Sutter Health

Vice President, Chief Information Security Officer

Sutter Health

full-time

Posted on:

Location Type: Hybrid

Location: Sacramento • California • 🇺🇸 United States

Visit company website
AI Apply
Apply

Salary

💰 $189 - $256 per hour

Job Level

Lead

Tech Stack

CloudCyber Security

About the role

  • Develop and implement a multi-year information security strategy that aligns with organizational priorities, digital transformation goals, and regulatory requirements.
  • Advise the CEO, CDO, COO, and Board of Directors on emerging cyber threats, risks to patient care, and mitigation strategies.
  • Lead enterprise participation in healthcare security coalitions, information sharing groups (e.g., H-ISAC), and public–private partnerships.
  • Establish and maintain a security governance program based on healthcare-aligned frameworks (NIST CSF 2.0, HITRUST CSF, HICP, HIPAA/HITECH).
  • Drive enterprise risk assessments and develop mitigation plans for cybersecurity, privacy, and clinical safety risks.
  • Ensure compliance with HIPAA, HITECH, CMS, FDA (for medical device security), and state privacy regulations.
  • Oversee security audits, penetration tests, and third-party/vendor risk assessments, ensuring remediation of findings.
  • Protect the Electronic Health Record (EHR), patient-facing portals, and digital health platforms against compromise, downtime, or data loss.
  • Partner with Clinical Engineering and Biomedical teams to secure medical devices and Internet of Medical Things (IoMT).
  • Lead preparedness for ransomware, phishing, insider threats, and advanced persistent threats with an emphasis on minimizing patient safety impact.
  • Oversee disaster recovery and business continuity planning in alignment with emergency preparedness and patient safety frameworks.
  • Partner with Digital, Compliance, Privacy, Clinical, and Operational leaders to embed security into new initiatives, system design, and patient engagement platforms.
  • Build and lead organization-wide security awareness and phishing-resistance training tailored to caregivers, clinicians, and administrative staff.
  • Serve as the public face of information security during regulatory reviews, patient safety investigations, and stakeholder engagements.
  • Recruit, develop, and lead a high-performing healthcare cybersecurity team across areas such as threat intelligence, incident response, IAM, and risk management.
  • Promote a culture of accountability, clinical safety, and innovation in cybersecurity practices.
  • Provide coaching and mentoring for next-generation security leaders.

Requirements

  • Bachelor’s degree in Information Technology, Cybersecurity, Healthcare Administration, or related field required; Master’s degree preferred.
  • 10+ years of progressive leadership in information security and risk management, with 5+ years in healthcare or another highly regulated industry.
  • Demonstrated success implementing enterprise cybersecurity programs in a multi-hospital health system, payer, or large healthcare delivery network.
  • Deep knowledge of HIPAA, HITECH, CMS, OCR enforcement, FDA guidance for medical devices, and healthcare-specific risk management frameworks.
  • Expertise in EHR security (Epic preferred), identity and access management, cloud security, and medical device security.
  • Strong business and clinical acumen; ability to align security with patient care priorities.
  • Exceptional communication skills with the ability to present to clinical leaders, executives, and boards.
  • Relevant certifications strongly preferred: CISSP, HCISPP, CISM, CISA, or CHPS.
Benefits
  • Yes 📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
information security strategycybersecurity programsrisk managementEHR securityidentity and access managementcloud securitymedical device securitypenetration testingdisaster recovery planningbusiness continuity planning
Soft skills
leadershipcommunicationcoachingmentoringcollaborationstrategic thinkingproblem-solvinginnovationaccountabilityclinical acumen
Certifications
CISSPHCISPPCISMCISACHPS