The VP of Information Security is the senior executive accountable for the protection of Piedmont Healthcare
system's information assets, technology infrastructure, and patient data across a complex, integrated delivery
network. Reporting directly to the Chief Information Officer (CIO), this position provides strategic vision,
enterprise-wide governance, and hands-on leadership for all aspects of information security, cyber risk, and
regulatory compliance. 

Will be responsible for building and sustaining a mature security program capable of defending against sophisticated threats targeting healthcare — one of the most targeted sectors in the world — while enabling the organization to leverage digital innovation, cloud platforms, and advanced analytics in support of its clinical and operational mission.

This role serves as a primary advisor to the CIO and the Information Security Steering Committee on all matters
of cybersecurity strategy, risk posture, and regulatory compliance, and is the organization's primary liaison to
government agencies, law enforcement, and external security partners in the event of a significant cyber
incident.

Security Strategy & Program Leadership

• Develop, implement, and continuously mature a comprehensive enterprise information security strategy
  aligned to business objectives, clinical operations, and the organization's risk appetite
• Build and govern a security program spanning people, processes, and technology — including security
  architecture, engineering, operations, threat intelligence, and incident response
• Establish and maintain a security governance framework, including policies, standards, procedures, and
  control frameworks (NIST CSF, HITRUST, ISO 27001, or equivalent)
• Serve as the organization's authoritative voice on cybersecurity strategy, communicating risk posture and
  program maturity to the CIO, executive leadership, and Board Audit/Risk Committee
• Define and manage a multi-year security roadmap, balancing proactive investment with operational
  sustainability

Risk Management & Threat Intelligence

• Own the enterprise cyber risk management program — identifying, assessing, prioritizing, and remediating risks across clinical, operational, and administrative systems
• Lead threat intelligence, vulnerability management, and red team/penetration testing programs to proactively identify and address exposure
• Maintain situational awareness of the evolving healthcare threat landscape, including ransomware, nationstate actors, medical device vulnerabilities, and supply chain risk
• Develop and maintain a comprehensive third-party and vendor risk management program, including security assessments for business associates and technology partners
• Ensure cyber risk is effectively quantified, reported, and integrated into enterprise risk management and
  strategic planning processes

Regulatory Compliance & Privacy

• Ensure the organization maintains compliance with all applicable information security and privacy regulations including HIPAA, HITECH, 21st Century Cures Act, state privacy laws, and CMS requirements
• Collaborate with the Privacy Officer, Legal, and Compliance teams to align security controls with privacy
  obligations and to manage regulatory inquiries and breach notification requirements
• Lead preparation for and response to OCR audits, state regulatory reviews, and other external assessments
• Monitor the evolving regulatory and legislative landscape and proactively advise leadership on implications for the security program

Clinical & Operational Technology Security

• Develop and lead a dedicated program for securing clinical technology, including medical devices, IoT/IoMT, connected diagnostics, and OT/ICS environments
• Partner with clinical engineering, nursing informatics, and physician leaders to implement security controls that protect patient safety without disrupting care delivery
• Drive secure design and deployment principles for EHR integrations, telehealth platforms, and digital health solutions
• Ensure security is embedded into system development lifecycle (SDLC) and technology procurement processes across the enterprise

Leadership & Culture

• Build, mentor, and retain a high-performing security team of 30–80+ professionals across security
  architecture, engineering, operations, GRC, and awareness
• Cultivate a strong security culture across the organization through executive engagement, workforce training, and a security-by-design mindset
• Foster a collaborative, transparent relationship with the CTO, infrastructure, and application teams to integrate security into technology operations
• Establish strong relationships with peer CISOs, government agencies (HHS, CISA, FBI), and healthcare information sharing organizations (H-ISAC)

Education

• Bachelor’s Degree in Computer Science, Information Security, Information Systems, or a related field required

Work Experience

• 10 years of progressive information security experience, with at least 7 years in a senior security leadership role (CISO, Deputy CISO, VP of Security, or equivalent)
• Demonstrated experience building and leading enterprise security programs at large, complex organizations — healthcare experience strongly preferred
• Proven track record managing significant cybersecurity incidents, including ransomware response, data breach notification, and regulatory investigations
• Experience presenting to and advising boards of directors, audit/risk committees, and C-suite executives on cyber risk and security strategy
• Familiarity with clinical environments, medical device security, and the unique operational constraints of healthcare delivery

Licenses and Certifications

• Professional certifications strongly preferred: CISSP, CISM, CISO, CRISC, GSLC, or equivalent; HCISPP or HITRUST certification

Disclaimer: The above information is intended to describe the general nature and level of work being performed
by people assigned to this job. It is not intended to be an exhaustive list of responsibilities, duties and skills
required of personnel so classified.