Vice President of Cybersecurity - Healthcare Division

Position Summary

The Vice President of Cybersecurity - Healthcare Division provides strategic leadership and direction for the development, implementation, and continuous improvement of the Harris Healthcare division’s information security program. This individual is responsible for safeguarding corporate and customer data across all Healthcare Division business units, ensuring compliance with healthcare regulations, and reducing cybersecurity risk in alignment with organizational objectives. The Vice President of Cybersecurity - Healthcare Division will coordinate designated security points of contact within each business unit to ensure alignment with broader Corporate IT (CIT) security policies, standards, and procedures. This leader will hold each business unit accountable for adherence to CIT standards, best security practices, and applicable healthcare regulatory requirements, including HIPAA, HITECH, and other frameworks. The Vice President of Cybersecurity - Healthcare Division will foster a culture of shared responsibility for cybersecurity, privacy, and compliance throughout the enterprise.

Key Responsibilities

Strategic Leadership & Governance

- Develop, implement, and maintain a division-wide information security strategy and governance framework aligned with business goals, regulatory requirements, and corporate IT (CIT) policies.
- Coordinate with business unit security points of contact to ensure consistent implementation of CIT security policies, procedures, and controls.
- Establish accountability frameworks to ensure each business unit upholds CIT standards and demonstrates measurable adherence to information security and compliance objectives.                                                                                                                                    

- Ensure disaster recovery & business continuity plans are developed and implemented.
- Provide regular reporting to Healthcare Division leadership on security posture, risk exposure, and mitigation plans.

Policy, Risk, and Compliance Management

- Oversee risk assessments and drive remediation of identified security gaps.
- Ensure compliance with healthcare privacy and security regulations (HIPAA, HITECH, NIST 800-53, HITRUST, SOC 2, etc.), in collaboration with the Harris Privacy Officer, Governance risk and Compliance Committee, and compliance and legal.
- Oversee audits, certifications, and third-party assessments in coordination with BU, CIT, compliance and legal teams.
- Develop and maintain policies and standards for data protection, access control, and system hardening across all business units, aligned with Corporate IT (CIT) policy.

Security Operations and Incident Response

- Direct the Healthcare Division security operations function, including monitoring, detection, response, and recovery activities.
- Ensure each business unit maintains appropriate incident response procedures in alignment with corporate standards.
- Assist BUs in managing vendor relationships and security for third-party and cloud-based services.

Awareness, Culture, and Continuous Improvement

- Drive a culture of security awareness, shared responsibility, and continuous improvement throughout the organization.
- Deliver ongoing education and training programs for all staff and contractors.
- Continuously evaluate emerging threats and technologies to evolve the organization’s security posture proactively.

Qualifications

- Bachelor’s degree in Information Security, Computer Science, or related field (Master’s preferred).
- 10+ years of progressive experience in information security, including 5+ years in leadership roles.
- Experience within healthcare, health IT, or regulated software environments.
- Strong understanding of HIPAA, HITECH, SOC 2, HITRUST, NIST, and ISO 27001 frameworks.
- Proven experience aligning decentralized business units under a unified enterprise security program.
- Exceptional communication and leadership skills, with the ability to influence cross-functional teams and executive stakeholders.
- Relevant certifications preferred (CISSP, CISM, CHISSP, HCISPP, or similar).

Success Measures

- Demonstrated compliance across all business units with CIT security standards and healthcare regulations.
- Reduction in security incidents and audit findings.
- Consistent, measurable improvement in security awareness and risk posture across the organization.
- Strengthened coordination and accountability between Corporate IT and individual business units.