IT & Cybersecurity Intern assisting with help desk support and IT system maintenance at OBDeleven. Collaborating with teams and improving IT documentation in a fun workplace culture.
About the role
- Chief Information Security Officer at Sutter Health overseeing enterprise cybersecurity and patient data protection. Leading strategic initiatives and compliance within a complex healthcare environment.
Responsibilities
- Develop and implement a multi-year information security strategy that aligns with organizational priorities, digital transformation goals, and regulatory requirements.
- Advise the CEO, CDO, COO, and Board of Directors on emerging cyber threats, risks to patient care, and mitigation strategies.
- Lead enterprise participation in healthcare security coalitions, information sharing groups (e.g., H-ISAC), and public–private partnerships.
- Establish and maintain a security governance program based on healthcare-aligned frameworks (NIST CSF 2.0, HITRUST CSF, HICP, HIPAA/HITECH).
- Drive enterprise risk assessments and develop mitigation plans for cybersecurity, privacy, and clinical safety risks.
- Ensure compliance with HIPAA, HITECH, CMS, FDA (for medical device security), and state privacy regulations.
- Oversee security audits, penetration tests, and third-party/vendor risk assessments, ensuring remediation of findings.
- Protect the Electronic Health Record (EHR), patient-facing portals, and digital health platforms against compromise, downtime, or data loss.
- Partner with Clinical Engineering and Biomedical teams to secure medical devices and Internet of Medical Things (IoMT).
- Lead preparedness for ransomware, phishing, insider threats, and advanced persistent threats with an emphasis on minimizing patient safety impact.
- Oversee disaster recovery and business continuity planning in alignment with emergency preparedness and patient safety frameworks.
- Partner with Digital, Compliance, Privacy, Clinical, and Operational leaders to embed security into new initiatives, system design, and patient engagement platforms.
- Build and lead organization-wide security awareness and phishing-resistance training tailored to caregivers, clinicians, and administrative staff.
- Serve as the public face of information security during regulatory reviews, patient safety investigations, and stakeholder engagements.
- Recruit, develop, and lead a high-performing healthcare cybersecurity team across areas such as threat intelligence, incident response, IAM, and risk management.
- Promote a culture of accountability, clinical safety, and innovation in cybersecurity practices.
- Provide coaching and mentoring for next-generation security leaders.
Requirements
- Bachelor’s degree in Information Technology, Cybersecurity, Healthcare Administration, or related field required; Master’s degree preferred.
- 10+ years of progressive leadership in information security and risk management, with 5+ years in healthcare or another highly regulated industry.
- Demonstrated success implementing enterprise cybersecurity programs in a multi-hospital health system, payer, or large healthcare delivery network.
- Deep knowledge of HIPAA, HITECH, CMS, OCR enforcement, FDA guidance for medical devices, and healthcare-specific risk management frameworks.
- Expertise in EHR security (Epic preferred), identity and access management, cloud security, and medical device security.
- Strong business and clinical acumen; ability to align security with patient care priorities.
- Exceptional communication skills with the ability to present to clinical leaders, executives, and boards.
- Relevant certifications strongly preferred: CISSP, HCISPP, CISM, CISA, or CHPS.
Benefits
- Yes
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Werkstudent supporting information security management and business continuity projects for Syneco's energy operations. Engaging in the development and upkeep of management systems and reporting tools.
Security Consultant providing IT - Security Consulting by leveraging knowledge and skills to assist clients. Involved in diverse projects from analysis to execution and results presentation.
Lead functional safety for product development in PEM electrolyzers at Quest One. Collaborate with teams and support certification processes in the field of green hydrogen technology.
(Senior) Consultant in Automotive - & Product Security at Wavestone, focusing on cyber security solutions for clients in innovative projects. Collaborative work in a vibrant team environment across multiple German cities.
Consultant specializing in Cyber & Product Security for clients in a hybrid role. Focused on implementing security strategies and conducting assessments with a collaborative approach.
Information Security Manager focusing on risk management for Xecuro GmbH. Implementing and optimizing risk management processes within a technological environment in Bonn.
Information Security Expert working on safe digital solutions, ensuring compliance and conducting risk assessments. Join Xecuro GmbH in shaping Germany's digital future with innovative security measures.
Teamlead position for Security Governance & Assurance at Xecuro GmbH in Bonn. Leading team and implementing information security management systems (ISMS).
Lead ISSO ensuring security compliance for multi - tenant cloud and hybrid environments at Agile Defense. Responsible for vulnerability analyses and risk management decision - making expertise.