Director, IT Security - Full Time, Days (Remote)

Some roles may be based outside of our Colorado office (remote-only positions). Roles based outside of our primary office can sit in any of the following states: AZ, CO, CT, FL, GA, ID, IL, KS, MA, MD, MI, MN, NC, NJ, OH, OR, PA, SC, TN, TX, UT, VA, WA, and WI. Please only apply if you are able to live and work primarily in one of the states listed above. State locations and specifics are subject to change as our hiring requirements shift.

ABOUT THE OPPORTUNITY

The Director of IT Security / Chief Information Security Officer (CISO) is responsible for developing, implementing, and maintaining the organization’s information security program to ensure the confidentiality, integrity, and availability of all digital assets, including electronic protected health information (ePHI). This role serves as the HIPAA Security Officer and leads enterprise cybersecurity efforts, risk management, incident response, and security governance. The CISO partners with clinical, operational, and IT leadership to align security with business and patient care objectives while ensuring compliance with regulatory requirements and safeguarding against evolving cyber threats.  

WHAT YOU WILL DO:

· Serves as the Director of IT Security / Chief Information Security Officer (CISO), ensuring compliance with all privacy and security regulations.

· Leads and mentors a team of security professionals, fostering growth, accountability, and operational excellence.

· Develops and maintains the enterprise cybersecurity strategy aligned with healthcare-specific risks.

· Leads security governance, risk management, and compliance (GRC) programs across the organization.

· Performs regular risk assessments and manages mitigation plans to protect electronic protected health information (ePHI).

· Oversees security operations, incident response, threat detection, and vulnerability management.

· Partners with IT, clinical, and business leadership to embed security into all technology initiatives.

· Develops and enforces security policies, procedures, and training to promote a strong security culture.

· Manages third-party security risks, including vendor assessments and contractual security requirements.

· Leads response and recovery for cybersecurity incidents, including coordination with legal and compliance.

· Provides executive leadership with regular reporting on cybersecurity posture, risks, and remediation status.

· Models the principles of a Just Culture, Organizational Values, and Leadership Competencies.

· Performs other duties as assigned. Must be HIPAA compliant.

WHAT YOU WILL NEED:

Experience:

• Minimum of 7 years of progressive experience in information security, with at least 3 years in a leadership or senior management role. 
• Demonstrated experience developing and leading enterprise-wide cybersecurity programs in regulated environments, preferably healthcare. 
• Hands-on experience with risk management frameworks (e.g., NIST, HITRUST) and HIPAA security compliance. 
• Proven track record managing security operations, incident response, and vulnerability management. 
• Experience collaborating with executive leadership, legal, compliance, and clinical stakeholders to align security with business and patient care priorities. 
• Strong background in vendor risk management, contract security reviews, and third-party assessments. 
• Prior experience leading security audits, risk assessments, and regulatory readiness activities. 

Licenses:

• N/A

Certification(s):

• Current Industry Certification such as Certified Information Systems Security Professional (CISSP) by the International Information Systems Security Certification Consortium (ISC²) required.
• Certified Health Information Security Leader (CHISL) certification preferred

Computer/Typing: