Vice President, Chief Information Security Officer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Sutter Health · 2 weeks ago

Vice President, Chief Information Security Officer

positionEmeryville
timeFull-time
remoteOnsite
seniorityDirector/Executive
money$189/hr - $255.71/hr
date10+ years exp

Sutter Health is one of California’s most comprehensive healthcare systems and one of the nation’s largest, generating $18+ billion in revenues. The Chief Information Security Officer (CISO) is responsible for safeguarding the health system’s information assets, developing an enterprise cybersecurity program, and fostering a culture of security and resilience. This role involves strategic leadership, governance, risk management, and collaboration with various stakeholders to ensure effective and trusted care delivery.

Health CareHospitalNon Profit
check
Comp. & Benefits
check
H1B Sponsor Likelynote

Responsibilities

Develop and implement a multi-year information security strategy that aligns with organizational priorities, digital transformation goals, and regulatory requirements
Advise the CEO, CDO, COO, and Board of Directors on emerging cyber threats, risks to patient care, and mitigation strategies
Lead enterprise participation in healthcare security coalitions, information sharing groups (e.g., H-ISAC), and public–private partnerships
Establish and maintain a security governance program based on healthcare-aligned frameworks (NIST CSF 2.0, HITRUST CSF, HICP, HIPAA/HITECH)
Drive enterprise risk assessments and develop mitigation plans for cybersecurity, privacy, and clinical safety risks
Ensure compliance with HIPAA, HITECH, CMS, FDA (for medical device security), and state privacy regulations
Oversee security audits, penetration tests, and third-party/vendor risk assessments, ensuring remediation of findings
Protect the Electronic Health Record (EHR), patient-facing portals, and digital health platforms against compromise, downtime, or data loss
Partner with Clinical Engineering and Biomedical teams to secure medical devices and Internet of Medical Things (IoMT)
Lead preparedness for ransomware, phishing, insider threats, and advanced persistent threats with an emphasis on minimizing patient safety impact
Oversee disaster recovery and business continuity planning in alignment with emergency preparedness and patient safety frameworks
Partner with Digital, Compliance, Privacy, Clinical, and Operational leaders to embed security into new initiatives, system design, and patient engagement platforms
Build and lead organization-wide security awareness and phishing-resistance training tailored to caregivers, clinicians, and administrative staff
Serve as the public face of information security during regulatory reviews, patient safety investigations, and stakeholder engagements
Recruit, develop, and lead a high-performing healthcare cybersecurity team across areas such as threat intelligence, incident response, IAM, and risk management
Promote a culture of accountability, clinical safety, and innovation in cybersecurity practices
Provide coaching and mentoring for next-generation security leaders

Qualification

Information TechnologyCybersecurityRisk ManagementHIPAA ComplianceEHR SecurityCloud SecurityMedical Device SecurityCISSP CertificationCISM CertificationCommunication SkillsLeadership

Required

Bachelor's degree in Information Technology, Cybersecurity, Healthcare Administration, or related field required
10+ years of progressive leadership in information security and risk management, with 5+ years in healthcare or another highly regulated industry
Demonstrated success implementing enterprise cybersecurity programs in a multi-hospital health system, payer, or large healthcare delivery network
Deep knowledge of HIPAA, HITECH, CMS, OCR enforcement, FDA guidance for medical devices, and healthcare-specific risk management frameworks
Expertise in EHR security (Epic preferred), identity and access management, cloud security, and medical device security
Strong business and clinical acumen; ability to align security with patient care priorities
Exceptional communication skills with the ability to present to clinical leaders, executives, and boards

Preferred

Master's degree
Relevant certifications strongly preferred: CISSP, HCISPP, CISM, CISA, or CHPS

Benefits

Comprehensive benefits package

Company

Sutter Health

twittertwittertwitter
Glassdoor3.9
company-logo
Sutter Health is a non-profit organization operating a network of hospitals and physicians in Northern California.
dateFounded in 1981
location
Sacramento, California, USA
people-size10001+ employees
web-link
http://www.sutterhealth.org

H1B Sponsorship

Sutter Health has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (19)
2024 (16)
2023 (14)
2022 (21)
2021 (24)
2020 (30)

Funding

Current Stage
Late Stage
Total Funding
$27.17M
Key Investors
Department of Health Care Services
2025-05-19Grant· $23M
2016-11-22Grant· $1.2M
2013-10-09Grant· $2M

Leadership Team

leader-logo
Megan Gillespie
Chief Executive Officer
linkedin
leader-logo
Warner L. Thomas
Chief Executive Officer
linkedin

Recent News

East Bay Times
Sutter Health taking “big swing” on ultramodern Bay Area hospital
2025-11-19
The Real Deal
Sutter Health plots medical center in Santa Clara amid growth strategy
2025-11-19
Sutter Health
Sutter Health Announces Plans for New Destination Medical Center in Santa Clara to Expand Access to Care in Silicon Valley
2025-11-18
Company data provided by crunchbase