VP & Chief Information Security Officer
Boston
Boston Children's Hospital
Status
Full-Time
Standard Hours per Week
40
Job Posting Category
Information Technology
Job Posting Description
The VP & Chief Information Security Officer (CISO) reports to the SVP & Chief Information Officer and is a key member of the IT leadership team. The VP & CISO is responsible for developing, implementing, and maintaining a comprehensive cybersecurity strategy that protects the hospital’s information assets, systems, and infrastructure. This includes establishing a multi-year roadmap, overseeing information security architecture, and ensuring regulatory compliance across the organization.
The VP & CISO serves as a strategic advisor to executive leadership, the Audit Committee, and the Board of Trustees, effectively communicating risks and advocating for best practices in information security. This role will lead a dedicated security team and partner closely with cross-functional teams within a federated IT environment. This will include direct oversight of cybersecurity operations, incident response, governance, third-party risk management, and information security awareness programs.
This is a strategic leadership role for a highly collaborative, service-driven, and visionary security professional. The ideal candidate will be an innovative thinker who balances risk with operational needs and who is passionate about protecting sensitive data in a mission-driven environment.
This VP & CISO will:
- Contribute to departmental goals, ensuring adherence to policies, procedures, quality, safety, and regulatory compliance.
- Build credibility with senior leadership, clinicians, and staff by providing informed leadership and participating in IT Governance and prioritization.
- Partner with CIO, CTO, and VP of Applications to define IT strategy aligned with the organizational and IT strategic plans.
- Evaluate IT changes for security risks; advises leadership on balancing security with usability to support BCH’s mission.
- Lead development and enforcement of enterprise information security policies, procedures, and programs.
- Define and drives a long-term security strategy and program to safeguard BCH’s information assets.
- Manage vendor relationships, resolves issues, and oversees vendor/third-party risk management processes.
- Lead security-related due diligence and integration for M&A activities.
- Collaborate across disciplines to ensure cybersecurity policies and standards are applied consistently.
- Support business technology planning with current insights and future-state vision.
- Ensure processes are in place for budgeting and lifecycle planning of strategic and tactical initiatives.
- BA degree in a STEM discipline required; MA degree preferred.
- CISSP, CISM, or CISA certification required; CSM/CSPO preferred.
- 10+ years of IT or business leadership, with at least 5 years in a cybersecurity leadership role.
- Experience in academic and healthcare industries preferred.
- Extensive experience in security, regulatory compliance, and external audits.
- Strong management, analytical, and communication skills; effective with clients and senior leadership.
- Ability to evangelize IT security as essential to business operations; build trust and respect for security function.
- Innovative leader skilled at motivating cross-functional, interdisciplinary teams.
- In-depth knowledge of business risk, risk assessment, and risk-based decision-making.
- Expertise in frameworks and standards: ISO 27001/27002, NIST, SANS-CAG, COBIT, COSO, ITIL, etc.
- Well-versed in legal/regulatory requirements (PCI, HIPAA, FERPA, HI-TRUST, NIST).
- Strong understanding of security impacts of cloud, SaaS, and IoT architectures.
- Broad technical knowledge: OSI model, infrastructure, app dev, networks, enterprise architecture, etc.
- Hands-on experience with security technologies: firewalls, IDS, encryption, IAM, MFA, anti-malware, etc.
- Natural influencer and coalition builder; passionate about building high-performing teams.
Office/Site Location
Boston
Regular, Temporary, Per Diem
Regular
Remote Eligibility
Part Remote/Hybrid
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits CISA CISM CISO CISSP Cloud COBIT Compliance Encryption Firewalls Governance HIPAA IAM IDS Incident response IoT ISO 27001 ITIL Malware NIST Risk assessment Risk management SaaS SANS Security strategy STEM Strategy
Perks/benefits: Competitive pay Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.