Director, Chief Information Security Officer (CISO)

Director, Chief Information Security Officer (CISO)

This is a remote position. Helena, MT (Remote) The Staff Pad is seeking a Chief Information Security Officer (CISO) on behalf of a leading healthcare organization in Helena, Montana. This executive leader willestablishand maintain the enterprise security vision, strategy, and program to safeguard all information assets—including PHI and sensitive clinical, administrative, and operational data. The CISO will oversee risk management, regulatory compliance, security operations, incident response, and the development of a strong security culture across the organization. This role requires both strategic leadership and deep technicalexpertisewithin the healthcare sector. Position Overview

The CISO leads the enterprise cybersecurity program, ensuring the protection of systems, data, and clinical technologies while supporting patient safety and operational continuity. This leader will oversee governance, risk, compliance, and security operations, working closely with executive leadership to guide security strategy and response. Key Responsibilities

Strategic Leadership & Governance

Develop and execute a long-term information security strategy aligned with organizational goals. Build and maintain an enterprise security framework (NIST CSF, 405D, ISO 27001, HITRUST, etc.). Advise executive leadership and the Board on security posture, threats, and mitigation plans. Manage the information security budget and security technology investments. Risk Management & Compliance

Lead enterprise risk assessments and prioritize mitigation initiatives. Ensure compliance with HIPAA/HITECH, GDPR, and other relevant data privacy regulations. Oversee creation and enforcement of security policies, procedures, and standards. Direct internal and external audit readiness and remediation (HITRUST, SOC 2, etc.). Manage a robust vendor and third‑party risk management program. Security Operations & Incident Response

Lead security operations, including threat/vulnerability management, IAM, SIEM, and endpoint protection. Oversee development and testing of Incident Response, Disaster Recovery, and Business Continuity plans. Serve as executive incident manager during security events, breaches, and investigations. Ensure security of EHR systems, medical devices, and clinical technologies. Team Leadership & Security Culture

Build and lead a strong GRC and SecOps team. Drive organization‑wide security awareness and training initiatives. Partner with IT, Clinical Operations, Legal, HR, and other departments to embed security into systems and workflows. Required Knowledge & Experience

Minimum 7 years of progressive experience in Information Security; senior leadership or CISO-level experience preferred. Strong healthcare industry background, including understanding of EHR systems and PHI protection. Proven expertise in enterprise cybersecurity architecture, IAM, cloud security, and threat detection tools. Demonstrated experience conducting and managing enterprise risk assessments. Education #J-18808-Ljbffr