Information Systems Security Officer managing operational security posture for information systems at GDIT. Collaborating closely with ISSM and ISO, handling security aspects, and ensuring compliance with security standards.
About the role
- Chief Information Security Officer at Sutter Health overseeing enterprise cybersecurity and patient data protection. Leading strategic initiatives and compliance within a complex healthcare environment.
Responsibilities
- Develop and implement a multi-year information security strategy that aligns with organizational priorities, digital transformation goals, and regulatory requirements.
- Advise the CEO, CDO, COO, and Board of Directors on emerging cyber threats, risks to patient care, and mitigation strategies.
- Lead enterprise participation in healthcare security coalitions, information sharing groups (e.g., H-ISAC), and public–private partnerships.
- Establish and maintain a security governance program based on healthcare-aligned frameworks (NIST CSF 2.0, HITRUST CSF, HICP, HIPAA/HITECH).
- Drive enterprise risk assessments and develop mitigation plans for cybersecurity, privacy, and clinical safety risks.
- Ensure compliance with HIPAA, HITECH, CMS, FDA (for medical device security), and state privacy regulations.
- Oversee security audits, penetration tests, and third-party/vendor risk assessments, ensuring remediation of findings.
- Protect the Electronic Health Record (EHR), patient-facing portals, and digital health platforms against compromise, downtime, or data loss.
- Partner with Clinical Engineering and Biomedical teams to secure medical devices and Internet of Medical Things (IoMT).
- Lead preparedness for ransomware, phishing, insider threats, and advanced persistent threats with an emphasis on minimizing patient safety impact.
- Oversee disaster recovery and business continuity planning in alignment with emergency preparedness and patient safety frameworks.
- Partner with Digital, Compliance, Privacy, Clinical, and Operational leaders to embed security into new initiatives, system design, and patient engagement platforms.
- Build and lead organization-wide security awareness and phishing-resistance training tailored to caregivers, clinicians, and administrative staff.
- Serve as the public face of information security during regulatory reviews, patient safety investigations, and stakeholder engagements.
- Recruit, develop, and lead a high-performing healthcare cybersecurity team across areas such as threat intelligence, incident response, IAM, and risk management.
- Promote a culture of accountability, clinical safety, and innovation in cybersecurity practices.
- Provide coaching and mentoring for next-generation security leaders.
Requirements
- Bachelor’s degree in Information Technology, Cybersecurity, Healthcare Administration, or related field required; Master’s degree preferred.
- 10+ years of progressive leadership in information security and risk management, with 5+ years in healthcare or another highly regulated industry.
- Demonstrated success implementing enterprise cybersecurity programs in a multi-hospital health system, payer, or large healthcare delivery network.
- Deep knowledge of HIPAA, HITECH, CMS, OCR enforcement, FDA guidance for medical devices, and healthcare-specific risk management frameworks.
- Expertise in EHR security (Epic preferred), identity and access management, cloud security, and medical device security.
- Strong business and clinical acumen; ability to align security with patient care priorities.
- Exceptional communication skills with the ability to present to clinical leaders, executives, and boards.
- Relevant certifications strongly preferred: CISSP, HCISPP, CISM, CISA, or CHPS.
Benefits
- Yes
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Program Security Representative providing multi - discipline security support for Special Access Programs. Ensuring compliance, developing policies, and conducting security assessments in a military context.
Senior Cyber Security Project Manager at Airbus Protect managing medium complexity projects in Cyber Security Consulting. Focusing on project leadership and team management in diverse client settings.
Security Architect responsible for designing cloud security architectures for leading brands. Ensuring compliance and guiding incident response strategies in AWS environments.
Senior Security Consultant for ISMS Management at Bundesdruckerei GmbH in Berlin. Responsible for security analysis, management, and advisory roles on cybersecurity issues.
IT - Systemadministrator managing Video Surveillance and Alarm Systems at Mühlbauer. Supporting technical solutions for multimedia and conference systems with project involvement and ticket handling.
AI Application Security Architect in charge of driving secure development lifecycle for AI systems across multi - cloud environments and hybrid platforms.
Security Project Manager responsible for managing cyber - security project delivery and ensuring quality execution in Bulgaria. Requires excellent communication skills and fluency in English.
Information Security professional managing governance, audit, and compliance in banking domain. Collaborating across teams to enhance security posture and control effectiveness.
IT Security Manager providing operational leadership for ICBC’s IT security program. Enhancing cyber security practices and managing security initiatives in a dynamic, hybrid cloud environment.