Vice President, Chief Information Security Officer
Share
Job Location:
Sioux Falls, SD - USA
Monthly Salary:
Not Disclosed
Posted on:
Yesterday
Vacancies:
1 Vacancy
Job Summary
Sanford Health is one of the largest and fastest-growing not-for-profit health systems in the United States. Were proud to offer many development and advancement opportunities to our nearly 50000 members of the Sanford Family who are dedicated to the work of health and healing across our broad footprint.
Work Shift:
8 Hours - Day Shifts (United States of America)Scheduled Weekly Hours:
40Union Position:
NoDepartment Details
Summary
The Vice President Chief Information Security Officer (CISO) is responsible for the strategic leadership vision and execution of Sanford Healths enterprise-wide information security and cyber risk management programs. This role ensures the protection of patient member donor customer employee and organizational data while enabling innovation scalability and agility across a rapidly growing healthcare system. The CISO is a key advisor to executive leadership and the Board translating cyber risk into clinical and business impact and fostering a culture of shared accountability resilience and trust.Job Description
Define and execute a forward-looking risk-based information security strategy aligned with Sanford Healths growth innovation and M&A roadmap. Establish and maintain a comprehensive governance framework including policies standards and risk appetite statements. Serve as a strategic advisor to executive leadership and the Board on cyber risk resilience and emerging threats. Lead the development of scalable repeatable processes to support rapid integration of new entities and technologies. Oversee enterprise-wide information security risk management including continuous risk assessments mitigation strategies and transparency of accepted risks. Partner with Compliance Privacy Legal and Enterprise Risk to ensure alignment on regulatory requirements audit readiness and incident response. Maintain and evolve frameworks aligned with NIST HICP HIPAA and other relevant standards. Implement cyber risk quantification models to support investment decisions and board-level reporting. Participate in the development of AI and emerging technology governance frameworks ensuring secure and risk-aware adoption of AI cloud and quantum-resilient technologies. Build internal capacity to assess and secure new technologies rapidly and responsibly. Serve as a thought leader in healthcare cybersecurity influencing industry policy and vendor ecosystems. Sponsor a robust enterprise-wide tabletop exercise and incident response program. Ensure strong delegation and operational execution across SOC infrastructure and application teams. Partner with Infrastructure Applications and Operations to drive joint disaster/event recovery redundancy and clinical/business continuity planning. Lead development of operational downtime procedures and resilience strategies. Establish and execute a comprehensive identity and access management strategy. Advance data governance capabilities including PHI inventory data lineage and privacy-by-design. Strengthen third-party and vendor risk management including non-IT sourced technologies and medical device ecosystems. Foster a culture of security as an enabler of innovation and care delivery. Develop a future-focused talent strategy addressing skill gaps continuous education emerging skill assessments and succession planning. Lead a modern engaging security awareness and education program for all levels and demographics of the organization. Communicate effectively with technical and non-technical audiences including board-level storytelling and executive influence. Lead Sanfords cyber insurance planning including policy negotiation risk transfer modeling and alignment with enterprise risk management. Serves as Sanford Healths designated Information Security Officer under HIPAA. Expected to represent Sanford Health in industry consortiums regulatory forums and public-private partnerships.
Bachelors degree required. Masters degree is preferred.
Minimum of 10 years of progressive leadership in information security or related technical disciplines with experience in large complex healthcare or regulated environments.
Demonstrated expertise in cybersecurity strategy risk management governance and regulatory compliance.
Strong understanding of healthcare operations data privacy and digital transformation.
Recognized industry certifications (e.g. CHISSP CISSP CISM HCISPP) preferred.
Qualifications
Bachelors degree required. Masters degree is preferred.Minimum of 10 years of progressive leadership in information security or related technical disciplines with experience in large complex healthcare or regulated expertise in cybersecurity strategy risk management governance and regulatory understanding of healthcare operations data privacy and digital transformation.
Recognized industry certifications (e.g. CHISSP CISSP CISM HCISPP) preferred.
Sanford is an EEO/AA Employer M/F/Disability/Vet.
If you are an individual with a disability and would like to request an accommodation for help with your online application please call 1- or send an email to
Required Experience:
Chief
Key Skills
About Company
Marshfield Clinic is a health care system with over 50 locations in northern, central, and western Wisconsin. Marshfield Clinic Don't just live. Shine.
