×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security

VP Information Security

Job in Dallas, Dallas County, Texas, 75215, USA
Listing for: The Security Executive Council
Full Time position
Listed on 2025-12-15
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below

Overview

Reporting to the SVP, Chief Information Officer, the VP Information Security is Baylor Scott & White Health’s (BSWH) senior executive responsible for cybersecurity strategy, risk reduction, and enterprise resilience across hospitals, clinics, ambulatory sites, enterprise systems (including EHR), clinical environments, and cloud platforms. Within IS’s Agile delivery model, the VP embeds “security by design” into backlogs, sprints, and release trains to translate strategy into day to day execution for product and platform teams.

The VP owns the NIST Cybersecurity Framework (CSF) adoption roadmap (Identify–Protect–Detect–Respond–Recover), ensures HIPAA/HITECH and healthcare specific compliance (e.g., 405(d) HICP; HITRUST mappings), and delivers measurable risk reduction via prioritized, evidence based investments. The CISO partners with Internal Audit, Risk, Compliance/Privacy, Legal, HR, Supply Chain/VMO, Clinical leadership, and IS Governance to align cyber risk decisions with patient safety, business goals, and financial stewardship.

The role operates with multiple Managed Service Providers (MSPs), governing cross provider standards, SLAs, joint playbooks, and unified metrics so BSWH presents one security posture.

Responsibilities
  • Cybersecurity

    Roadmap:

    Developing a Cybersecurity Road Map that could be used at both an Executive/Board Level and is also "translatable" to operational level teams.
  • Cascade the road map deliverables throughout the team, trackable as weekly, monthly, and yearly activities for the teams.
  • Cyber Program & Governance:
    Set the enterprise cybersecurity strategy and multi year roadmap aligned to NIST CSF 2.0; convert into budgets, OKRs, and measurable KRIs/KPIs.
  • Run executive security governance (e.g., Security Steering, Board/ISLC updates) with concise risk narratives and decision options.
  • Lead integration across MSPs (cyber, apps, infra, PMO): shared standards, SLAs, joint runbooks, cross tower escalations, and performance scorecards.
  • Embed Agile processes in daily operations
  • Own security policy/standards/baselines; drive “design time security” via enterprise architecture and Zero Trust.
  • Governance, Risk & Controls (GRC) / Cyber Program:
    Maintain enterprise risk register; quantify risk and prioritize remediation by business impact + exploitability + asset criticality.
  • Ensure regulatory, legal, and framework alignment (HIPAA/HITECH, 405(d) HICP, HITRUST mappings); coordinate internal/external audits and control testing.
  • Lead third party risk with Supply Chain/VMO (security schedules, right to audit, breach notification, continuous monitoring); track remediation to closure.
  • Operate a Cyber Risk & Performance dashboard mapped to NIST CSF and governance exhibits; present trends, heat maps, and decision asks.
  • Cyber Operations (SOC / Incident Response / Resilience):
    Oversee 24×7 SOC, SIEM, EDR/XDR, threat hunting, phishing defense, use case engineering; drive MTTD/MTTR improvements and alert quality.
  • Own Incident Response and Crisis Management: tested playbooks, ransomware readiness, forensics, breach notification with Privacy/Legal, executive and Board communications.
  • Lead cyber requirements for BC/DR (backup/restore integrity, cyber recovery, segmentation) including clinical technology; run joint tabletop exercises with MSPs.
  • Cyber Defense (Vulnerability/Exposure/Patch; Email/Network/Endpoint defense):
    Run an exposure management program that continuously measures risk and sequences remediation to eliminate the riskiest 20% that drive ~80% of exposure.
  • Align vulnerability SLAs by asset tier; orchestrate patching across internal teams and MSPs with defined maintenance windows and change governance.
  • Oversee platform defenses with domain leaders (e.g., Proofpoint for email, Firewall policy/governance, Endpoint protection standards).
  • Identity & Access Management (IAM):
    Own IAM/IGA, SSO/MFA, PAM, privileged session monitoring; enforce least privilege, JIT access, and high assurance controls for high risk workflows (e.g., EHR admin, OT).
  • Conduct periodic access reviews and certs; integrate identity guardrails into Agile CI/CD and change processes.
  • Data Protection:
    Lead data classification,…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search