VP & Chief Information Security Officer

This is a strategic leadership role for a highly collaborative, service-driven, and visionary security professional. The ideal candidate will be an innovative thinker who balances risk with operational needs and who is passionate about protecting sensitive data in a mission-driven environment.

This VP & CISO will:

• Contribute to departmental goals, ensuring adherence to policies, procedures, quality, safety, and regulatory compliance.
• Build credibility with senior leadership, clinicians, and staff by providing informed leadership and participating in IT Governance and prioritization.
• Partner with CIO, CTO, and VP of Applications to define IT strategy aligned with the organizational and IT strategic plans.
• Evaluate IT changes for security risks; advises leadership on balancing security with usability to support BCH’s mission.
• Lead development and enforcement of enterprise information security policies, procedures, and programs.
• Define and drives a long-term security strategy and program to safeguard BCH’s information assets.
• Manage vendor relationships, resolves issues, and oversees vendor/third-party risk management processes.
• Lead security-related due diligence and integration for M&A activities.
• Collaborate across disciplines to ensure cybersecurity policies and standards are applied consistently.
• Support business technology planning with current insights and future-state vision.
• Ensure processes are in place for budgeting and lifecycle planning of strategic and tactical initiatives.

Qualifications:

• BA degree in a STEM discipline required; MA degree preferred.
• CISSP, CISM, or CISA certification required; CSM/CSPO preferred.
• 10+ years of IT or business leadership, with at least 5 years in a cybersecurity leadership role.
• Experience in academic and healthcare industries preferred.
• Extensive experience in security, regulatory compliance, and external audits.
• Strong management, analytical, and communication skills; effective with clients and senior leadership.
• Ability to evangelize IT security as essential to business operations; build trust and respect for security function.
• Innovative leader skilled at motivating cross-functional, interdisciplinary teams.
• In-depth knowledge of business risk, risk assessment, and risk-based decision-making.
• Expertise in frameworks and standards: ISO 27001/27002, NIST, SANS-CAG, COBIT, COSO, ITIL, etc.
• Well-versed in legal/regulatory requirements (PCI, HIPAA, FERPA, HI-TRUST, NIST).
• Strong understanding of security impacts of cloud, SaaS, and IoT architectures.
• Broad technical knowledge: OSI model, infrastructure, app dev, networks, enterprise architecture, etc.
• Hands-on experience with security technologies: firewalls, IDS, encryption, IAM, MFA, anti-malware, etc.
• Natural influencer and coalition builder; passionate about building high-performing teams.

Boston Children’s Hospital offers competitive compensation and unmatched benefits