VP Info Security
About The Position
The VP of Information Security is the senior executive accountable for the protection of Piedmont Healthcare system's information assets, technology infrastructure, and patient data across a complex, integrated delivery network. Reporting directly to the Chief Information Officer (CIO), this position provides strategic vision, enterprise-wide governance, and hands-on leadership for all aspects of information security, cyber risk, and regulatory compliance. Will be responsible for building and sustaining a mature security program capable of defending against sophisticated threats targeting healthcare — one of the most targeted sectors in the world — while enabling the organization to leverage digital innovation, cloud platforms, and advanced analytics in support of its clinical and operational mission. This role serves as a primary advisor to the CIO and the Information Security Steering Committee on all matters of cybersecurity strategy, risk posture, and regulatory compliance, and is the organization's primary liaison to government agencies, law enforcement, and external security partners in the event of a significant cyber incident.
Requirements
- Bachelor’s Degree in Computer Science, Information Security, Information Systems, or a related field required
- 10 years of progressive information security experience, with at least 7 years in a senior security leadership role (CISO, Deputy CISO, VP of Security, or equivalent)
- Demonstrated experience building and leading enterprise security programs at large, complex organizations — healthcare experience strongly preferred
- Proven track record managing significant cybersecurity incidents, including ransomware response, data breach notification, and regulatory investigations
- Experience presenting to and advising boards of directors, audit/risk committees, and C-suite executives on cyber risk and security strategy
- Familiarity with clinical environments, medical device security, and the unique operational constraints of healthcare delivery
Nice To Haves
- Professional certifications strongly preferred: CISSP, CISM, CISO, CRISC, GSLC, or equivalent; HCISPP or HITRUST certification
Responsibilities
- Develop, implement, and continuously mature a comprehensive enterprise information security strategy aligned to business objectives, clinical operations, and the organization's risk appetite
- Build and govern a security program spanning people, processes, and technology — including security architecture, engineering, operations, threat intelligence, and incident response
- Establish and maintain a security governance framework, including policies, standards, procedures, and control frameworks (NIST CSF, HITRUST, ISO 27001, or equivalent)
- Serve as the organization's authoritative voice on cybersecurity strategy, communicating risk posture and program maturity to the CIO, executive leadership, and Board Audit/Risk Committee
- Define and manage a multi-year security roadmap, balancing proactive investment with operational sustainability
- Own the enterprise cyber risk management program — identifying, assessing, prioritizing, and remediating risks across clinical, operational, and administrative systems
- Lead threat intelligence, vulnerability management, and red team/penetration testing programs to proactively identify and address exposure
- Maintain situational awareness of the evolving healthcare threat landscape, including ransomware, nationstate actors, medical device vulnerabilities, and supply chain risk
- Develop and maintain a comprehensive third-party and vendor risk management program, including security assessments for business associates and technology partners
- Ensure cyber risk is effectively quantified, reported, and integrated into enterprise risk management and strategic planning processes
- Ensure the organization maintains compliance with all applicable information security and privacy regulations including HIPAA, HITECH, 21st Century Cures Act, state privacy laws, and CMS requirements
- Collaborate with the Privacy Officer, Legal, and Compliance teams to align security controls with privacy obligations and to manage regulatory inquiries and breach notification requirements
- Lead preparation for and response to OCR audits, state regulatory reviews, and other external assessments
- Monitor the evolving regulatory and legislative landscape and proactively advise leadership on implications for the security program
- Develop and lead a dedicated program for securing clinical technology, including medical devices, IoT/IoMT, connected diagnostics, and OT/ICS environments
- Partner with clinical engineering, nursing informatics, and physician leaders to implement security controls that protect patient safety without disrupting care delivery
- Drive secure design and deployment principles for EHR integrations, telehealth platforms, and digital health solutions
- Ensure security is embedded into system development lifecycle (SDLC) and technology procurement processes across the enterprise
- Build, mentor, and retain a high-performing security team of 30–80+ professionals across security architecture, engineering, operations, GRC, and awareness
- Cultivate a strong security culture across the organization through executive engagement, workforce training, and a security-by-design mindset
- Foster a collaborative, transparent relationship with the CTO, infrastructure, and application teams to integrate security into technology operations
- Establish strong relationships with peer CISOs, government agencies (HHS, CISA, FBI), and healthcare information sharing organizations (H-ISAC)
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Executive
