Jobs search

Chief Information Security Officer

Outcomes • Full-time • Orlando, FL, US • 4d ago

Chief Information Security Officer (CISO)

Location: Remote / Hybrid (US)

Reports to: COO

Industry: Healthcare Technology

Role Summary

The Chief Information Security Officer (CISO) is responsible for establishing, executing, and continuously improving the organization’s enterprise information security, privacy, and risk management program. This role is critical to ensuring the confidentiality, integrity, and availability of healthcare data—including PHI—while enabling rapid software innovation in a regulated pharmacy and healthcare technology environment.

The CISO will lead security strategy across HITRUST CSF, SOC 2 (Type I & II), HIPAA/HITECH, and aligned frameworks (NIST 800-53, NIST CSF), with a strong focus on secure software development lifecycle (SSDLC), cloud security, audit readiness, and customer trust.

Key Responsibilities

Security Strategy & Governance

Define and execute the enterprise information security strategy aligned to business growth, product roadmap, and regulatory requirements
Serve as the executive owner of cybersecurity risk management, reporting regularly to executive leadership and the Board
Establish security policies, standards, and metrics aligned with HITRUST CSF, SOC 2, HIPAA, and NIST frameworks

Compliance, Audit & Risk Management

Own and lead HITRUST certification (initial and recertification), including control design, evidence management, assessor engagement, and gap remediation
Lead SOC 2 Type II audits, including Trust Services Criteria (Security, Availability, Confidentiality, Privacy)
Oversee HIPAA/HITECH compliance and third-party risk management for customers, partners, and vendors
Translate audit and risk findings into actionable remediation plans without slowing business execution

Secure Software Development Lifecycle (SSDLC)

Embed security into all phases of the software development lifecycle (SDLC), including:
Secure architecture standards
Threat modeling
SAST/DAST and dependency scanning
Secure code reviews and change management
Partner closely with Engineering, DevOps, and Product teams to enable “secure-by-design” pharmacy and healthcare applications
Define and enforce security controls for CI/CD pipelines and cloud-native environments (AWS/Azure/GCP)

Incident Response & Security Operations

Own incident response planning, tabletop exercises, breach response, and regulatory notification processes
Oversee vulnerability management, penetration testing, and continuous monitoring programs
Ensure operational readiness for security events affecting pharmacy operations, customer systems, or patient data

Customer, Sales & External Trust Enablement

Act as executive security liaison for customers, payers, auditors, prospects, and partners
Support enterprise sales cycles with security documentation, compliance narratives, and customer risk reviews
Drive trust differentiation through strong external assurance (HITRUST, SOC 2) without creating sales friction

Leadership & Team Development

Build and lead a high-performing security, GRC, and risk organization
Mentor technical and non-technical stakeholders on healthcare cybersecurity best practices
Foster a culture where security enables innovation rather than blocks it

Required Qualifications

10+ years of progressive experience in information security, including senior leadership roles
Deep hands-on experience leading HITRUST CSF and SOC 2 audits in healthcare or healthcare SaaS environments
Strong understanding of:
HIPAA / HITECH
NIST 800-53 / NIST CSF
Secure SDLC and DevSecOps
Proven ability to operate effectively with engineering, audit, legal, and executive teams

Preferred Qualifications

Experience in Pharmacy Management Systems (PMS), EHR, payer platforms, or healthcare SaaS
Familiarity with cloud security architectures and zero-trust models
CISSP, CISM, CCSK, or similar certifications
Experience supporting large healthcare customers, PBMs, payers, and CMS-regulated environments

What Success Looks Like