Chief Information Security Officer

Overview Chief Information Security Officer (CISO) The Chief Information Security Officer is a senior executive responsible for defining and overseeing the enterprise-wide vision, strategy, and execution of information security programs that safeguard all organizational data and technology. Reporting directly to the CEO and/or Board of Directors, the CISO plays a pivotal role in managing security risk across both the Academic/Research and Clinical/Patient Care operations of the integrated university and hospital system. Position Details Salary: $250-2750k Type: Full-time, direct hire Location: Washington DC, onsite 3 days a week Strategic Direction & Executive Leadership Build and execute a long-term cybersecurity vision that supports the institution’s academic initiatives, research priorities, and clinical mission. Lead and develop the security department, offering coaching, structure, and direction to cybersecurity personnel and partner teams. Establish the organization’s security policies, governance models, and standards to ensure consistent risk management practices. Oversee financial planning for cybersecurity, including technology investments, service contracts, and budget management. Risk Oversight & Regulatory Alignment Supervise all risk assessments, compliance reviews, and internal/external audits, ensuring timely closure of any identified risks. Maintain adherence to all regulatory requirements applicable to both sectors: Hospital/Clinical: HIPAA/HITECH, CMS guidelines, and relevant state-level data protection rules. University/Research: FERPA, NIST SP 800-171 for research compliance, and PCI DSS for payment and donation processing. Direct the institution’s incident management program—coordinating preparation, testing, and response efforts during cybersecurity events affecting either environment. Operational Security Management Lead the selection, deployment, and ongoing support of cybersecurity technologies (e.g., SIEM tools, firewalls, intrusion detection systems, endpoint protection). Oversee vulnerability assessments, penetration testing initiatives, and continuous monitoring activities. Work closely with IT, engineering, research teams, and clinical technology leaders to incorporate secure design principles into all systems and projects. Communication, Influence & Education Act as the organization’s primary authority on cybersecurity matters for executives, trustees, faculty, students, clinicians, and administrative teams. Create and oversee training and awareness programs tailored to the specific needs of academic users, researchers handling sensitive data, and clinical professionals. Provide routine briefings to senior leadership and the Board on emerging risks, ongoing initiatives, and the overall security posture. Required Qualifications Education: Bachelor’s degree in Computer Science, Information Systems, or a related technical field (Master’s preferred). Professional Background: At least 10 years of progressive cybersecurity experience. Minimum 5 years serving in a senior leadership capacity (e.g., CISO, Security Executive, VP of Cybersecurity). Dual-sector experience: Strong understanding of both healthcare and higher-education cybersecurity and regulatory environments. Certifications: One or more required—CISSP, CISM, or equivalent. Key Skills & Core Competencies Advanced knowledge of enterprise security design, network and cloud protection strategies, and modern risk evaluation techniques. Strong familiarity with frameworks such as NIST Cybersecurity Framework, ISO 27001, and the MITRE ATT&CK model. Outstanding leadership presence with the ability to collaborate, influence, and guide diverse groups across a complex institution. Demonstrated success in leading security incident response efforts and handling high-pressure situations. Proven ability to implement practical, scalable security practices in environments balancing open research culture with rigorous patient data protection requirements.