Chief Information Security Officer

At Texas Children’s Hospital, our mission starts with our people. Guided by our HEART values—Humility, Excellence, Accountability, Respect, and Trust—we strive to create a workplace where teammates feel valued, supported, and empowered to do their best work every day.

The Chief Information Security Officer is a strategic leader responsible for designing, implementing, and advancing a comprehensive cybersecurity program that safeguards sensitive health information and critical systems across the Texas Children’s enterprise. This role partners closely with executive leadership to align security initiatives with organizational priorities—ensuring regulatory compliance, strengthening risk management, and fostering a culture of security awareness in support of delivering exceptional care.

What You’ll Do:

Lead Enterprise Security Strategy

• Define and execute a forward-looking information security strategy aligned with organizational and clinical priorities
• Establish scalable, enterprise-wide security frameworks, policies, and standards
• Partner with executive leadership to integrate cybersecurity into broader business and technology strategies

Protect Critical Systems & Data

• Safeguard the confidentiality, integrity, and availability of ePHI and other sensitive data across the organization
• Identify, assess, and mitigate cybersecurity risks in a complex healthcare environment
• Strengthen defenses against evolving threats through proactive monitoring and continuous improvement

Drive Compliance & Governance

• Ensure compliance with HIPAA, HITECH, and applicable federal and state regulations
• Align security practices with industry standards such as NIST and ISO frameworks
• Lead audit readiness efforts and support regulatory and accreditation requirements, including Joint Commission standards

Lead Incident Response & Risk Management

• Oversee incident response capabilities, including detection, investigation, containment, and recovery
• Develop and maintain robust risk management and remediation strategies
• Provide clear, timely communication and reporting during security events

Advance Security Through Technology & Innovation

• Partner with IT to embed security across infrastructure, applications, and digital health technologies
• Oversee security practices related to cloud environments, identity and access management, and data protection
• Ensure secure integration of EHR systems and medical devices

Build a Culture of Security Awareness

• Champion security awareness and training programs for teammates and clinical staff
• Promote a culture of accountability and shared responsibility for protecting patient and organizational data

Lead & Develop High-Performing Teams

• Build, mentor, and lead a high-performing information security team
• Establish clear goals, performance expectations, and professional development pathways
• Foster collaboration across teams to drive security maturity and operational excellence

Provide Strategic Insight to Leadership

• Deliver regular security updates, risk assessments, and actionable insights to executive leadership and the board
• Translate complex technical risks into clear business impact and strategic recommendations

Strengthen Enterprise Partnerships

• Collaborate with IT, Compliance, Legal, Risk, and operational leaders to embed security across all functions
• Manage third-party/vendor risk and ensure strong external security practices

Expertise & Leadership Capabilities

• Deep knowledge of healthcare regulations (HIPAA, HITECH) and security frameworks (NIST, ISO/IEC 27001)
• Experience in risk assessment, incident response, and security operations in complex environments
• Strong understanding of EHR systems, medical device security, and healthcare technologies
• Expertise in cloud security, identity & access management, and data protection strategies
• Experience managing third-party/vendor security risk

What You'll Bring:

Required Experience

- 7+ years of progressive experience in information security
- 3+ years of experience in a healthcare environment
5+ years of leadership or management experience

Education

• Bachelor’s degree in information security, Computer Science, Information Technology, or related field (required)
• Master’s degree (preferred)

Preferred Certifications

• CISSP – Certified Information Systems Security Professional
• CISM – Certified Information Security Manager
• HCISPP – Healthcare Information Security and Privacy Practitioner