Director Information Security

The Director, Information Security holds primary responsibility for safeguarding the Care New England (CNE) computing environment. This includes securing systems across all CNE operating units, directing enterprise‑wide cybersecurity strategy, and ensuring compliance with HIPAA, PCI, and all applicable federal, state, local, and industry regulations.

The Director serves as the Chief Information Security Officer (CISO) for CNE, providing leadership in risk assessment, incident response, regulatory compliance, and cybersecurity governance. The role oversees information security tools, policies, vulnerability assessments, and monitoring systems; responds to security threats; leads mitigation activities; and collaborates closely with IS teams, Audit/Compliance, HR, Finance, and Legal.

This leader develops and manages the Information Security program, directs security staff, sets security standards, leads incident management, evaluates emerging technologies, manages vendor relationships, and ensures organizational readiness through education, training, and participation in business continuity and disaster recovery planning.

• Develop and maintain the enterprise Information Security Program.
• Establish protection goals, objectives, and metrics aligned with organizational strategy.
• Serve as the Chief Information Security Officer (CISO) for CNE.
• Coordinate with the Chief Privacy Officer to ensure compliant reporting of security incidents.
• Implement, manage, and maintain enterprise security systems and applications.
• Lead vulnerability assessments and ensure timely remediation.
• Oversee security incident response, forensic investigations, and threat mitigation efforts.
• Examine emerging technologies and assess their security implications.
• Lead ongoing risk assessment programs addressing information security and privacy.
• Ensure compliance with HIPAA, PCI, and applicable state and federal regulations.
• Develop and implement security policies, standards, guidelines, and procedures.
• Coordinate with IS teams, Audit/Compliance, HR, Finance, and Legal to align security efforts.
• Participate in disaster recovery and business continuity planning.
• Lead security education and awareness initiatives for staff across CNE.
• Manage security vendors responsible for operations, maintenance, and enhancements.
• Ensure vendor service delivery aligns with organizational security requirements and policies.
• Negotiate and manage contracts and service‑level agreements with external partners.
• Manage, mentor, and develop information security staff.
• Promote professional growth and maintain awareness of industry trends.
• Provide input on resource allocation and security budgeting.
• Maintain 24‑hour on‑call availability to support critical operational needs.
• Perform other job‑related duties as assigned.

Bachelor's Degree Required (computer science, MIS or related field)

Minimum of 7–10 years of progressive experience in information security, strong technical background in infrastructure, network security, firewalls, and cloud environments, experience conducting forensic investigations and managing enterprise security products.

Security certifications required: CISSP, GIAC, SANS, or similar. Audit certification preferred: CISA.

Participation in national and regional security organizations preferred.

• Deep knowledge of cybersecurity principles, threat landscapes, and protection technologies.
• Strong working knowledge of enterprise infrastructure, network security, firewalls, and cloud platforms.
• Expertise in vulnerability management, forensic investigation, risk assessment, and incident response.
• Ability to develop enterprise‑wide policies and governance frameworks.
• Strong communication skills for engaging executive leadership and cross‑functional stakeholders.
• Exceptional organization, analytical, and decision‑making abilities.
• Ability to manage technical teams and develop staff.
• Strong vendor management and contract negotiation skills.
• Ability to maintain confidentiality and uphold ethical and regulatory standards.

Care New England Health System (CNE) and its member institutions, Butler Hospital, Women & Infants Hospital, Kent Hospital, VNA of Care New England, Integra, The Providence Center, and Care New England Medical Group, and our Wellness Center, are trusted organizations fueling the latest advances in medical research, attracting top specialty‑trained doctors, and honing renowned services and innovative programs to engage in the important discussions people need to have about their health.

Care New England is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.

Employee conducts himself/herself consistent with the ethical standards of the organization including, but not limited to hospital policy, mission, vision, and values.

External and internal applicants, as well as position incumbents who become disabled must be able to perform the essential job‑specific functions either unaided or with the assistance of a reasonable accommodation, to be determined by the organization on a case‑by‑case basis.