Vice President, Chief Information Security Officer

Sanford Health is one of the largest and fastest-growing not-for-profit health systems in the United States. We’re proud to offer many development and advancement opportunities to our nearly 50,000 members of the Sanford Family who are dedicated to the work of health and healing across our broad footprint.

Work Shift:

8 Hours - Day Shifts (United States of America)

Scheduled Weekly Hours:

40

Union Position:

No

Department Details

Summary

The Vice President, Chief Information Security Officer (CISO) is responsible for the strategic leadership, vision, and execution of Sanford Health's enterprise-wide information security and cyber risk management programs. This role ensures the protection of patient, member, donor, customer, employee, and organizational data while enabling innovation, scalability, and agility across a rapidly growing healthcare system. The CISO is a key advisor to executive leadership and the Board, translating cyber risk into clinical and business impact and fostering a culture of shared accountability, resilience, and trust.

Job Description

Define and execute a forward-looking, risk-based information security strategy aligned with Sanford Health's growth, innovation, and M&A roadmap. Establish and maintain a comprehensive governance framework, including policies, standards, and risk appetite statements. Serve as a strategic advisor to executive leadership and the Board on cyber risk, resilience, and emerging threats. Lead the development of scalable, repeatable processes to support rapid integration of new entities and technologies. Oversee enterprise-wide information security risk management, including continuous risk assessments, mitigation strategies, and transparency of accepted risks. Partner with Compliance, Privacy, Legal, and Enterprise Risk to ensure alignment on regulatory requirements, audit readiness, and incident response. Maintain and evolve frameworks aligned with NIST, HICP, HIPAA, and other relevant standards. Implement cyber risk quantification models to support investment decisions and board-level reporting. Participate in the development of AI and emerging technology governance frameworks, ensuring secure and risk-aware adoption of AI, cloud, and quantum-resilient technologies. Build internal capacity to assess and secure new technologies rapidly and responsibly. Serve as a thought leader in healthcare cybersecurity, influencing industry policy and vendor ecosystems. Sponsor a robust enterprise-wide tabletop exercise and incident response program. Ensure strong delegation and operational execution across SOC, infrastructure, and application teams. Partner with Infrastructure, Applications, and Operations to drive joint disaster/event recovery, redundancy, and clinical/business continuity planning. Lead development of operational downtime procedures and resilience strategies. Establish and execute a comprehensive identity and access management strategy. Advance data governance capabilities, including PHI inventory, data lineage, and privacy-by-design. Strengthen third-party and vendor risk management, including non-IT sourced technologies and medical device ecosystems. Foster a culture of security as an enabler of innovation and care delivery. Develop a future-focused talent strategy, addressing skill gaps, continuous education, emerging skill assessments, and succession planning. Lead a modern, engaging security awareness and education program for all levels and demographics of the organization. Communicate effectively with technical and non-technical audiences, including board-level storytelling and executive influence. Lead Sanford's cyber insurance planning, including policy negotiation, risk transfer modeling, and alignment with enterprise risk management. Serves as Sanford Health's designated Information Security Officer under HIPAA. Expected to represent Sanford Health in industry consortiums, regulatory forums, and public-private partnerships.

Bachelor’s degree required. Master’s degree is preferred. Minimum of 10 years of progressive leadership in information security or related technical disciplines, with experience in large, complex healthcare or regulated environments.

Demonstrated expertise in cybersecurity strategy, risk management, governance, and regulatory compliance.Strong understanding of healthcare operations, data privacy, and digital transformation.Recognized industry certifications (e.g., CHISSP, CISSP, CISM, HCISPP) preferred.

Qualifications

Bachelor’s degree required. Master’s degree is preferred. Minimum of 10 years of progressive leadership in information security or related technical disciplines, with experience in large, complex healthcare or regulated environments.Demonstrated expertise in cybersecurity strategy, risk management, governance, and regulatory compliance.Strong understanding of healthcare operations, data privacy, and digital transformation.Recognized industry certifications (e.g., CHISSP, CISSP, CISM, HCISPP) preferred.

Sanford is an EEO/AA Employer M/F/Disability/Vet. 

If you are an individual with a disability and would like to request an accommodation for help with your online application, please call 1-877-673-0854 or send an email to talent@sanfordhealth.org.