• Job Description

  Req#: 42535
  Overview
  
  
  At SCA Health, we believe health care is about people – the patients we serve, the physicians we support and the teammates who push us forward. Behind every successful facility, procedure or innovation is a team of 15,000+ professionals working together, learning from each other and living out the mission, vision and values that define our organization.
  As part of Optum, SCA Health is redefining specialty care by developing more accessible, patient-centered practice solutions for a network of more than 370 ambulatory surgical centers, over 400 specialty physician practice clinics and numerous labs and surgical hospitals. Our work spans a broad spectrum of services, all designed to support physicians, health systems and employers in delivering efficient, value-based care to patients without compromising quality or autonomy.
  What sets SCA Health apart isn’t just what we do, it’s how we do it. Each decision we make is rooted in seven core values:
  • Clinical quality
  • Integrity
  • Service excellence
  • Teamwork
  • Accountability
  • Continuous improvement
  • Inclusion
  Our values aren’t empty words – they inform our attitudes, actions and culture. At SCA Health, your work directly impacts patients, physicians and communities. Here, you’ll find opportunities to build your career alongside a team that values your expertise, invests in your success, and shares a common mission to care for patients, serve physicians and improve health care in America.
  At SCA Health, we offer a comprehensive benefits package to support your health, well-being, and financial future. Our offerings include medical, dental, and vision coverage, 401k plan with company match, paid time off, life and disability insurance, and more. Click here to learn more about our benefits.
  Your ideas should inspire change. If you join our team, they will.
  
  Responsibilities
  
  
  The Chief Information Security Officer (CISO) is responsible for developing and executing a robust information security strategy that protects the organization’s digital assets, systems, and data across clinical, administrative, and third-party environments. This senior leader will bring deep cybersecurity expertise and knowledge of the healthcare industry, having led enterprise-scale security programs in large healthcare organizations. The CISO will ensure regulatory compliance, lead the adoption of the NIST Cybersecurity Framework (CSF), and drive security innovation aligned with business objectives.
  Key Responsibilities:
  Strategic Leadership
  • Design and lead an enterprise-grade cybersecurity program aligned with NIST CSF and tailored to the unique risks in healthcare environments.
  • Collaborate with executive leadership to define risk tolerance and report on security posture, emerging threats, and mitigation plans.
  • Establish security policies, procedures, and governance models based on industry standards and best practices.
  Risk Management & Regulatory Compliance
  • Lead enterprise risk assessments and ensure alignment with HIPAA, HITECH, NIST 800-53, 800-171, and other applicable regulatory frameworks.
  • Oversee risk mitigation strategies, vendor risk management, and the development of a comprehensive third-party security assessment process.
  • Manage audit readiness and lead remediation efforts for internal and external audits (e.g., OCR, HITRUST, SOC 2).
  Security Operations & Incident Response
  • Oversee security operations, including identity and access management (IAM), SIEM, vulnerability management, endpoint protection, and cloud security.
  • Lead the development and ongoing testing of incident response, disaster recovery (DR), and business continuity (BC) plans.
  • Coordinate and lead investigations of security incidents, breaches, and potential threats across the enterprise.
  • Lead incident response activities including forensic reviews, root cause analysis, and executive communications
  Program Development & Framework Adoption
  • Champion adoption of the NIST Cybersecurity Framework and maturity models (e.g., C2M2, CIS Controls).
  • Evaluate and integrate new security tools and technologies to enhance threat detection and response capabilities.
  • Ensure alignment of cybersecurity strategy with digital transformation initiatives, including EHR systems, telehealth, and cloud migration.
  Team Leadership & Culture Building
  • Build and lead a high-performing information security team with cross-functional expertise in GRC, SecOps, and cyber risk.
  • Develop a security training and awareness program for employees, clinicians, and contractors.
  • Foster a culture of security accountability and resilience across all levels of the organization.
  
