Chief Information Security Officer

At Texas Children’s Hospital, our mission starts with our people. Guided by our HEART values—Humility, Excellence, Accountability, Respect, and Trust—we strive to create a workplace where teammates feel valued, supported, and empowered to do their best work every day.

The Chief Information Security Officer is a strategic leader responsible for designing, implementing, and advancing a comprehensive cybersecurity program that safeguards sensitive health information and critical systems across the Texas Children’s enterprise. This role partners closely with executive leadership to align security initiatives with organizational priorities—ensuring regulatory compliance, strengthening risk management, and fostering a culture of security awareness in support of delivering exceptional care.

• Define and execute a forward-looking information security strategy aligned with organizational and clinical priorities 
• Establish scalable, enterprise-wide security frameworks, policies, and standards 
• Partner with executive leadership to integrate cybersecurity into broader business and technology strategies 

• Safeguard the confidentiality, integrity, and availability of ePHI and other sensitive data across the organization 
• Identify, assess, and mitigate cybersecurity risks in a complex healthcare environment 
• Strengthen defenses against evolving threats through proactive monitoring and continuous improvement 

• Ensure compliance with HIPAA, HITECH, and applicable federal and state regulations 
• Align security practices with industry standards such as NIST and ISO frameworks  
• Lead audit readiness efforts and support regulatory and accreditation requirements, including Joint Commission standards 

• Oversee incident response capabilities, including detection, investigation, containment, and recovery 
• Develop and maintain robust risk management and remediation strategies 
• Provide clear, timely communication and reporting during security events 

• Partner with IT to embed security across infrastructure, applications, and digital health technologies 
• Oversee security practices related to cloud environments, identity and access management, and data protection 
• Ensure secure integration of EHR systems and medical devices 

• Champion security awareness and training programs for teammates and clinical staff 
• Promote a culture of accountability and shared responsibility for protecting patient and organizational data 

• Build, mentor, and lead a high-performing information security team 
• Establish clear goals, performance expectations, and professional development pathways 
• Foster collaboration across teams to drive security maturity and operational excellence 

• Deliver regular security updates, risk assessments, and actionable insights to executive leadership and the board 
• Translate complex technical risks into clear business impact and strategic recommendations 

• Collaborate with IT, Compliance, Legal, Risk, and operational leaders to embed security across all functions 
• Manage third-party/vendor risk and ensure strong external security practices 

• Deep knowledge of healthcare regulations (HIPAA, HITECH) and security frameworks (NIST, ISO/IEC 27001) 
• Experience in risk assessment, incident response, and security operations in complex environments 
• Strong understanding of EHR systems, medical device security, and healthcare technologies 
• Expertise in cloud security, identity & access management, and data protection strategies 
• Experience managing third-party/vendor security risk 

• 10+ years of progressive experience in information security (Required)
• 5+ years of leadership or management experience (Required)
• 3+ years of experience in a healthcare environment (Preferred)

• Bachelor’s degree in information security, Computer Science, Information Technology, or related field (required) 
• Master’s degree (preferred)

• CISSP – Certified Information Systems Security Professional 
• CISM – Certified Information Security Manager 
• HCISPP – Healthcare Information Security and Privacy Practitioner