Senior VP, Information Security / CISO

Senior VP, Information Security / CISO

Headquartered in Tacoma, WA, Sound Physicians is a physician-founded and led, national, multi-specialty medical group made up of more than 1,000 business colleagues and 4,000 physicians, APPs, CRNAs, and nurses practicing in 400-plus hospitals across 45 states. Founded in 2001, and with specialties in emergency and hospital medicine, critical care, anesthesia, and telemedicine, Sound has a reputation for innovating and leading through an ever-changing healthcare landscape with patients at the center of the universe.

Sound Physicians offers a competitive benefits package inclusive of the items below, and more :

• Medical insurance, Dental insurance, and Vision insurance
• Health care and dependent care flexible spending account
• 401(k) retirement savings plan with a company match
• Self-managed PTO Plan
• Ten company-paid holidays per year

The Senior Vice President, Information Security / Chief Information Security Officer (CISO) serves as the enterprise's top security executive, accountable for protecting information assets, technology infrastructure, physical environments, and organizational resilience. This role establishes and drives the enterprise security vision and strategy, ensuring that all aspects of information security, risk management, privacy, and physical security align with corporate objectives.

The CISO reports directly to the CIO, and partners with the board of directors, and executive leadership to communicate risks, build trust with stakeholders, and guide the organization through a rapidly evolving threat landscape. This leader is responsible for the performance of the enterprise security function, including team leadership, vendor management, and crisis response.

Essential Duties and Responsibilities :

Strategic Leadership & Governance

Develop, implement, and maintain an enterprise-wide information security strategy and governance framework aligned with organizational goals.

Establish clear policies, standards, and procedures that support business continuity and risk management.

Risk Management & Compliance

Oversee enterprise-wide security risk management, including assessments, threat modeling, and mitigation plans.

Ensure compliance with healthcare and information security frameworks (e.g., HIPAA, HITRUST, NIST, ISO, CISSP).

Security Operations & Incident Response

Direct day-to-day security operations, including monitoring, detection, and response to threats.

Lead incident response planning and execution, acting as the senior point of escalation during major security events.

Collaboration & Stakeholder Engagement

Partner with executives, business leaders, and IT teams to align security priorities with business objectives.

Provide clear, actionable communication to senior leadership and the board regarding risks, incidents, and initiatives.

Team Development & Leadership

Build, mentor, and lead a high-performing security team.

Foster a culture of continuous learning, innovation, and professional growth.

Vendor & Third-Party Oversight

Manage third-party security risk by establishing standards and monitoring vendor practices.

Review and advise on security-related contracts and agreements.

Innovation & Continuous Improvement

Stay ahead of emerging threats and evolving technologies.

Evaluate and adopt new tools, technologies, and processes that strengthen the security posture.

Financial Management

Advise and manage the security program budget.

Ensure that initiatives are cost-effective and deliver measurable value.

Values :

Strategic Thinking : Demonstrates the ability to look at the big picture and proactively develop a plan of action.

Trustworthiness : Demonstrates a high degree of integrity; keeps confidences; does what they say they will do.

Being Visionary : Demonstrates the ability to see, articulate and share the future of the organization in ways that engage and motivate those around them with a clear vision and plan for the future.

Teamwork : Proactively seek to work with others to accomplish a common goal. Willingness to share challenges and successes with others.

Passionate : Demonstrates a genuine enthusiasm for and excitement about the work; gets others excited about work or projects they're involved in and working on.

Knowledge, Skills, and Abilities :

Demonstrated success managing complex security programs in an acute healthcare setting or highly regulated industries preferred.

Demonstrated success leading security in multi-state environments

In-depth knowledge of healthcare security frameworks and regulations (HIPAA, HITRUST).

Expertise in NIST, ISO, and other international security standards.

Experience managing enterprise security programs across complex and integrated vendors, cloud environments, and BYOD ecosystems.

Strong organizational, communication, and executive presentation skills.

Experience managing internal teams and external service providers.

Education and Experience :

Bachelor's degree in Information Security, Computer Science, or related field required.

CISSP Certification is preferred

12 years of progressive experience in information security or related field. At least 5 years in a senior leadership role.

Sound Physicians is an Equal Employment Opportunity (EEO) employer and is committed to diversity, equity, and inclusion at the bedside and in our workforce. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, gender identity, sexual orientation, age, marital status, veteran status, disability status, or any other characteristic protected by federal, state, or local laws.

This job description reflects the present requirements of the position. As duties and responsibilities change and develop, the job description will be reviewed and subject to amendment.