Chief Security Officer - Health Care

HK Tech

1d•Remote

About The Position

Our client seeks a Health Center Chief Security Officer (CSO) to serve as a trusted partner to a network of (13) community Health Centers, supporting privacy, security, and cybersecurity practices. In this role, the CSO will lead the development, adoption, and ongoing improvement of HIPAA and HITEQ-aligned security safeguards, working with Health Center leadership to assess risk, guide compliance efforts, and strengthen cybersecurity posture. Successful candidates will be motivated by driving improvement, building effective working relationships, and supporting a coordinated approach to health center security. This role operates at both a strategic and operational level, with primary emphasis on enterprise security leadership, risk governance, and program maturity. This model provides strategic leadership, technical expertise, and consistent guidance on privacy, security, and cybersecurity while respecting local operations, governance, and clinical priorities. The CSO serves as a strategist and advisor, supporting Health Centers through a scalable shared-services approach.

Requirements

Ability to travel regionally as needed
Bachelor’s degree in information security, health information technology, healthcare administration, computer science, or a related field; relevant professional experience may be considered in lieu of formal education.
Demonstrated experience supporting HIPAA and HITEQ security requirements, including implementation and oversight of administrative, technical, and physical safeguards.
Experience conducting or overseeing Security Risk Analyses (SRAs), including remediation planning, documentation, and follow-up activities.
Strong working knowledge of healthcare cybersecurity principles, security controls, and risk management practices.
Experience developing, maintaining, and enforcing security policies, procedures, and compliance documentation.
Ability to work effectively with executive leadership, IT teams, compliance staff, and external partners in a collaborative, service-oriented environment
Excellent analytical, organizational, problem-solving, and multitasking skills, with the ability to manage multiple priorities across multiple organizations.
Strong written and verbal communication skills, including the ability to deliver clear presentations and training on complex topics to audiences at all levels.
High professional standards, strong work ethic, and ability to collaborate with multidisciplinary teams.

Nice To Haves

Professional certifications such as CISSP, CISM, or HCISPP.
Familiarity with Health Center Program requirements, federally funded healthcare environments, or nonprofit healthcare organizations preferred.

Responsibilities

Provide centralized leadership and oversight of privacy, security, and cybersecurity programs for (13) participating Health Centers through a shared-services model.
Design, implement, maintain, and periodically update participating Health Centers’ comprehensive administrative, technical, and physical safeguards to support compliance with HIPAA, HITEQ, and applicable Health Center Program Requirements.
Lead and oversee the completion of Security Risk Analyses (SRAs) at each participating Health Center, including risk identification, documentation, prioritization of remediation activities, and ongoing monitoring of corrective actions.
Provide strategic oversight of data governance as it relates to privacy and security, establishing standards and guidance for data access, use, protection, and retention to support compliance, risk management, and operational integrity across participating Health Centers.
Develop, standardize, and maintain security-related policies, procedures, and documentation across participating Health Centers in alignment with federal requirements and industry best practices.
Provide strategic leadership and hands-on support for cybersecurity risk management, security controls, incident response planning, and breach preparedness.
Coordinate and support investigation, management, documentation, mitigation, and reporting of security incidents and information breaches, including escalation and response activities as required.
Regularly brief Health Center executive leadership and governing boards, IT teams, compliance staff, and operational leaders on security posture, strategic initiatives, privacy, and risk-related trends.
Support and promote workforce security awareness and training initiatives to reinforce compliance with security policies, procedures, and best practices.
Mentor and promote local security champions within the participating Health Centers, building long-term organizational security capability.
Assist Health Centers with third-party and vendor security considerations, including risk assessments, documentation, and remediation support as applicable.
Support audit readiness, assessments, and compliance reporting related to HIPAA, HITEQ, HRSA, and industry frameworks such as NIST CSF, CIS Controls, and HITRUST as appropriate.
Coordinate security initiatives and activities across Health Centers while respecting local governance, workflows, and operational priorities.
Establish and monitor key performance indicators (KPIs) and key risk indicators (KRIs) to measure program effectiveness.
Monitor regulatory changes, emerging cybersecurity threats, and evolving best practices, and recommend enhancements to security programs and controls.
Participate in relevant committees, work groups, and planning efforts related to technology, compliance, risk management, and organizational strategy.
Assist with program planning, evaluation, and reporting to support continuous improvement of privacy and security initiatives.