At ScionHealth, we empower our caregivers to do what they do best. We value every voice by caring deeply for every patient and each other. We show courage by running toward the challenge and we lean into new ideas by embracing curiosity and question asking. Together, we create our culture by living our values in our day-to-day interactions with our patients and teammates.

Job Summary

The Vice President, Chief Technology and Information Security Officer provides executive leadership for the organization's enterprise technology environment and information security program. Reporting to the Chief Information Officer, this role is responsible for developing and advancing enterprise technology architecture, infrastructure, cybersecurity strategy, information security governance, and disaster recovery capabilities in support of clinical, operational, and business priorities. This role partners closely with Information Technology, compliance, legal, privacy, clinical, and operational leaders to ensure the organization's technology platforms are scalable, resilient, secure, and aligned with enterprise goals. The Vice President, Chief Technology and Information Security Officer leads the development and execution of enterprise security strategy, cyber risk management, infrastructure standards, and technical modernization efforts while ensuring appropriate controls are in place to protect systems, networks, applications, and data. This role serves as a key member of the IT executive leadership team and as the senior leader responsible for technology risk, security posture, and core technical services across the enterprise.

Essential Functions

• Develops and executes enterprise technology and information security strategies aligned with organizational priorities, regulatory requirements, and risk tolerance.
• Leads enterprise cybersecurity and information security programs, including governance, policies, standards, controls, and ongoing maturity improvement.
• Provides executive oversight for enterprise infrastructure, cloud technologies, network services, platform engineering, endpoint strategy, identity and access management, and core technical operations.
• Establishes and maintains enterprise security architecture and technical standards to support scalability, resilience, interoperability, and protection of organizational assets.
• Directs cyber risk assessment processes and partners with executive leadership to prioritize remediation activities and security investments.
• Oversees security operations, threat monitoring, vulnerability management, penetration testing, incident response, and recovery planning.
• Leads the organization’s business continuity and disaster recovery strategies for enterprise systems and critical technology services.
• Partners with compliance, legal, privacy, and internal audit leaders to support compliance with HIPAA, HITECH, and other applicable regulatory, privacy, and security requirements.
• Ensures security and technical controls are incorporated into enterprise systems, third-party technologies, and new digital initiatives from design through implementation.
• Provides executive oversight for technology-related risk management, including third-party security assessments and ongoing vendor risk monitoring.
• Advises the CIO and senior leadership on emerging technology risks, threat landscape trends, infrastructure investments, and opportunities to strengthen enterprise capabilities.
• Establishes and monitors KPIs, KRIs, SLAs, and performance measures related to infrastructure reliability, cybersecurity effectiveness, service resilience, and operational efficiency.
• Supports enterprise governance processes related to technology architecture, cybersecurity, technical standards, investment prioritization, and vendor management.
• Ensures compliance with healthcare regulations, privacy standards, security requirements, and internal policies.
• Assists in development and management of enterprise IT budgets, capital planning, and cost-optimization initiatives for assigned functions.
• Evaluates vendor performance and supports contract negotiations and strategic sourcing decisions related to technology and security services.
• Leads, mentors, and develops senior technical and security leaders and high-potential talent across assigned functions.
• Promotes a culture of accountability, collaboration, innovation, service excellence, and continuous improvement.
• Drives enterprise awareness, change management, and communication strategies related to technology modernization and information security practices.

Knowledge/Skills/Abilities/Expectations

• Strong understanding of enterprise infrastructure, cybersecurity frameworks, information security controls, and modern technology architecture.
• Demonstrated ability to align technology and security strategy with business and clinical objectives.
• Strong knowledge of healthcare information systems, privacy requirements, and regulatory expectations.
• Executive-level communication, influence, and stakeholder management skills.
• Ability to assess and communicate complex technical and cyber risks in business terms.
• Financial acumen with experience managing large operating and capital budgets.
• Proven change-management and organizational leadership capabilities.
• Ability to balance strategic vision with hands-on operational oversight.

Education

• Bachelor’s Degree in Information Technology, Computer Science, Healthcare Administration, Business Administration, or related field (Required)

• Master’s Degree in related field (Preferred)

Licenses/Certifications

• Other: CISSP, CISM, CISA, CRISC, CCSP, or other relevant industry certification (Preferred)

Experience

• 10+ years progressive leadership experience in Information Technology, Cybersecurity, or related technical functions, including senior-level responsibility within a large, complex, multi-site organization (Required)
• Prior Experience leading enterprise cybersecurity programs, infrastructure operations, technology architecture, or major technical transformation initiatives (Required)
• Prior Experience with information security governance, incident response, business continuity, disaster recovery, and regulatory compliance (Required)
• Prior Experience in the healthcare industry (Preferred)