Chief Information Security Officer

Presbyterian Healthcare Services (PHS) seeks a dynamic, imaginative, and distinguished executive to serve as its next Chief Information Security Officer (CISO). As a critical member of the senior leadership team, the CISO will lead the strategic vision and execution of an enterprise-wide information security and cyber risk management program that protects a premier integrated healthcare delivery network. This is a pivotal moment to join PHS. The organization is navigating a period of significant digital transformation, innovation, and growth, including a robust M&A roadmap. The next CISO will not merely be a technical gatekeeper but a strategic enabler who ensures that the health system's clinical excellence and the health plan's administrative integrity are anchored in a culture of security and resilience. The Opportunity for the incoming CISO includes:

• Elevating the Security Posture: Transitioning the program from traditional technical oversight to a sophisticated, risk-based ecosystem. This involves maturing the NIST Cybersecurity Framework (CSF) and ensuring 405(d) compliance across both the world-class clinical enterprise and the diverse health plan.
• Leading Cyber Resiliency: Serving as the executive champion for business resiliency, ensuring that patient safety, member services, and continuity of care remain uninterrupted during cyber events, technology failures, or third-party disruptions.
• Driving Innovation Safely: Partnering with clinical and digital leaders to integrate security into the adoption of AI, cloud technologies (AWS), and emerging quantum-resilient frameworks, ensuring PHS remains at the forefront of safe healthcare delivery.
• Influencing at the Highest Levels: Acting as the primary advisor to the Compliance and Audit Committee of the Board and the Chief Growth Officer. The CISO will have the mandate to translate complex cyber risks into clear clinical and business impacts, fostering a culture of shared accountability across the system.
• Building a Legacy of Talent: Mentoring and scaling a high-performing, customer-centric team of directors and architects who are viewed as collaborative partners across the entire $1.5B+ revenue enterprise.

The successful candidate will be a seasoned organizational leader with a strong technical/operational background and a "leader-teacher" mentality. They will possess the executive presence to thrive in a highly matrixed environment and the communication skills to turn a technical roadmap into an inspiring vision that aligns 13,000+ employees toward a common goal of protecting patient and member trust.

Work Arrangement:

• Remote: Open to applicants in the United States, excluding CA, IL, ND, NY, OH, WA, and WY.
• Hybrid: For individuals within 60 miles of Albuquerque, in-office presence is required Tuesday through Thursday., * Forward-Looking Strategy: Define and execute a multi-year, risk-based information security strategy aligned with PHS's growth and innovation roadmap.
• Governance & Maturity: Continuously mature the program using the NIST CSF and 405(d)-compliant frameworks to ensure critical systems are identified and reasonable controls are effectively executed.
• Executive Advocacy: Act as the key advisor to the Board, translating cyber risk into clinical impact and fostering a culture of shared accountability.
• Regulatory Watch: Stay abreast of state and national regulatory changes (HIPAA, HITECH, PCI DSS, JCAHO) and engage in professional development to keep PHS at the leading edge.

Policy, Compliance, and Audit

• Framework Management: Establish and maintain a comprehensive governance framework, including policies, standards, and risk appetite statements.
• Technical Security Oversight: Lead efforts to evaluate the adequacy of security controls for both on-prem and cloud (AWS) systems.
• Audit Excellence: Coordinate with Internal Audit and 3rd Party Auditors to keep audit focus in scope and maintain excellent relationships with regulatory entities.

Business Resiliency & Incident Response

• Resiliency Strategy: Provide executive leadership for cyber-related business resiliency, ensuring alignment with patient safety and continuity objectives.
• BC/DR Sponsorship: Serve as the executive sponsor for Business Continuity and Disaster Recovery capabilities related to ransomware and technology failures.
• Incident Control: Act as the primary control point during significant incidents, convening the Cybersecurity Incident Response Team (CSIRT) as necessary.

Operational & Emerging Tech

• IAM & Data Governance: Advance identity and access management strategies and data governance capabilities, including privacy-by-design.
• AI Governance: Participate in developing frameworks for secure adoption of AI and other emerging technologies.
• Vendor Risk: Strengthen third-party risk management for both IT-sourced technologies and the medical device ecosystem.

Do you have experience in Vendor risk management?, Do you have a Bachelor's degree?, * Required: Bachelor's degree; Advanced cybersecurity certification (CISSP, CISM, CISA, HCISPP, or SANS 700+ Series).

• Preferred: Advanced degree (Master's or higher) in a related field.

Knowledge and Work Experience

• Leadership Track Record: 10+ years of progressive leadership in information security, with significant experience in large, complex healthcare systems.
• Technical Depth: Demonstrated expertise in cybersecurity strategy, risk management, and governance frameworks (NIST, 405(d), SOC 2).
• Cloud & Digital: Deep understanding of digital transformation, AWS cloud security, and healthcare operations.
• Soft Skills: Superior ability to prioritize tasks in high-pressure environments and excellent presentation/communication skills., * Strategic Visionary: Able to anticipate industry demands and evolving external trends.
• Decision Maker: Effectively leverages data to create organizational value while considering ethical and political factors.
• Inclusive Leader: Champions an environment where diverse perspectives are valued and respected.
• High Integrity: Models high standards of performance, confidentiality, and sound judgment.

Pulled from the full job description

• Health insurance
• Retirement plan
• Paid time off
• Vision insurance
• Dental insurance
• Flexible spending account
• Life insurance, Benefits are effective day-one (for .45 FTE and above) and include:
• Competitive salaries
• Full medical, dental and vision insurance
• Flexible spending accounts (FSAs)
• Free wellness programs
• Paid time off (PTO)
• Retirement plans, including matching employer contributions
• Continuing education and career development opportunities
• Life insurance and short/long term disability programs

Presbyterian Healthcare Services is a locally owned, not-for-profit healthcare system of nine hospitals, a statewide health plan and a growing multi-specialty medical group. Founded in New Mexico in 1908, it is the state's largest private employer with approximately 11,000 employees. Presbyterian's story is really the story of the remarkable people who have chosen to work here. Starting with Reverend Cooper who began our journey in 1908, the hard work of thousands of physicians, employees, board members, and other volunteers brought Presbyterian from a tiny tuberculosis sanatorium to a statewide healthcare system, serving more than 700,000 New Mexicans. We are part of New Mexico's history - and committed to its future. That is why we will continue to work just as hard and care just as deeply to serve New Mexico for years to come. About New Mexico New Mexico's unique blend of Spanish, Mexican and Native American influences contribute to a culturally rich lifestyle. Add in Albuquerque's International Balloon Fiesta, Los Alamos' nuclear scientists, Roswell's visitors from outer space, and Santa Fe's artists, and you get an eclectic mix of people, places and experiences that make this state great. Cities in New Mexico are continually ranked among the nation's best places to work and live by Forbes magazine, Kiplinger's Personal Finance, and other corporate and government relocation managers like Worldwide ERC.