VP, Cybersecurity/CISO - IT Administration - Full Time (Hybrid) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Guthrie · 1 week ago

VP, Cybersecurity/CISO - IT Administration - Full Time (Hybrid)

positionSayre, PA
timeFull-time
remoteHybrid
seniorityDirector/Executive
date10+ years exp

Guthrie is a non-profit, multispecialty health system that integrates clinical care, hospital services, research, and education. The Vice President, Cybersecurity and Chief Information Security Officer (CISO) is responsible for leading the enterprise cybersecurity vision, ensuring the confidentiality and integrity of critical information systems while managing a multidisciplinary cybersecurity team.

Health CareHospitalPersonal Health
check
Growth Opportunities
check
H1B Sponsor Likelynote
Hiring Manager
Rebecca Signs
linkedin

Responsibilities

Develop, maintain, and oversee a comprehensive enterprise information security and IT risk management program, grounded in HITRUST CSF, NIST CSF, and leading industry frameworks
Lead all cybersecurity and infrastructure operations teams, including hiring, development, and performance management
Establish and chair an Information Security Steering Committee
Provide cybersecurity program reporting to The Guthrie Clinic Audit Committee and annual program reporting to the full Guthrie Clinic Board of Directors, and other leadership and Guthrie hospital board meetings as requested
Develop, publish, and maintain security policies, standards, and guidelines
Ensure compliance with the HIPAA Security Rule, NY DOH cybersecurity regulations, PCI DSS, and other applicable federal and state healthcare cybersecurity regulations
Work with enterprise business units to define acceptable residual risk levels and manage risk remediation plans
Lead formal risk assessment processes, including cyber risk quantification to inform executive decision‑making
Create and maintain a robust program for information classification, ownership, accountability, and protection
Monitor external threats and emerging technologies, including AI‑related risks, and advise on appropriate mitigation strategies
Support annual cyber insurance renewal process
Lead a comprehensive TPRM program, including evaluation, onboarding, monitoring, and continuous assessment of vendor cybersecurity and cloud service providers
Oversee medical device cybersecurity programs, coordinating with clinical engineering and biomedical teams to protect connected clinical technologies
Oversee security operations center (SOC) functions and SIEM, SOAR, and DLP technologies
Lead incident response and investigation processes, including post‑incident analysis and continuous improvement
Oversee vulnerability management, penetration testing, and configuration hardening programs
Partner with enterprise architecture teams to ensure alignment between security principles and system design
Provide security guidance for IT projects, cloud adoption, AI initiatives, and new clinical technology implementations
Ensure the secure design, implementation, and continuous cyber governance of the organization’s Epic electronic health record (EHR) environment, spanning access controls, third‑ party risk, and SEER compliance
Develop and deliver cybersecurity training programs for all employees, contractors, and system users
Drive a culture of security awareness and shared accountability across the organization
Create a metrics and reporting framework to measure program maturity, operational performance, and risk exposure
Manage internal and external cybersecurity resources, contracts, and consulting partnerships
Perform other duties as required in support of The Guthrie Clinic’s mission and objectives

Qualification

Cybersecurity leadershipRisk managementNIST CSF implementationHIPAA complianceIncident responseAI governanceMedical device securityThird-party risk managementDigital forensicsAnalytical skillsBudget managementContract negotiationHealthcare cybersecurityCybersecurity trainingProblem-solving skillsLeadershipCommunication skillsTeam management

Required

10+ years of combined experience in cybersecurity, risk management, and information technology, with at least four years in a senior leadership role
Demonstrated experience and measurable outcomes in: Healthcare cybersecurity leadership
Cyber threat and risk frameworks and executive‑level risk reporting
NIST CSF and or HITRUST CSF implementation and maturity progression
Incident response, threat detection, digital forensics, SOC operations, and vulnerability management
Third‑party risk management (TPRM) and vendor cybersecurity due diligence
HIPAA and NY DOH cybersecurity regulatory compliance
AI governance and AI threat related risk mitigation
Medical device and IoT security programs
Ability to concisely communicate complex cybersecurity and risk concepts to executive, clinical, and non‑technical audiences
Proven success building and maturing enterprise security programs in dynamic healthcare environments
Strong analytical and problem‑solving skills; proven calm, composed leadership under pressure
Experience negotiating contracts, managing budgets, and leading cross‑functional and interdisciplinary teams
Bachelor's degree in information technology, Computer Science, Information Security, or related field required
At least one active professional information security certification that requires CPEs such as CISSP, CISM, CISA, or similar required

Preferred

Master's degree preferred in Cybersecurity, Information Systems, Business Administration, Healthcare Administration, or a related discipline
GIAC Certifications (SANS Institute), FAIR, ITIL, PMI, or technical certifications (Microsoft, Cisco, Epic, etc.) preferred
A history of active membership and engagement in healthcare industry cybersecurity organizations is strongly preferred: Health‑ISAC (Health Information Sharing and Analysis Center), HSCC (Health Sector Coordinating Council) Cybersecurity Working Group, CHIME/AEHIS (Association for Executives in Healthcare Information Security)

Company

Guthrie

twittertwittertwitter
Glassdoor4.0
company-logo
Health care
dateFounded in 1910
location
Sayre, Pennsylvania, USA
people-size5001-10000 employees
web-link
http://www.guthrie.org

H1B Sponsorship

Guthrie has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2024 (1)
2023 (1)
2022 (1)

Funding

Current Stage
Late Stage
Total Funding
unknown
Key Investors
Fidelis Care
2025-05-14Grant

Leadership Team

leader-logo
Edmund Sabanegh
President & Chief Executive Officer, The Guthrie Clinic
linkedin
leader-logo
Brad Carvellas
SVP, Chief Digital Officer
linkedin

Recent News

Central New York Business Journal
Guthrie Clinic names new president of Corning Hospital
2026-01-03
GlobeNewswire
The Guthrie Clinic Announces New Chief Digital Officer
2025-12-24
Guthrie
LIFE-SAVING AORTIC PROCEDURE BRINGS HOPE TO RURAL COMMUNITIES
2025-09-23
Company data provided by crunchbase