  Qualifications
  
  
  • Bachelor’s degree in Information Security, Computer Science, Information Systems, or related field; Master’s degree preferred.
  • 10+ years of progressive leadership experience in information security, including 5+ years as a CISO or equivalent in a large healthcare organization or health system.
  • Demonstrated expertise in applying NIST CSF, NIST 800-53, HITRUST, or similar frameworks in complex healthcare environments.
  • Proven track record of managing enterprise-wide security operations, incident response, and compliance initiatives.
  • Strong understanding of regulatory and compliance requirements in healthcare
  • Proven expertise in:
  • Identity and Access Management (IAM) solutions and workflows
  • Privileged Access Management (PAM) tools and governance
  Preferred Certifications:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • HealthCare Information Security and Privacy Practitioner (HCISPP)
  • Certified in Risk and Information Systems Control (CRISC)
  • HITRUST Certified CSF Practitioner (CCSFP)
  Key Competencies:
  • Visionary leadership with strategic and operational cybersecurity experience
  • Deep knowledge of healthcare IT systems, including EHRs, HIEs, and clinical workflows
  • Strong understanding of federal and state healthcare regulations
  • Collaborative leadership style with strong interpersonal skills
  • Excellent communication skills with the ability to translate technical risks for executive stakeholders
  • Results-driven with continuous improvement mindset
  USD $150,000.00/Yr. USD $220,000.00/Yr.
  
  • Bachelor’s degree in Information Security, Computer Science, Information Systems, or related field; Master’s degree preferred.
  • 10+ years of progressive leadership experience in information security, including 5+ years as a CISO or equivalent in a large healthcare organization or health system.
  • Demonstrated expertise in applying NIST CSF, NIST 800-53, HITRUST, or similar frameworks in complex healthcare environments.
  • Proven track record of managing enterprise-wide security operations, incident response, and compliance initiatives.
  • Strong understanding of regulatory and compliance requirements in healthcare
  • Proven expertise in:
  • Identity and Access Management (IAM) solutions and workflows
  • Privileged Access Management (PAM) tools and governance
  Preferred Certifications:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • HealthCare Information Security and Privacy Practitioner (HCISPP)
  • Certified in Risk and Information Systems Control (CRISC)
  • HITRUST Certified CSF Practitioner (CCSFP)
  Key Competencies:
  • Visionary leadership with strategic and operational cybersecurity experience
  • Deep knowledge of healthcare IT systems, including EHRs, HIEs, and clinical workflows
  • Strong understanding of federal and state healthcare regulations
  • Collaborative leadership style with strong interpersonal skills
  • Excellent communication skills with the ability to translate technical risks for executive stakeholders
  • Results-driven with continuous improvement mindset
  
  
  The Chief Information Security Officer (CISO) is responsible for developing and executing a robust information security strategy that protects the organization’s digital assets, systems, and data across clinical, administrative, and third-party environments. This senior leader will bring deep cybersecurity expertise and knowledge of the healthcare industry, having led enterprise-scale security programs in large healthcare organizations. The CISO will ensure regulatory compliance, lead the adoption of the NIST Cybersecurity Framework (CSF), and drive security innovation aligned with business objectives.
  Key Responsibilities:
  Strategic Leadership
  • Design and lead an enterprise-grade cybersecurity program aligned with NIST CSF and tailored to the unique risks in healthcare environments.
  • Collaborate with executive leadership to define risk tolerance and report on security posture, emerging threats, and mitigation plans.
  • Establish security policies, procedures, and governance models based on industry standards and best practices.
  Risk Management & Regulatory Compliance
  • Lead enterprise risk assessments and ensure alignment with HIPAA, HITECH, NIST 800-53, 800-171, and other applicable regulatory frameworks.
  • Oversee risk mitigation strategies, vendor risk management, and the development of a comprehensive third-party security assessment process.
  • Manage audit readiness and lead remediation efforts for internal and external audits (e.g., OCR, HITRUST, SOC 2).
  Security Operations & Incident Response
  • Oversee security operations, including identity and access management (IAM), SIEM, vulnerability management, endpoint protection, and cloud security.
  • Lead the development and ongoing testing of incident response, disaster recovery (DR), and business continuity (BC) plans.
  • Coordinate and lead investigations of security incidents, breaches, and potential threats across the enterprise.
  • Lead incident response activities including forensic reviews, root cause analysis, and executive communications
  Program Development & Framework Adoption
  • Champion adoption of the NIST Cybersecurity Framework and maturity models (e.g., C2M2, CIS Controls).
  • Evaluate and integrate new security tools and technologies to enhance threat detection and response capabilities.
  • Ensure alignment of cybersecurity strategy with digital transformation initiatives, including EHR systems, telehealth, and cloud migration.
  Team Leadership & Culture Building
  • Build and lead a high-performing information security team with cross-functional expertise in GRC, SecOps, and cyber risk.
  • Develop a security training and awareness program for employees, clinicians, and contractors.
  • Foster a culture of security accountability and resilience across all levels of the organization.

• About the company

  SCA Health, is one of the largest providers of outpatient surgery in the United States.

Notice