Director, IT Security - Full Time, Days (Remote)

Vail Health has become the world’s most advanced mountain healthcare system. Vail Health consists of an updated 520,000-square-foot, 56-bed hospital.  This state-of-the-art facility provides exceptional care to all of our patients, with the most beautiful views in the area, located centrally in Vail. Learn more about Vail Health here.

Some roles may be based outside of our Colorado office (remote-only positions). Roles based outside of our primary office can sit in any of the following states: AZ, CO, CT, FL, GA, ID, IL, KS, MA, MD, MI, MN, NC, NJ, OH, OR, PA, SC, TN, TX, UT, VA, WA, and WI. Please only apply if you are able to live and work primarily in one of the states listed above. State locations and specifics are subject to change as our hiring requirements shift.

 

ABOUT THE OPPORTUNITY

The Director of IT Security / Chief Information Security Officer (CISO) is responsible for developing, implementing, and maintaining the organization’s information security program to ensure the confidentiality, integrity, and availability of all digital assets, including electronic protected health information (ePHI). This role serves as the HIPAA Security Officer and leads enterprise cybersecurity efforts, risk management, incident response, and security governance. The CISO partners with clinical, operational, and IT leadership to align security with business and patient care objectives while ensuring compliance with regulatory requirements and safeguarding against evolving cyber threats.  

WHAT YOU WILL DO:

· Serves as the Director of IT Security / Chief Information Security Officer (CISO), ensuring compliance with all privacy and security regulations.

· Leads and mentors a team of security professionals, fostering growth, accountability, and operational excellence.

· Develops and maintains the enterprise cybersecurity strategy aligned with healthcare-specific risks.

· Leads security governance, risk management, and compliance (GRC) programs across the organization.

· Performs regular risk assessments and manages mitigation plans to protect electronic protected health information (ePHI).

· Oversees security operations, incident response, threat detection, and vulnerability management.

· Partners with IT, clinical, and business leadership to embed security into all technology initiatives.

· Develops and enforces security policies, procedures, and training to promote a strong security culture.

· Manages third-party security risks, including vendor assessments and contractual security requirements.

· Leads response and recovery for cybersecurity incidents, including coordination with legal and compliance.

· Provides executive leadership with regular reporting on cybersecurity posture, risks, and remediation status.

· Models the principles of a Just Culture, Organizational Values, and Leadership Competencies.

· Performs other duties as assigned. Must be HIPAA compliant.

WHAT YOU WILL NEED:

Experience:

• Minimum of 7 years of progressive experience in information security, with at least 3 years in a leadership or senior management role. 
• Demonstrated experience developing and leading enterprise-wide cybersecurity programs in regulated environments, preferably healthcare. 
• Hands-on experience with risk management frameworks (e.g., NIST, HITRUST) and HIPAA security compliance. 
• Proven track record managing security operations, incident response, and vulnerability management. 
• Experience collaborating with executive leadership, legal, compliance, and clinical stakeholders to align security with business and patient care priorities. 
• Strong background in vendor risk management, contract security reviews, and third-party assessments. 
• Prior experience leading security audits, risk assessments, and regulatory readiness activities. 

 

Licenses:

• N/A

Certification(s):

• Current Industry Certification such as Certified Information Systems Security Professional (CISSP) by the International Information Systems Security Certification Consortium (ISC²) required.
• Certified Health Information Security Leader (CHISL) certification preferred

Computer/Typing:

Must possess, or be able to obtain within 90 days, the computer skills necessary to complete online learning requirements for job-specific competencies, access online forms and policies, complete online benefits enrollment, etc.   Must have working knowledge of the English language, including reading, writing, and speaking English.   Education:  

• Bachelor's degree required.  Preferred degree in Information Services or Information Technology. MBA highly desired

 

The posted salary range for this position applies to Colorado and may be adjusted based on geographic location. Vail Health considers a variety of factors in making compensation decisions, including but not limited to experience, education, licensure and/or certifications, geographic location, market demand and other business and organizational needs. 

 

 

Benefits at Vail Health (Full Time) Include:

• Competitive Wages & Family Benefits:
  • Competitive wages
  • Parental leave (4 weeks paid)
  • Housing programs
  • Childcare reimbursement 
• Comprehensive Health Benefits: 
  • Medical
  • Dental 
  • Vision
• Educational Programs: 
  • Tuition Assistance 
  • Existing Student Loan Repayment
  • Specialty Certification Reimbursement
  • Annual Supplemental Educational Funds
• Paid Time Off:
  • Up to five weeks in your first year of employment and continues to grow each year.
• Retirement & Supplemental Insurance:
  • 403(b) Retirement plan with immediate matching 
  • Life insurance
  • Short and long-term disability
• Recreation Benefits, Wellness & More:
  • Up to $1,000 annual wellbeing reimbursement
  • Recreation discounts
  • Pet insurance

 

 

Pay is based upon relevant education and experience per year.

Yearly Pay:$123,884.80—$176,987.20 USD