• STRATEGIC LEADERSHIP:

• Develop, implement, and champion a comprehensive information security strategy that aligns with the organization’s overall business goals, risk appetite, and regulatory requirements.

• Provide strategic guidance to the executive leadership team on information security matters, emerging threats, and industry best practices.

• Foster a culture of security awareness and accountability throughout the organization, promoting education, training,and continuous improvement.

• RISK MANAGEMENT AND COMPLIANCE:

• Modify and maintain a robust risk management framework to identify, assess, and mitigate information security risks across the enterprise.

• Ensure compliance with relevant regulations and industry standards, such as HIPAA, HITECH, CIS 18, NIST Cybersecurity Framework, and PCI DSS.

• Oversee regular security audits, risk assessments, and penetration tests to identify vulnerabilities and track remediation efforts.

• Evaluate and manage third-party vendors and partners to ensure they meet the organization’s security standards and contractual obligations.

• Conduct regular security assessments of third-party vendors and implement appropriate risk mitigation strategies.

• SECURITY ARCHITECTURE, OPERATIONS AND ENGINEERING:

• Partner with the business and other I.T. organizations to drive coherent end to end architectures that feature security as "built-in” rather than “bolted-on.”

• Verify the implementation and management of security technologies and controls, including intrusion detection and prevention systems, firewalls, endpoint protection, data loss prevention, and identity and access management solutions.

• Verify the operation of all security controls and cultivate a “bias for action and recovery” while maintaining cyber safety during outages.

• INCIDENT RESPONSE, DIGITAL FORENSICS, AND RECOVERY:

• Regularly evaluate and maintain incident response and disaster recovery plans to minimize the impact of security breaches and ensure business continuity.

• Lead the investigation and resolution of security incidents, coordinating with internal and external stakeholders, including law enforcement and regulatory agencies, as needed.

• TEAM MANAGEMENT AND COLLABORATION:

• Build and lead a high-performing information security team, providing mentorship, coaching, and professional development opportunities.

• Collaborate effectively with IT, legal, compliance, privacy, and other departments to achieve security objectives and foster a shared responsibility for information security.

• Manage security budgets and resource allocation, ensuring optimal utilization and return on investment.

• EMERGING TECHNOLOGIES AND INNOVATION:

• Stay abreast of emerging technologies, cyber threats, and industry trends to proactively identify and address potential risks.

• Evaluate and recommend innovative security solutions to enhance the organization’s security posture.

• ADDITIONAL CONSIDERATIONS:

• This position requires a high level of confidentiality, integrity, and ethical conduct.

• The CISO may be required to work outside of normal business hours in response to security incidents or other urgent matters.

• Travel may be required for a variety of business purposes.

• The CISO serves as a role model for the

REQUIRED QUALIFICATIONS:

• Minimum of fifteen (15) years of cybersecurity experience. Minimum of ten (10) years related management/leadership experience.
• Bachelors degree in Information Technology, Computer Science, Engineering, or a related discipline required (or an equivalent combination of education and/or experience). Master’s degree preferred.
• Certified Information Systems Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), CertifiedRecords Manager (CRM), Certified Information Privacy Professional (CIPP)
• Experience administering information security programs including risk assessments and forensic research, designing security architectures, developing policies, gathering metrics, and reporting status
• Experience in maintaining operational computer and network security, firewall administration, virus protection, intrusion detection and prevention, identity and access management, application security, automated security patching, and vulnerability scanning systems.
• Ability to translate technical cybersecurity issues/concerns into potential business implications that are meaningful to executive leadership
• Understanding and application of advanced principles and best practices of system security design, development, analysis, and testing
• Proven success working in a regulated environment within a highly matrixed organization while establishing strong cross-functional relationships

PREFERRED QUALIFICATIONS:

• Master’s degree in a related discipline
• Exceptional communication and interpersonal skills, with the ability to effectively interact with and influence all levels of the organization, including the board of directors.
• Strong analytical, problem-solving, and decision-making skills, with a focus on data-driven insights.
• Business acumen and financial literacy, with the ability to translate security risks into business impact and articulate the value of security investments.
• Deep understanding of the healthcare industry and its unique regulatory, operational, and technological challenges.
• Ability to stay calm and focused under pressure, particularly during security incidents or crises.

• Benefits include Medical, Dental, Vision, Paid Time Off, Holidays, Retirement Program, Disability Plans, Tuition Reimbursement, Adoption Assistance, Employee Assistance Program (EAP), Discount Programs, Life Insurance Plans, Worker Compensation, Dress for Your Day Policy, Voluntary Benefits.
• Position is eligible for incentive pay based on company performance.