Healthcare Senior Information Security Officer

A hospital system in Washington DC is looking to hire a permanent SISO to support their team. This position is fully onsite, M-F, in Washington DC.

Requirements

• Bachelor's degree in Cybersecurity, Information Systems, Computer Science, Engineering, or related field

• 8+ years of progressively responsible experience in information security or cybersecurity

• Experience supporting regulated healthcare environments and PHI

• Deep knowledge of HIPAA, HITECH, NIST CSF, NIST 800-53/171, and healthcare cybersecurity frameworks

• Knowledge of federal and state healthcare privacy and security regulations

• Ability to obtain and maintain a security clearance, if required

Overview: Insight Global is seeking a Senior Information Security Officer (SISO) to provide strategic leadership, governance, and operational oversight for cybersecurity across healthcare systems and clinical applications. This role is responsible for protecting Protected Health Information (PHI) and other regulated data while supporting clinical operations, patient safety, and enterprise risk management. Operating within a complex hospital environment that includes EHR systems, clinical workflows, medical devices, and cloud platforms, the SISO ensures compliance with HIPAA, HITECH, NIST frameworks, and applicable federal and state regulations. The role influences the enterprise security posture within healthcare domains and acts as a trusted advisor to clinical and administrative leadership.

Responsibilities:

• Develop, implement, and maintain cybersecurity policies, standards, and procedures aligned with healthcare regulations

• Oversee risk assessments, vulnerability management, and continuous monitoring across clinical and administrative environments

• Lead incident response efforts, ensuring rapid containment and recovery while minimizing impact on patient care

• Ensure effective identity, access management, logging, and system hardening practices

• Partner with IT, clinical engineering, and compliance teams to secure: EHR platforms, Medical devices, Cloud-based healthcare applications

• Coordinate cybersecurity readiness for: HIPAA audits, Internal audits, Federal sponsor reviews, Accreditation processes

• Develop and maintain security documentation, including System Security Plans (SSPs) and risk mitigation artifacts

Pay: Starting at $120k (Based on experience, education, certifications)