Vice President, Chief Information Security Officer

**Careers With Purpose** **Sanford Health is one of the largest and fastest-growing not-for-profit health systems in the United States. We're proud to offer many development and advancement opportunities to our nearly 50,000 members of the Sanford Family who are dedicated to the work of health and healing across our broad footprint.** **Facility:** Stevens Center Building **Location:** Sioux Falls, SD **Address:** 900 East 54th St N, Sioux Falls, SD 57104, USA **Shift:** 8 Hours - Day Shifts **Job Schedule:** Full time **Weekly Hours:** 40.00 **Job Summary** The Vice President, Chief Information Security Officer (CISO) is responsible for the strategic leadership, vision, and execution of Sanford Health's enterprise-wide information security and cyber risk management programs. This role ensures the protection of patient, member, donor, customer, employee, and organizational data while enabling innovation, scalability, and agility across a rapidly growing healthcare system. The CISO is a key advisor to executive leadership and the Board, translating cyber risk into clinical and business impact and fostering a culture of shared accountability, resilience, and trust. Define and execute a forward-looking, risk-based information security strategy aligned with Sanford Health's growth, innovation, and M&A roadmap. Establish and maintain a comprehensive governance framework, including policies, standards, and risk appetite statements. Serve as a strategic advisor to executive leadership and the Board on cyber risk, resilience, and emerging threats. Lead the development of scalable, repeatable processes to support rapid integration of new entities and technologies. Oversee enterprise-wide information security risk management, including continuous risk assessments, mitigation strategies, and transparency of accepted risks. Partner with Compliance, Privacy, Legal, and Enterprise Risk to ensure alignment on regulatory requirements, audit readiness, and incident response. Maintain and evolve frameworks aligned with NIST, HICP, HIPAA, and other relevant standards. Implement cyber risk quantification models to support investment decisions and board-level reporting. Participate in the development of AI and emerging technology governance frameworks, ensuring secure and risk-aware adoption of AI, cloud, and quantum-resilient technologies. Build internal capacity to assess and secure new technologies rapidly and responsibly. Serve as a thought leader in healthcare cybersecurity, influencing industry policy and vendor ecosystems. Sponsor a robust enterprise-wide tabletop exercise and incident response program. Ensure strong delegation and operational execution across SOC, infrastructure, and application teams. Partner with Infrastructure, Applications, and Operations to drive joint disaster/event recovery, redundancy, and clinical/business continuity planning. Lead development of operational downtime procedures and resilience strategies. Establish and execute a comprehensive identity and access management strategy. Advance data governance capabilities, including PHI inventory, data lineage, and privacy-by-design. Strengthen third-party and vendor risk management, including non-IT sourced technologies and medical device ecosystems. Foster a culture of security as an enabler of innovation and care delivery. Develop a future-focused talent strategy, addressing skill gaps, continuous education, emerging skill assessments, and succession planning. Lead a modern, engaging security awareness and education program for all levels and demographics of the organization. Communicate effectively with technical and non-technical audiences, including board-level storytelling and executive influence. Lead Sanford's cyber insurance planning, including policy negotiation, risk transfer modeling, and alignment with enterprise risk management. Serves as Sanford Health's designated Information Security Officer under HIPAA. Expected to represent Sanford Health in industry consortiums, regulatory forums, and public-private partnerships. Bachelor’s degree required. Master’s degree is preferred. Minimum of 10 years of progressive leadership in information security or related technical disciplines, with experience in large, complex healthcare or regulated environments. Demonstrated expertise in cybersecurity strategy, risk management, governance, and regulatory compliance. Strong understanding of healthcare operations, data privacy, and digital transformation. Recognized industry certifications (e.g., CHISSP, CISSP, CISM, HCISPP) preferred. **Qualifications** Bachelor’s degree required. Master’s degree is preferred. Minimum of 10 years of progressive leadership in information security or related technical disciplines, with experience in large, complex healthcare or regulated environments. Demonstrated expertise in cybersecurity strategy, risk management, governance, and regulatory compliance. Strong understanding of healthcare operations, data privacy, and digital transformation. Recognized industry certifications (e.g., CHISSP, CISSP, CISM, HCISPP) preferred. **Benefits** Sanford offers an attractive benefits package for qualifying full-time and part-time employees. Depending on eligibility, a variety of benefits include health insurance, dental insurance, vision insurance, life insurance, a 401(k) retirement plan, work/life balance benefits, and a generous time off package to maintain a healthy home-work balance. For more information about Total Rewards, visit https://sanfordcareers.com/benefits . Sanford is an EEO/AA Employer M/F/Disability/Vet. If you are an individual with a disability and would like to request an accommodation for help with your online application, please call 1-877-673-0854 or send an email to talent@sanfordhealth.org . Sanford has a Drug Free Workplace Policy. An accepted offer will require a drug screen and pre-employment background screening as a condition of employment. **Req Number:** R-0255843 **Job Function:** Leadership **Featured:** No