Chief Information Security Officer

Job Description

Company: Phsorg

Location: Framingham, US

Location Address:

9521 San Mateo NE
Albuquerque, NM 87113-2237
Summary:

Presbyterian Healthcare Services (PHS) seeks a dynamic, imaginative, and distinguished executive to serve as its next Chief Information Security Officer (CISO). As a critical member of the senior leadership team, the CISO will lead the strategic vision and execution of an enterprise-wide information security and cyber risk management program that protects a premier integrated healthcare delivery network.
This is a pivotal moment to join PHS. The organization is navigating a period of significant digital transformation, innovation, and growth, including a robust M&A roadmap. The next CISO will not merely be a technical gatekeeper but a strategic enabler who ensures that the health system’s clinical excellence and the health plan’s administrative integrity are anchored in a culture of security and resilience.

The Opportunity for the incoming CISO includes:

• Elevating the Security Posture: Transitioning the program from traditional technical oversight to a sophisticated, risk-based ecosystem. This involves maturing the NIST Cybersecurity Framework (CSF) and ensuring 405(d) compliance across both the world-class clinical enterprise and the diverse health plan.
• Leading Cyber Resiliency: Serving as the executive champion for business resiliency, ensuring that patient safety, member services, and continuity of care remain uninterrupted during cyber events, technology failures, or third-party disruptions.
• Driving Innovation Safely: Partnering with clinical and digital leaders to integrate security into the adoption of AI, cloud technologies (AWS), and emerging quantum-resilient frameworks, ensuring PHS remains at the forefront of safe healthcare delivery.
• Influencing at the Highest Levels: Acting as the primary advisor to the Compliance and Audit Committee of the Board and the Chief Growth Officer. The CISO will have the mandate to translate complex cyber risks into clear clinical and business impacts, fostering a culture of shared accountability across the system.
• Building a Legacy of Talent: Mentoring and scaling a high-performing, customer-centric team of directors and architects who are viewed as collaborative partners across the entire $1.5B+ revenue enterprise.

The successful candidate will be a seasoned organizational leader with a strong technical/operational background and a “leader-teacher” mentality. They will possess the executive presence to thrive in a highly matrixed environment and the communication skills to turn a technical roadmap into an inspiring vision that aligns 13,000+ employees toward a common goal of protecting patient and member trust.
Work Arrangement

• Remote: Open to applicants in the United States, excluding CA, IL, ND, NY, OH, WA, and WY.
• Hybrid: For individuals within 60 miles of Albuquerque, in-office presence is required Tuesday through Thursday.

Job Description:

Strategic & Security Leadership

• Forward-Looking Strategy: Define and execute a multi-year, risk-based information security strategy aligned with PHS’s growth and innovation roadmap.

• Governance & Maturity: Continuously mature the program using the NIST CSF and 405(d)-compliant frameworks to ensure critical systems are identified and reasonable controls are effectively executed.

• Executive Advocacy: Act as the key advisor to the Board, translating cyber risk into clinical impact and fostering a culture of shared accountability.

• Regulatory Watch: Stay abreast of state and national regulatory changes (HIPAA, HITECH, PCI DSS, JCAHO) and engage in professional development to keep PHS at the leading edge.

Policy, Compliance, and Audit

• Framework Management: Establish and maintain a comprehensive governance framework, including policies, standards, and risk appetite statements.

• Technical Security Oversight: Lead efforts to evaluate the adequacy of security controls for both on-prem and cloud (AWS) systems.

• Audit Excellence: Coordinate with Internal Audit and 3rd Party Auditors to keep audit focus in scope and maintain excellent relationships with regulatory entities.

Business Resiliency & Incident Response

• Resiliency Strategy: Provide executive leadership for cyber-related business resiliency, ensuring alignment with patient safety and continuity objectives.

• BC/DR Sponsorship: Serve as the executive sponsor for Business Continuity and Disaster Recovery capabilities related to ransomware and technology failures.

• Incident Control: Act as the primary

Source: BeBee