Summit BHC
Chief Information Security Officer | Summit Healthcare Mgmt | Franklin, Tennessee
Position Summary
The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the enterprise‑wide vision, strategy, and program to ensure that information assets and technologies are adequately protected. This executive‑level role oversees the development and implementation of policies, procedures, and systems to secure sensitive data, with particular emphasis on HIPAA compliance and safeguarding patient health information (PHI) across all behavioral healthcare facilities located in multiple states. The CISO will work closely with executive leadership, clinical teams, IT, compliance, and legal departments to align cybersecurity initiatives with business objectives and regulatory requirements.
Roles and Responsibilities
Information Security Strategy: Develop and implement an enterprise‑wide information security strategy aligned with the organization’s goals, regulatory landscape, and risk appetite.
Compliance and Risk Management: Ensure ongoing compliance with HIPAA, HITECH, state‑specific privacy laws, and other healthcare regulations. Lead regular risk assessments and audits to identify, evaluate, and mitigate cyber and data privacy risks.
Security Governance: Establish and enforce security policies, standards, and procedures. Create and maintain an information security governance framework to ensure accountability and risk‑based decision‑making.
Incident Response & Business Continuity: Lead the incident response program, including preparation, detection, containment, investigation, recovery, and post‑incident review. Collaborate with IT and operations to ensure robust disaster recovery and business continuity plans.
Security Architecture & Operations: Oversee the design, implementation, and management of security tools, systems, and processes to protect infrastructure, networks, applications, and data. Ensure secure configurations and controls are in place across cloud and on‑premise environments.
Third‑Party Risk Management: Evaluate and manage security risks related to vendors, business partners, and third‑party services. Conduct security due diligence and ongoing assessments of external relationships.
Leadership & Team Development: Build, lead, and mentor a high‑performing information security team. Foster a culture of cybersecurity awareness throughout the organization.
Training and Awareness: Develop and oversee security training and awareness programs tailored to clinical and administrative staff to promote best practices and reduce human factor vulnerabilities.
Board and Executive Reporting: Regularly brief the Board of Directors, executive leadership, and key stakeholders on security posture, incident trends, and strategic initiatives.
Qualifications Required
Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field
10+ years of experience in IT and cybersecurity, including 5+ years in a leadership or executive role
Strong knowledge of HIPAA, HITECH, NIST, and other healthcare‑relevant frameworks
Experience managing security in a multi‑site, multi‑state healthcare environment
Proven track record of leading incident response, risk management, and security governance programs
Preferred
Master’s degree in Cybersecurity, Healthcare Informatics, or Business Administration
Certifications such as CISSP, CISM, CISA, CRISC, or HCISPP
Familiarity with behavioral health operations, clinical workflows, and EMR/EHR systems (e.g., Epic, Cerner, or behavioral health‑specific platforms)
Why Summit Healthcare Mgmt? Summit Healthcare Mgmt offers a comprehensive benefit plan and a competitive salary commensurate with experience and qualifications. Qualified candidates should apply by submitting a resume. Summit Healthcare Mgmt is an EOE.
Veterans and military spouses are highly encouraged to apply. Summit BHC is dedicated to serving Veterans with specialized programming at our treatment centers across the country. We recognize and value the unique strengths of the military community in supporting our mission to serve those who have served.
Seniority Level Executive
Employment Type Full‑time
Job Function Information Technology
Industries Hospitals and Health Care
#J-18808-Ljbffr
Roles and Responsibilities
Information Security Strategy: Develop and implement an enterprise‑wide information security strategy aligned with the organization’s goals, regulatory landscape, and risk appetite.
Compliance and Risk Management: Ensure ongoing compliance with HIPAA, HITECH, state‑specific privacy laws, and other healthcare regulations. Lead regular risk assessments and audits to identify, evaluate, and mitigate cyber and data privacy risks.
Security Governance: Establish and enforce security policies, standards, and procedures. Create and maintain an information security governance framework to ensure accountability and risk‑based decision‑making.
Incident Response & Business Continuity: Lead the incident response program, including preparation, detection, containment, investigation, recovery, and post‑incident review. Collaborate with IT and operations to ensure robust disaster recovery and business continuity plans.
Security Architecture & Operations: Oversee the design, implementation, and management of security tools, systems, and processes to protect infrastructure, networks, applications, and data. Ensure secure configurations and controls are in place across cloud and on‑premise environments.
Third‑Party Risk Management: Evaluate and manage security risks related to vendors, business partners, and third‑party services. Conduct security due diligence and ongoing assessments of external relationships.
Leadership & Team Development: Build, lead, and mentor a high‑performing information security team. Foster a culture of cybersecurity awareness throughout the organization.
Training and Awareness: Develop and oversee security training and awareness programs tailored to clinical and administrative staff to promote best practices and reduce human factor vulnerabilities.
Board and Executive Reporting: Regularly brief the Board of Directors, executive leadership, and key stakeholders on security posture, incident trends, and strategic initiatives.
Qualifications Required
Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field
10+ years of experience in IT and cybersecurity, including 5+ years in a leadership or executive role
Strong knowledge of HIPAA, HITECH, NIST, and other healthcare‑relevant frameworks
Experience managing security in a multi‑site, multi‑state healthcare environment
Proven track record of leading incident response, risk management, and security governance programs
Preferred
Master’s degree in Cybersecurity, Healthcare Informatics, or Business Administration
Certifications such as CISSP, CISM, CISA, CRISC, or HCISPP
Familiarity with behavioral health operations, clinical workflows, and EMR/EHR systems (e.g., Epic, Cerner, or behavioral health‑specific platforms)
Why Summit Healthcare Mgmt? Summit Healthcare Mgmt offers a comprehensive benefit plan and a competitive salary commensurate with experience and qualifications. Qualified candidates should apply by submitting a resume. Summit Healthcare Mgmt is an EOE.
Veterans and military spouses are highly encouraged to apply. Summit BHC is dedicated to serving Veterans with specialized programming at our treatment centers across the country. We recognize and value the unique strengths of the military community in supporting our mission to serve those who have served.
Seniority Level Executive
Employment Type Full‑time
Job Function Information Technology
Industries Hospitals and Health Care
#J-18808-Ljbffr