Skip Navigation
Our Future Begins With You
Our Future Begins With You

As a health care organization, Lahey Hospital and Medical Center is committed to providing high quality, safe patient care. As an employer, Lahey is committed to ensuring a professional environment where every staff member is encouraged to excel. green decorative barWith a team approach to care, physicians and nurses at Lahey work side-by-side with allied health professionals, medical technologists, and administrative and support staff to deliver on our mission. Lahey encourages learning and growth at all levels, and we offer competitive salaries and benefits.

VP Chief Info Security Officer

Job ID 140489 Date posted 11/13/2017


Position Summary:

The Vice President and Chief Information Security Officer (VP/CISO) is a senior-level position, responsible for information security across Lahey Health, and a key member of the SVP/CIO?s leadership team. The VP/CISO is responsible for the development, implementation and management of network security, computer security, and information security for the Lahey community. The VP/CISO leads the response to security incidents, serving as primary IT contact point for information security matters that require coordination within the central IT organization as well as the external community. The VP/CISO will oversee the coordination of computer information security matters with Lahey Health?s safety office, legal counsel, audit, business units, and external agencies, as appropriate. The position will also provide specialized security consulting, materials, programs, and analysis related to information security and IT policy. The VP/CISO will coordinate the development and implementation of high-level security policies, practices, standards, and programs; including an enterprise-wide IT security education and awareness program. Additional duties include proactively leading IT risk assessments, IT security and policy research, and then evaluating and overseeing the implementation of procedural and technical security measures for the Lahey network, applications, computing systems and mobile devices to protect Lahey?s information assets. The VP/CISO also leads the communication of information security to Lahey Health stakeholders to assure compliance with IT security regulations and policies. Other responsibilities include the timely dissemination of security information as well as the performance of post-mortem and forensic analysis of incidents, as appropriate; overseeing Lahey's computer security contacts; budget preparation, project planning; and internal/external reporting. The VP/CISO will work with other IT leaders to leverage Lahey Health--wide information access and services.

The VP/CISO works closely with IT management , Lahey Health audit and counsel as well as other Lahey staff to develop, maintain, review, and implement IT security and other key IT policies; internal best practices; high-availability infrastructure; and enterprise application processes that represent state-of-the-industry practices for IT security and compliance within a health care delivery setting.

Essential Duties & Responsibilities including but not limited to:

- Lead Information Security across Lahey Health.
- Lead a senior management team in governance processes of the organization?s security strategies.
- Lead strategic security planning to achieve organizational goals by prioritizing defense initiatives and coordinating the evaluation, deployment, and management of current and future security technologies using a risk-based assessment methodology.
- Develop and communicate security strategies and plans to executive team, staff, partners, and stakeholders.
- Assist with the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements.
- Develop, implement, maintain, and oversee enforcement of policies, procedures, and associated plans for system security administration and user system access based on industry-standard best practices.
- Define and communicate corporate plans, procedures, policies, and standards for the organization for acquiring, implementing, and operating new security systems, equipment, software, and other technologies.
- Act as advocate and primary liaison for Lahey Health?s security vision via regular written and in-person communications with executives, department heads, and end users.
- Work closely with IT department on corporate technology development to fully secure information, computer, network, and processing systems.
- Manage the administration of all computer security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and related software.
- Develop, track, and control the security services annual operating and capital budgets for purchasing, staffing, and operations.
- Recommend and implement changes in security policies and practices in accordance with changes in local or federal law and/or healthcare regulations.
- Assess and communicate any and all security risks associated with any and all purchases or practices performed by the company.
- Collaborate with IT leadership, health system privacy office, compliance, legal, and human resources to establish and maintain a system for ensuring that security and privacy policies are met.
- Where necessary, supervise recruitment, development, retention, and organization of security staff in accordance with corporate budgetary objectives and personnel policies.
- Promote and oversee strategic security relationships between internal resources and external entities, including government, vendors, and partner organizations.
- Remain informed on trends and issues in the security industry, including current and emerging technologies and prices. Advise, counsel, and educate executive and management teams on their relative importance and financial impact.
- Performs other duties as assigned.

Organizational Requirements:
- Maintain strict adherence to the Lahey Health Confidentiality policy.
- Incorporate Lahey Health Standards of Behavior and Guiding Principles into daily activities.
- Comply with all Lahey Health Policies.
- Comply with behavioral expectations of the department and Lahey Health.
- Maintain courteous and effective interactions with colleagues and patients.
- Demonstrate an understanding of the job description, performance expectations, and competency assessment.
- Demonstrate a commitment toward meeting and exceeding the needs of our customers and consistently adheres to Customer Service standards.
- Participate in departmental and/or interdepartmental quality improvement activities.
- Participate in and successfully completes Mandatory Education.
- Perform all other duties as needed or directed to meet the needs of the department.

Minimum Qualifications:

Education: Bachelor's Degree

Licensure, Certification & Registration: CISSP

Experience: 5 years in a dedicated IT Security related leadership role

Skills, Knowledge & Abilities: HIPAA, HITECH Act, PCI, COBIT

About Lahey Health

At Lahey Hospital & Medical Center, as one of the world's premier health care organizations, we provide superior health care leading to the best possible outcome for every patient. We exceed our patients' high expectations for service each day. We also help advance medicine through research and the education of tomorrow's health care leaders

We care for our patients with compassion and openness, unsurpassed expertise, a drive for continuous learning improvement, and with respect, caring, teamwork, excellence and commitment to doing our personal best.

Join our team and our mission of excellence by applying today!
How To Apply

Please apply directly online at Use the Job ID number to quickly locate the appropriate job listing. Once you have located the desired job, click on the checkbox in the 'Select' column, and then click the 'Apply Now' button, located at the bottom of the screen. Please note you are only able to select 5 jobs at a time.

Lahey Colleagues please apply directly through Colleague Connection using your Login and Password.