and defense in depth strategy that aligns with organizational priorities and supports business objectives.
• Implement, monitor, and evolve an enterprise-wide cybersecurity program that ensures confidentiality, integrity, availability, safety, privacy, and recoverability of information assets.
• Serve as the enterprise cyber representative with partners, confidently articulating PT Solutions’ cyber posture and ability to identify, contain, and resolve threats.
• Advise the CIO, senior executives, and management on the cybersecurity implications of current and future business activities, incidents, and emerging threats.
• Provide regular reporting to executive leadership and the board, using clear metrics and frameworks to measure program effectiveness.
• Partner with IT and operations to support business continuity and recovery planning, ensuring PT Solutions can serve patients and clinicians securely in any event.
• Establish and maintain a risk-based approach for identifying, assessing, and mitigating cybersecurity risks, including those from third-party suppliers and partners.
• Develop, document, and maintain a unified framework of security policies, standards, and guidelines in alignment with global, federal, state, and industry regulations (e.g., HIPAA - required, PCI DSS, NIST CSF).
• Ensure compliance with applicable laws, regulations, and standards, working closely with legal, audit, and compliance functions.
• Lead organizational readiness for cybersecurity audits, certifications, and assessments.
• Own and manage the cyber incident response program, including response to internal and third-party incidents impacting company operations or data.
• Oversee enterprise security architecture, identity and access management, vulnerability management, and threat detection.
• Partner with IT and operations to develop and maintain business continuity and disaster recovery plans.
• Work hands-on with cybersecurity team, providing both strategic direction and tactical execution where needed.
• Ensure alignment of cybersecurity operations with evolving industry best practices (e.g., NIST CSF, ITIL).
• Create and manage a targeted cybersecurity awareness and training program for employees, contractors, and approved system users.
• Measure and continuously improve the effectiveness of training and awareness initiatives.
• Promote a culture of shared responsibility for cybersecurity across the enterprise.
• Develop a relatable security narrative that communicates the value of cybersecurity to stakeholders and secures funding for future initiatives.
• Provide effective leadership to cybersecurity staff, including delegation, coaching, and performance management.
• Establish clear roles, responsibilities, and standard operating procedures for security teams.
• Build and sustain high-performing security teams capable of meeting organizational needs.
• Elevate and mentor existing team members to bring the cybersecurity function to a higher level of maturity.

Benefits

• Industry-leading professional development opportunities.
• Ongoing evidence-based clinical education.
• Dedicated mentorship opportunities.
• APTA-accredited Orthopaedic Residency Program.