Skip to main content

Sys SVP Chief Information Security Officer

CommonSpirit Health Englewood, Colorado
Apply

The posted compensation range of $122.84 - $171.97 /hour is a reasonable estimate that extends from the lowest to the highest pay CommonSpirit in good faith believes it might pay for this particular job, based on the circumstances at the time of posting. CommonSpirit may ultimately pay more or less than the posted range as permitted by law.

Requisition ID 2024-381629 Employment Type Full Time Department IT Administration Hours/Pay Period 80 Shift Day Weekly Schedule Monday-Friday 8am-5pm Remote Yes Category Executive
Overview

CommonSpirit Health was formed by the alignment of Catholic Health Initiatives (CHI) and Dignity Health. With more than 700 care sites across the U.S. from clinics and hospitals to home-based care and virtual care services CommonSpirit is accessible to nearly one out of every four U.S. residents. Our world needs compassion like never before. Our communities need caring and our families need protection. With our combined resources CommonSpirit is committed to building healthy communities advocating for those who are poor and vulnerable and innovating how and where healing can happen both inside our hospitals and out in the community.

The Chief Information Security Officer (CISO) is a seasoned executive responsible for establishing and maintaining a robust information security program within a complex healthcare environment. The CISO serves as a strategic partner to the executive leadership team, aligning security initiatives with business objectives while mitigating risk and ensuring regulatory compliance. This individual possesses a unique blend of technical expertise, business acumen, and leadership skills to navigate the evolving threat landscape and protect the organizations critical information and assets.


Responsibilities

STRATEGIC LEADERSHIP:

● Develop, implement, and champion a comprehensive information security strategy that aligns with the organization’s overall business goals, risk appetite, and regulatory requirements.
● Provide strategic guidance to the executive leadership team on information security matters, emerging threats, and industry best practices.
● Foster a culture of security awareness and accountability throughout the organization, promoting education, training,and continuous improvement. 


RISK MANAGEMENT AND COMPLIANCE:
● Modify and maintain a robust risk management framework to identify, assess, and mitigate information security risks across the enterprise.
● Ensure compliance with relevant regulations and industry standards, such as HIPAA, HITECH, CIS 18, NIST Cybersecurity Framework, and PCI DSS.
● Oversee regular security audits, risk assessments, and penetration tests to identify vulnerabilities and track remediation efforts.
● Evaluate and manage third-party vendors and partners to ensure they meet the organization’s security standards and contractual obligations.

● Conduct regular security assessments of third-party vendors and implement appropriate risk mitigation strategies.

SECURITY ARCHITECTURE, OPERATIONS AND ENGINEERING:
● Partner with the business and other I.T. organizations to drive coherent end to end architectures that feature security as “built-in” rather than “bolted-on.”
● Verify the implementation and management of security technologies and controls, including intrusion detection and prevention systems, firewalls, endpoint protection, data loss prevention, and identity and access management solutions.
● Verify the operation of all security controls and cultivate a “bias for action and recovery” while maintaining cyber safety during outages.

INCIDENT RESPONSE, DIGITAL FORENSICS, AND RECOVERY:
● Regularly evaluate and maintain incident response and disaster recovery plans to minimize the impact of security breaches and ensure business continuity.
● Lead the investigation and resolution of security incidents, coordinating with internal and external stakeholders, including law enforcement and regulatory agencies, as needed.


TEAM MANAGEMENT AND COLLABORATION:
● Build and lead a high-performing information security team, providing mentorship, coaching, and professional development opportunities.
● Collaborate effectively with IT, legal, compliance, privacy, and other departments to achieve security objectives and foster a shared responsibility for information security.
● Manage security budgets and resource allocation, ensuring optimal utilization and return on investment.

EMERGING TECHNOLOGIES AND INNOVATION:
● Stay abreast of emerging technologies, cyber threats, and industry trends to proactively identify and address potential risks.
● Evaluate and recommend innovative security solutions to enhance the organization’s security posture.


ADDITIONAL CONSIDERATIONS:
● This position requires a high level of confidentiality, integrity, and ethical conduct.
● The CISO may be required to work outside of normal business hours in response to security incidents or other urgent matters.
● Travel may be required for a variety of business purposes.
● The CISO serves as a role model for the organization, demonstrating a commitment to security best practices and continuous learning.


Qualifications

REQUIRED EDUCATION AND EXPERIENCE:

●Minimum of fifteen (15) years of cybersecurity experience. Minimum of ten (10) years related management/leadership experience.
●Bachelors degree in Information Technology, Computer Science, Engineering, or a related discipline required (or an equivalent combination of education and/or experience). Master’s degree preferred.

REQUIRED LICENSURE AND CERTIFICATIONS:

●Certified Information Systems Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), CertifiedRecords Manager (CRM), Certified Information Privacy Professional (CIPP)

REQUIRED MIINIMUM KNOWLEDGE, SKILLS, ABILITIES AND TRAINING:

● Experience administering information security programs including risk assessments and forensic research, designing security architectures, developing policies, gathering metrics, and reporting status
● Experience in maintaining operational computer and network security, firewall administration, virus protection, intrusion detection and prevention, identity and access management, application security, automated security patching, and vulnerability scanning systems.
● Ability to translate technical cybersecurity issues/concerns into potential business implications that are meaningful to executive leadership
● Understanding and application of advanced principles and best practices of system security design, development, analysis, and testing
● Proven success working in a regulated environment within a highly matrixed organization while establishing strong cross-functional relationships

COMPETENCIES:

● Exceptional communication and interpersonal skills, with the ability to effectively interact with and influence all levels of the organization, including the board of directors.
● Strong analytical, problem-solving, and decision-making skills, with a focus on data-driven insights.
● Business acumen and financial literacy, with the ability to translate security risks into business impact and articulate the value of security investments.
● Deep understanding of the healthcare industry and its unique regulatory, operational, and technological challenges.
● Ability to stay calm and focused under pressure, particularly during security incidents or crises.

Benefits Include: Benefits include Medical, Dental, Vision, Paid Time Off, Holidays, Retirement Program, Disability Plans, Tuition Reimbursement, Adoption Assistance, Employee Assistance Program (EAP), Discount Programs, Life Insurance Plans, Worker Compensation, Dress for Your Day Policy, Voluntary Benefits.

Position is eligible for incentive pay based on company performance.

Apply

Map this location

Get an idea of what your daily routine can be like.

Click Here >

Join our Talent Community so you can stay connected and be alerted to future opportunities.

Sign Up

No recently viewed jobs

You have no saved Jobs

Equal Opportunity

CommonSpirit Health™ is an Equal Opportunity/Affirmative Action employer committed to a diverse and inclusive workforce. All qualified applicants will be considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, parental status, ancestry, veteran status, genetic information, or any other characteristic protected by law. For more information about your EEO rights as an applicant, please click here.

CommonSpirit Health™ will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c). External hires must pass a post-offer, pre-employment background check/drug screen. Qualified applicants with an arrest and/or conviction will be considered for employment in a manner consistent with federal and state laws, as well as applicable local ordinances, ban the box laws, including but not limited to the San Francisco and Los Angeles Fair Chance Ordinances. If you need a reasonable accommodation for any part of the employment process, please contact us by telephone at (415) 438-5575 and let us know the nature of your request. We will only respond to messages left that involve a request for a reasonable accommodation in the application process. We will accommodate the needs of any qualified candidate who requests a reasonable accommodation under the Americans with Disabilities Act (ADA). CommonSpirit Health™ participates in E-Verify.