Chief Information Security Officer

Chief Information Security Officer

Position Summary : The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the enterprise-wide vision, strategy, and program to ensure that information assets and technologies are adequately protected. This executive-level role oversees the development and implementation of policies, procedures, and systems to secure sensitive data, with particular emphasis on HIPAA compliance and safeguarding patient health information (PHI) across all behavioral healthcare facilities located in multiple states. The CISO will work closely with executive leadership, clinical teams, IT, compliance, and legal departments to align cybersecurity initiatives with business objectives and regulatory requirements.

Key Responsibilities

• Information Security Strategy : Develop and implement an enterprise-wide information security strategy aligned with the organization's goals, regulatory landscape, and risk appetite.
• Compliance and Risk Management : Ensure ongoing compliance with HIPAA, HITECH, state-specific privacy laws, and other healthcare regulations. Lead regular risk assessments and audits to identify, evaluate, and mitigate cyber and data privacy risks.
• Security Governance : Establish and enforce security policies, standards, and procedures. Create and maintain an information security governance framework to ensure accountability and risk-based decision-making.
• Incident Response & Business Continuity : Lead the incident response program, including preparation, detection, containment, investigation, recovery, and post-incident review. Collaborate with IT and operations to ensure robust disaster recovery and business continuity plans.
• Security Architecture & Operations : Oversee the design, implementation, and management of security tools, systems, and processes to protect infrastructure, networks, applications, and data. Ensure secure configurations and controls are in place across cloud and on-premise environments.
• Third-Party Risk Management : Evaluate and manage security risks related to vendors, business partners, and third-party services. Conduct security due diligence and ongoing assessments of external relationships.
• Leadership & Team Development : Build, lead, and mentor a high-performing information security team. Foster a culture of cybersecurity awareness throughout the organization.
• Training and Awareness : Develop and oversee security training and awareness programs tailored to clinical and administrative staff to promote best practices and reduce human factor vulnerabilities.
• Board and Executive Reporting : Regularly brief the Board of Directors, executive leadership, and key stakeholders on security posture, incident trends, and strategic initiatives.

Qualifications : Required :

Preferred :

Why Summit Healthcare Mgmt? Summit Healthcare Mgmt offers a comprehensive benefit plan and a competitive salary commensurate with experience and qualifications. Qualified candidates should apply by submitting a resume. Summit Healthcare Mgmt is an EOE.

Veterans and military spouses are highly encouraged to apply. Summit BHC is dedicated to serving Veterans with specialized programming at our treatment centers across the country. We recognize and value the unique strengths of the military community in supporting our mission to serve those who have served.