• VP & Chief Information Security Officer

    Children's Hospital Boston (Boston, MA)


    80046BRJob Posting Title:VP & Chief Information Security OfficerDepartment:Information Services - SecurityAutoReqId:80046BRStatus:Full-TimeStandard Hours per Week:40 Job Posting Category:Information TechnologyJob Posting Description:The VP & Chief Information Security Officer (CISO) reports to the SVP & Chief Information Officer and is a key member of the IT leadership team. The VP & CISO is responsible for developing, implementing, and maintaining a comprehensive cybersecurity strategy that protects the hospital’s information assets, systems, and infrastructure. This includes establishing a multi-year roadmap, overseeing information security architecture, and ensuring regulatory compliance across the organization.

     

    The VP & CISO serves as a strategic advisor to executive leadership, the Audit Committee, and the Board of Trustees, effectively communicating risks and advocating for best practices in information security. This role will lead a dedicated security team and partner closely with cross-functional teams within a federated IT environment. This will include direct oversight of cybersecurity operations, incident response, governance, third-party risk management, and information security awareness programs.

     

    This is a strategic leadership role for a highly collaborative, service-driven, and visionary security professional. The ideal candidate will be an innovative thinker who balances risk with operational needs and who is passionate about protecting sensitive data in a mission-driven environment.

    This VP & CISO will:

    + Contribute to departmental goals, ensuring adherence to policies, procedures, quality, safety, and regulatory compliance.

    + Build credibility with senior leadership, clinicians, and staff by providing informed leadership and participating in IT Governance and prioritization.

    + Partner with CIO, CTO, and VP of Applications to define IT strategy aligned with the organizational and IT strategic plans.

    + Evaluate IT changes for security risks; advises leadership on balancing security with usability to support BCH’s mission.

    + Lead development and enforcement of enterprise information security policies, procedures, and programs.

    + Define and drives a long-term security strategy and program to safeguard BCH’s information assets.

    + Manage vendor relationships, resolves issues, and oversees vendor/third-party risk management processes.

    + Lead security-related due diligence and integration for M&A activities.

    + Collaborate across disciplines to ensure cybersecurity policies and standards are applied consistently.

    + Support business technology planning with current insights and future-state vision.

    + Ensure processes are in place for budgeting and lifecycle planning of strategic and tactical initiatives.

    Qualifications:

    + BA degree in a STEM discipline required; MA degree preferred.

    + CISSP, CISM, or CISA certification required; CSM/CSPO preferred.

    + 10+ years of IT or business leadership, with at least 5 years in a cybersecurity leadership role.

    + Experience in academic and healthcare industries preferred.

    + Extensive experience in security, regulatory compliance, and external audits.

    + Strong management, analytical, and communication skills; effective with clients and senior leadership.

    + Ability to evangelize IT security as essential to business operations; build trust and respect for security function.

    + Innovative leader skilled at motivating cross-functional, interdisciplinary teams.

    + In-depth knowledge of business risk, risk assessment, and risk-based decision-making.

    + Expertise in frameworks and standards: ISO 27001/27002, NIST, SANS-CAG, COBIT, COSO, ITIL, etc.

    + Well-versed in legal/regulatory requirements (PCI, HIPAA, FERPA, HI-TRUST, NIST).

    + Strong understanding of security impacts of cloud, SaaS, and IoT architectures.

    + Broad technical knowledge: OSI model, infrastructure, app dev, networks, enterprise architecture, etc.

    + Hands-on experience with security technologies: firewalls, IDS, encryption, IAM, MFA, anti-malware, etc.

    + Natural influencer and coalition builder; passionate about building high-performing teams.

     

    Boston Children’s Hospital offers competitive compensation and unmatched benefits

     

    Office/Site Location:BostonRegular, Temporary, Per Diem:Regular Remote Eligibility :Part Remote/Hybrid