Job Description

Overview

Through Core BTS d/b/a NRI's Resource Management Services (RMS), we offer custom talent solutions to help our clients meet their evolving technology and business needs. We help effectively match the right technology professional to their organization, recruiting for contract, contract-to-hire, and direct roles. Our client in the Healthcare industry has an immediate need for a CISO - Chief Information Security Officer to join their team.

Please note that this position is with a client of NRI.

Responsibilities

• Design and lead an enterprise-grade cybersecurity program aligned with NIST CSF and tailored to the unique risks in healthcare environments.
• Collaborate with executive leadership to define risk tolerance and report on security posture, emerging threats, and mitigation plans.
• Establish security policies, procedures, and governance models based on industry standards and best practices.
• Oversee risk assessments and ensure alignment with HIPAA, HITECH, NIST 800-53, 800-171, and other applicable regulatory frameworks.
• Oversee risk mitigation strategies, vendor risk management, and the development of a comprehensive third-party security assessment process.
• Manage audit readiness and lead remediation efforts for internal and external audits (e.g., OCR, HITRUST, SOC 2).
• Oversee security operations, including identity and access management (IAM), SIEM, vulnerability management, endpoint protection, and cloud security.
• Lead the development and ongoing testing of incident response, disaster recovery (DR), and business continuity (BC) plans.
• Coordinate and lead investigations of security incidents, breaches, and potential threats across the enterprise.
• Lead incident response activities including forensic reviews, root cause analysis, and executive communications.
• Champion adoption of the NIST Cybersecurity Framework and maturity models (e.g., C2M2, CIS Controls).
• Evaluate and integrate new security tools and technologies to enhance threat detection and response capabilities.
• Ensure alignment of cybersecurity strategy with digital transformation initiatives, including EHR systems, telehealth, and cloud migration.
• Build and lead a high-performing information security team with cross-functional expertise in GRC, SecOps, and cyber risk.
• Develop a security training and awareness program for employees, clinicians, and contractors.
• Foster a culture of security accountability and resilience across all levels of the organization.

Qualifications

• Bachelors degree in Information Security, Computer Science, Information Systems, or related field; Masters degree preferred.
• 10+ years of progressive leadership experience in information security, including 5+ years as a CISO or equivalent in a large healthcare organization or health system.
• Demonstrated expertise in applying NIST CSF, NIST 800-53, HITRUST, or similar frameworks in complex healthcare environments.
• Proven track record of managing enterprise-wide security operations, incident response, and compliance initiatives.
• Strong understanding of regulatory and compliance requirements in healthcare.
• Identity and Access Management (IAM) solutions and workflows; Privileged Access Management (PAM) tools and governance.

Preferred Certifications

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• HealthCare Information Security and Privacy Practitioner (HCISPP)
• Certified in Risk and Information Systems Control (CRISC)
• HITRUST Certified CSF Practitioner (CCSFP)

Key Competencies

• Visionary leadership with strategic and operational cybersecurity experience
• Deep knowledge of healthcare IT systems, including EHRs, HIEs, and clinical workflows
• Strong understanding of federal and state healthcare regulations
• Collaborative leadership style with strong interpersonal skills
• Excellent communication skills with the ability to translate technical risks for executive stakeholders
• Results-driven with continuous improvement mindset

Seniority level

• Executive

Employment type

• Full-time

Job function

• Information Technology

Industries

• IT Services and IT Consulting

Job Tags

Similar Jobs