Job Description

This is a remote position.

Director, Chief Information Security Officer (CISO) 

Location:   Helena, MT (Remote)

The Staff Pad is seeking a Chief Information Security Officer (CISO) on behalf of a leading healthcare organization in Helena, Montana.  

This executive leader will   establish   and maintain the enterprise security vision, strategy, and program to safeguard all information assets—including PHI and sensitive clinical, administrative, and operational data. The CISO will oversee risk management, regulatory compliance, security operations, incident response, and the development of a strong security culture across the organization. This role requires both strategic leadership and deep technical   expertise   within the healthcare sector.  

Position Overview  

The CISO leads the enterprise cybersecurity program, ensuring the protection of systems, data, and clinical technologies while supporting patient safety and operational continuity. This leader will oversee governance, risk, compliance, and security operations, working closely with executive leadership to guide security strategy and response.  

Key Responsibilities  

Strategic Leadership & Governance  

• Develop and execute a long-term information security strategy aligned with organizational goals.  
  
• Build and   maintain   an enterprise security framework (NIST CSF, 405D, ISO 27001, HITRUST, etc.).  
  
• Advise   executive leadership and the Board on security posture, threats, and mitigation plans.  
  
• Manage the information security budget and security technology investments.   

Risk Management & Compliance  

• Lead enterprise risk assessments and prioritize mitigation initiatives.  
  
• Ensure compliance with HIPAA/HITECH, GDPR, and other relevant data privacy regulations.  
  
• Oversee creation and enforcement of security policies, procedures, and standards.  
  
• Direct internal and external audit readiness and remediation (HITRUST, SOC 2, etc.).  
  
• Manage   a robust vendor   and third-party risk management   program .   

Security Operations & Incident Response  

• Lead security operations, including threat/vulnerability management, IAM, SIEM, and endpoint protection.  
  
• Oversee development and testing of Incident Response, Disaster Recovery, and Business Continuity plans.  
  
• Serve as executive incident manager during security events, breaches, and investigations.  
  
• Ensure security of EHR systems, medical devices, and clinical technologies.   

Team Leadership & Security Culture  

• Build and lead a strong GRC and SecOps team.  
  
• Drive organization-wide security awareness and training initiatives.  
  
• Partner with IT, Clinical Operations, Legal, HR, and other departments to embed security into systems and workflows.  

Required Knowledge & Experience  

• Minimum 7 years of progressive experience in Information Security; senior leadership or CISO-level experience preferred.  
  
• Strong healthcare industry background, including understanding of EHR systems and PHI protection.  
  
• Proven   expertise   in enterprise cybersecurity architecture, IAM, cloud security, and threat detection tools.  
  
• Demonstrated experience conducting and managing enterprise risk assessments.   
  

Education

Job Tags

Similar Jobs