80046BRJob Posting Title:VP & Chief Information Security OfficerDepartment:Information Services - SecurityAutoReqId:80046BRStatus:Full-TimeStandard Hours per Week:40 Job Posting Category:Information TechnologyJob Posting Description:The VP & Chief Information Security Officer (CISO) reports to the SVP & Chief Information Officer and is a key member of the IT leadership team. The VP & CISO is responsible for developing, implementing, and maintaining a comprehensive cybersecurity strategy that protects the hospital's information assets, systems, and infrastructure. This includes establishing a multi-year roadmap, overseeing information security architecture, and ensuring regulatory compliance across the organization.
The VP & CISO serves as a strategic advisor to executive leadership, the Audit Committee, and the Board of Trustees, effectively communicating risks and advocating for best practices in information security. This role will lead a dedicated security team and partner closely with cross-functional teams within a federated IT environment. This will include direct oversight of cybersecurity operations, incident response, governance, third-party risk management, and information security awareness programs.
This is a strategic leadership role for a highly collaborative, service-driven, and visionary security professional. The ideal candidate will be an innovative thinker who balances risk with operational needs and who is passionate about protecting sensitive data in a mission-driven environment.
This VP & CISO will:
- Contribute to departmental goals, ensuring adherence to policies, procedures, quality, safety, and regulatory compliance.
- Build credibility with senior leadership, clinicians, and staff by providing informed leadership and participating in IT Governance and prioritization.
- Partner with CIO, CTO, and VP of Applications to define IT strategy aligned with the organizational and IT strategic plans.
- Evaluate IT changes for security risks; advises leadership on balancing security with usability to support BCH's mission.
- Lead development and enforcement of enterprise information security policies, procedures, and programs.
- Define and drives a long-term security strategy and program to safeguard BCH's information assets.
- Manage vendor relationships, resolves issues, and oversees vendor/third-party risk management processes.
- Lead security-related due diligence and integration for M&A activities.
- Collaborate across disciplines to ensure cybersecurity policies and standards are applied consistently.
- Support business technology planning with current insights and future-state vision.
- Ensure processes are in place for budgeting and lifecycle planning of strategic and tactical initiatives.
Qualifications:
- BA degree in a STEM discipline required; MA degree preferred.
- CISSP, CISM, or CISA certification required; CSM/CSPO preferred.
- 10+ years of IT or business leadership, with at least 5 years in a cybersecurity leadership role.
- Experience in academic and healthcare industries preferred.
- Extensive experience in security, regulatory compliance, and external audits.
- Strong management, analytical, and communication skills; effective with clients and senior leadership.
- Ability to evangelize IT security as essential to business operations; build trust and respect for security function.
- Innovative leader skilled at motivating cross-functional, interdisciplinary teams.
- In-depth knowledge of business risk, risk assessment, and risk-based decision-making.
- Expertise in frameworks and standards: ISO 27001/27002, NIST, SANS-CAG, COBIT, COSO, ITIL, etc.
- Well-versed in legal/regulatory requirements (PCI, HIPAA, FERPA, HI-TRUST, NIST).
- Strong understanding of security impacts of cloud, SaaS, and IoT architectures.
- Broad technical knowledge: OSI model, infrastructure, app dev, networks, enterprise architecture, etc.
- Hands-on experience with security technologies: firewalls, IDS, encryption, IAM, MFA, anti-malware, etc.
- Natural influencer and coalition builder; passionate about building high-performing teams.
Boston Children's Hospital offers competitive compensation and unmatched benefits
Office/Site Location:BostonRegular, Temporary, Per Diem:Regular Remote Eligibility :Part Remote/Hybrid