Director Chief Information Security Officer - IS Technology jobs in United States
cer-icon
Apply on Employer Site
company-logo

St. Peter's Health · 2 weeks ago

Director Chief Information Security Officer - IS Technology

positionMontana, United States
timeFull-time
remoteHybrid
seniorityLead/Staff, Director/Executive
date2+ years exp

St. Peter's Health is seeking a Chief Information Security Officer (CISO) to lead the enterprise vision, strategy, and program for protecting the organization's information assets. This role involves establishing information security frameworks, managing risks, ensuring compliance with regulations, and leading a high-performing security team.

Health CareHospitalNon Profit
check
H1B Sponsor Likelynote

Responsibilities

Develop and execute a comprehensive, long-term information security strategy and roadmap that is aligned with the organization's clinical and business objectives
Establish and maintain the organization's information security management framework (e.g., based on 405D, NIST CSF, ISO 27001, or HITRUST)
Collaborate with SPH leadership, including the Board of Directors, to define the organization’s risk tolerance and regularly report on the overall security posture, emerging threats, and mitigation plans
Manage the information security budget and oversee all security-related technology investments
Lead enterprise-wide risk assessments to identify, prioritize, and manage security risks to all information systems and data
Ensure rigorous compliance with all relevant federal, state, and international data privacy and security regulations, including HIPAA/HITECH, GDPR, and other applicable laws
Oversee the development, implementation, and maintenance of all security policies, procedures, and standards
Manage audit readiness and lead remediation efforts for all internal and external security and compliance audits (e.g., HITRUST, SOC 2)
Oversee a robust Vendor and Third-Party Risk Management program to assess and mitigate security risks introduced by external partners
Direct security operations, including threat and vulnerability management, identity and access management (IAM), Security Information and Event Management (SIEM), and endpoint protection
Lead the development, implementation, and ongoing testing of the Incident Response (IR), Disaster Recovery (DR), and Business Continuity (BC) plans to ensure operational resilience for clinical and administrative systems
Serve as the executive crisis manager for all major security incidents and breaches, coordinating investigation, forensic analysis, root cause determination, and executive-level communications
Oversee the security of electronic health record (EHR) systems, medical devices, and all clinical technology platforms
Build, mentor, and lead a high-performing information security team with expertise across governance, risk, compliance (GRC), and security operations (SecOps)
Foster a strong, security-conscious culture across the entire organization (employees, clinicians, and contractors) through mandatory and role-specific security awareness and training programs
Act as a collaborative partner to all business units, including IT, Clinical Operations, Legal, and HR, to ensure security is embedded into all new technologies and clinical workflows

Qualification

Information Security StrategyRisk ManagementCybersecurity TechnologiesHealthcare Compliance ExpertiseIncident ResponseSecurity OperationsTechnical AcumenTeam LeadershipCISMCISSPCCISOCCSFPExecutive Communication

Required

Minimum 2 years of progressive experience in Information Security, with at least 2 years in a senior leadership/executive role (CISO or equivalent) preferred
Bachelor's degree in Computer Science, Information Security, or a related field
Cybersecurity Technologies: Expertise with enterprise-grade security architecture, including IAM, cloud security (AWS/Azure/GCP), network segmentation, and advanced threat detection tools
Risk Management: Proven track record of conducting and managing enterprise risk assessments and developing effective mitigation strategies
Healthcare Compliance Expertise: In-depth knowledge of HIPAA, HITECH, and relevant security frameworks (e.g., NIST CSF, NIST 800-53)
Strategic & Technical Acumen: Ability to translate complex technical risks into business implications for executive and board-level audiences
Leadership and Communication: Exceptional executive communication, negotiation, and interpersonal skills, with a proven ability to lead cross-functional teams and manage crises under pressure

Preferred

Deep and demonstrated expertise in the healthcare industry, with a strong understanding of clinical workflows, EHR systems, and the protection of PHI preferred
Master's degree preferred
Certified Information Security Manager (CISM)
Certified Information Systems Security Professional (CISSP)
Certified Chief Information Security Officer (CCISO)
HITRUST CSF Practitioner (CCSFP)

Company

St. Peter's Health

twittertwittertwitter
company-logo
St. Peter's Health partners with the community to provide exceptional and compassionate health care.
dateFounded in 1883
location
Helena, Montana, USA
people-size1001-5000 employees
web-link
https://www.stpetes.org

H1B Sponsorship

St. Peter's Health has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2024 (2)
2022 (1)

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Nathan Coburn
Chief Financial Officer
linkedin
leader-logo
Cindy Bultena
Chief Nursing and Patient Experience Officer
linkedin

Recent News

AP News
Montana medical board revokes cancer doctor’s license after accusations of harming patients
2025-12-24
Company data provided by crunchbase