Chief Security Officer Health Care

***Work Location***: This is a Salt Lake City based 25% travel required throughout Utah hospital locations to provide onsite support.

Our client seeks a Health Center Chief Security Officer (CSO) to serve as a trusted partner to a network of (13) community Health Centers supporting privacy security and cybersecurity this role the CSO will lead the development adoption and ongoing improvement of HIPAA and HITEQ-aligned security safeguards working with Health Center leadership to assess risk guide compliance efforts and strengthen cybersecurity posture. Successful candidates will be motivated by driving improvement building effective working relationships and supporting a coordinated approach to health center security. This role operates at both a strategic and operational level with primary emphasis on enterprise security leadership risk governance and program maturity.

This model provides strategic leadership technical expertise and consistent guidance on privacy security and cybersecurity while respecting local operations governance and clinical priorities. The CSO serves as a strategist and advisor supporting Health Centers through a scalable shared-services approach.

General Responsibilities

The following responsibilities are representative of the essential functions of the position; other applicable duties may apply.

• Provide centralized leadership and oversight of privacy security and cybersecurity programs for (13) participating Health Centers through a shared-services model.
• Design implement maintain and periodically update participating Health Centers comprehensive administrative technical and physical safeguards to support compliance with HIPAA HITEQ and applicable Health Center Program Requirements.
• Lead and oversee the completion of Security Risk Analyses (SRAs) at each participating Health Center including risk identification documentation prioritization of remediation activities and ongoing monitoring of corrective actions.
• Provide strategic oversight of data governance as it relates to privacy and security establishing standards and guidance for data access use protection and retention to support compliance risk management and operational integrity across participating Health Centers.
• Develop standardize and maintain security-related policies procedures and documentation across participating Health Centers in alignment with federal requirements and industry best practices.
• Provide strategic leadership and hands-on support for cybersecurity risk management security controls incident response planning and breach preparedness.
• Coordinate and support investigation management documentation mitigation and reporting of security incidents and information breaches including escalation and response activities as required.
• Regularly brief Health Center executive leadership and governing boards IT teams compliance staff and operational leaders on security posture strategic initiatives privacy and risk-related trends.
• Support and promote workforce security awareness and training initiatives to reinforce compliance with security policies procedures and best practices.
• Mentor and promote local security champions within the participating Health Centers building long-term organizational security capability.
• Assist Health Centers with third-party and vendor security considerations including risk assessments documentation and remediation support as applicable.
• Support audit readiness assessments and compliance reporting related to HIPAA HITEQ HRSA and industry frameworks such as NIST CSF CIS Controls and HITRUST as appropriate.
• Coordinate security initiatives and activities across Health Centers while respecting local governance workflows and operational priorities.
• Establish and monitor key performance indicators (KPIs) and key risk indicators (KRIs) to measure program effectiveness.
• Monitor regulatory changes emerging cybersecurity threats and evolving best practices and recommend enhancements to security programs and controls.
• Participate in relevant committees work groups and planning efforts related to technology compliance risk management and organizational strategy.
• Assist with program planning evaluation and reporting to support continuous improvement of privacy and security initiatives.

Requirements

Must-have qualifications:

• ***Ability to travel regionally as needed***
• Bachelors degree in information security health information technology healthcare administration computer science or a related field; relevant professional experience may be considered in lieu of formal education.
• Demonstrated experience supporting HIPAA and HITEQ security requirements including implementation and oversight of administrative technical and physical safeguards.
• Experience conducting or overseeing Security Risk Analyses (SRAs) including remediation planning documentation and follow-up activities.
• Strong working knowledge of healthcare cybersecurity principles security controls and risk management practices.
• Experience developing maintaining and enforcing security policies procedures and compliance documentation.
• Ability to work effectively with executive leadership IT teams compliance staff and external partners in a collaborative service-oriented environment
• Excellent analytical organizational problem-solving and multitasking skills with the ability to manage multiple priorities across multiple organizations.
• Strong written and verbal communication skills including the ability to deliver clear presentations and training on complex topics to audiences at all levels.
• High professional standards strong work ethic and ability to collaborate with multidisciplinary teams.

Preferred qualifications:

• Professional certifications such as CISSP CISM or HCISPP.
• Familiarity with Health Center Program requirements federally funded healthcare environments or nonprofit healthcare organizations preferred.