Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
PAM Health

Chief Information Security Officer – CISO

PAM Health

. Leads the enterprise cybersecurity program across corporate and facility environments, including networks, endpoints, servers, cloud services, applications, EHR/clinical systems, identity and access management, and third parties that create, receive, maintain, or transmit ePHI .

Posted 5/6/2026full-timePlano • Pennsylvania, Texas • 🇺🇸 United StatesLeadWebsite

Tech Stack

Tools & technologies
CloudCyber Security

About the role

Key responsibilities & impact
  • Leads the enterprise cybersecurity program across corporate and facility environments, including networks, endpoints, servers, cloud services, applications, EHR/clinical systems, identity and access management, and third parties that create, receive, maintain, or transmit ePHI
  • Develop and maintain a multi-year information security strategy and roadmap aligned to PAM Health’s risk appetite, clinical needs, and business objectives
  • Establish security governance (policies, standards, and procedures) and oversee a risk-based security program aligned to recognized frameworks (e.g., NIST CSF), healthcare requirements, and organizational priorities
  • Oversee HIPAA Security Rule administrative, physical, and technical safeguard alignment for ePHI, including periodic risk analysis, risk management plans, and documentation/evidence required for audits and assessments
  • Own enterprise cybersecurity risk management: maintain a security risk register, drive prioritization, ensure remediation tracking, and provide executive-level risk reporting and metrics
  • Direct security operations, including vulnerability management, threat detection/monitoring, security tooling strategy, and response processes (internal team and/or managed security service providers)
  • Lead incident response preparedness and execution: develop and test playbooks, coordinate tabletop exercises, manage escalation, ensure lessons-learned remediation, and coordinate regulatory/contractual notification readiness
  • Partner with IT and business leaders to embed security into architecture and delivery (security-by-design), including secure configuration baselines, segmentation, encryption standards, logging, and change management
  • Oversee identity and access management governance (role-based access, privileged access, access reviews, and least-privilege) to support “minimum necessary” access principles for ePHI
  • Establish and operate a third-party risk management program for vendors/business associates, including due diligence, security requirements in contracting, periodic reassessments, and remediation tracking
  • Collaborate with Privacy, Compliance, Legal, and HR on security awareness, training, and enforcement of policies and sanctions related to security and acceptable use
  • Oversee business continuity and disaster recovery security requirements in partnership with IT/Operations, including ransomware resilience, backup protections, and recovery testing
  • Provide executive-level communication on security posture, material risks, and improvement plans; prepare reporting suitable for senior leadership and Board/Board committees as applicable

Requirements

What you’ll need
  • Bachelor’s degree in Information Security, Computer Science, Information Systems, or related field required
  • Master’s degree (e.g., MS, MBA, MHA) preferred
  • Current security leadership certifications strongly preferred (e.g., CISSP, CISM, CISA, CRISC)
  • Minimum of 10 years progressive information security experience, including 5+ years in senior leadership with accountability for enterprise security program delivery
  • Demonstrated experience in healthcare environments (provider and/or post-acute preferred), including protection of ePHI, regulatory readiness (HIPAA/HITECH), incident response leadership, and third-party/vendor risk management
  • Experience with cloud security, identity governance, security operations, and partnering with IT and clinical/operational leaders
  • Preferred experience includes: security program governance (NIST CSF), risk assessment and remediation planning, vulnerability/patch management, security monitoring, ransomware preparedness, business continuity/disaster recovery testing, and business associate/vendor security due diligence

Benefits

Comp & perks
  • Competitive pay
  • Generous paid benefit time
  • Excellent insurance options
  • Opportunities for professional growth through Education Advancement Program

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
cybersecurityinformation security strategyrisk managementincident responsevulnerability managementthreat detectionidentity and access managementcloud securitybusiness continuitydisaster recovery
Soft Skills
leadershipcommunicationcollaborationstrategic planningrisk reportinggovernancetrainingpolicy enforcementproblem-solvingexecutive communication
Certifications
CISSPCISMCISACRISC