Director, IT Security - Full Time, Days (Remote)

Remote

Vail Health has become the world’s most advanced mountain healthcare system. Vail Health consists of an updated 520,000-square-foot, 56-bed hospital. This state-of-the-art facility provides exceptional care to all of our patients, with the most beautiful views in the area, located centrally in Vail. Learn more about Vail Health here .

Some roles may be based outside of our Colorado office (remote-only positions). Roles based outside of our primary office can sit in any of the following states: AZ, CO, CT, FL, GA, ID, IL, KS, MA, MD, MI, MN, NC, NJ, OH, OR, PA, SC, TN, TX, UT, VA, WA, and WI. Please only apply if you are able to live and work primarily in one of the states listed above. State locations and specifics are subject to change as our hiring requirements shift.

ABOUT THE OPPORTUNITY

The Director of IT Security / Chief Information Security Officer (CISO) is responsible for developing, implementing, and maintaining the organization’s information security program to ensure the confidentiality, integrity, and availability of all digital assets, including electronic protected health information (ePHI). This role serves as the HIPAA Security Officer and leads enterprise cybersecurity efforts, risk management, incident response, and security governance. The CISO partners with clinical, operational, and IT leadership to align security with business and patient care objectives while ensuring compliance with regulatory requirements and safeguarding against evolving cyber threats.

WHAT YOU WILL DO:

· Serves as the Director of IT Security / Chief Information Security Officer (CISO), ensuring compliance with all privacy and security regulations.

· Leads and mentors a team of security professionals, fostering growth, accountability, and operational excellence.

· Develops and maintains the enterprise cybersecurity strategy aligned with healthcare-specific risks.

· Leads security governance, risk management, and compliance (GRC) programs across the organization.

· Performs regular risk assessments and manages mitigation plans to protect electronic protected health information (ePHI).

· Oversees security operations, incident response, threat detection, and vulnerability management.

· Partners with IT, clinical, and business leadership to embed security into all technology initiatives.

· Develops and enforces security policies, procedures, and training to promote a strong security culture.

· Manages third-party security risks, including vendor assessments and contractual security requirements.

· Leads response and recovery for cybersecurity incidents, including coordination with legal and compliance.

· Provides executive leadership with regular reporting on cybersecurity posture, risks, and remediation status.

· Models the principles of a Just Culture, Organizational Values, and Leadership Competencies.

· Performs other duties as assigned. Must be HIPAA compliant.

WHAT YOU WILL NEED:

Experience:

• Minimum of 7 years of progressive experience in information security, with at least 3 years in a leadership or senior management role.
• Demonstrated experience developing and leading enterprise-wide cybersecurity programs in regulated environments, preferably healthcare.
• Hands-on experience with risk management frameworks (e.g., NIST, HITRUST) and HIPAA security compliance.
• Proven track record managing security operations, incident response, and vulnerability management.
• Experience collaborating with executive leadership, legal, compliance, and clinical stakeholders to align security with business and patient care priorities.
• Strong background in vendor risk management, contract security reviews, and third-party assessments.
• Prior experience leading security audits, risk assessments, and regulatory readiness activities.

Licenses:

• N/A

Certification(s):

• Current Industry Certification such as Certified Information Systems Security Professional (CISSP) by the International Information Systems Security Certification Consortium (ISC²) required.
• Certified Health Information Security Leader (CHISL) certification preferred

Computer/Typing:

Must possess, or be able to obtain within 90 days, the computer skills necessary to complete online learning requirements for job-specific competencies, access online forms and policies, complete online benefits enrollment, etc.

Must have working knowledge of the English language, including reading, writing, and speaking English.

Education:

• Bachelor's degree required. Preferred degree in Information Services or Information Technology. MBA highly desired

The posted salary range for this position applies to Colorado and may be adjusted based on geographic location. Vail Health considers a variety of factors in making compensation decisions, including but not limited to experience, education, licensure and/or certifications, geographic location, market demand and other business and organizational needs.

Benefits at Vail Health (Full Time) Include:

• Competitive Wages & Family Benefits:
  • Competitive wages
  • Parental leave (4 weeks paid)
  • Housing programs
  • Childcare reimbursement
• Medical
• Vision
• Educational Programs:
  • Tuition Assistance
  • Existing Student Loan Repayment
  • Specialty Certification Reimbursement
  • Annual Supplemental Educational Funds
• Paid Time Off:
  • Up to five weeks in your first year of employment and continues to grow each year.
• Retirement & Supplemental Insurance:
  • 403(b) Retirement plan with immediate matching
  • Life insurance
  • Short and long-term disability
• Recreation Benefits, Wellness & More:
  • Up to $1,000 annual wellbeing reimbursement
  • Recreation discounts
  • Pet insurance

Pay is based upon relevant education and experience per year.

Yearly Pay:

$123,884.80 - $176,987.20 USD

Create a Job Alert

Interested in building your career at Vail Health Hospital? Get future opportunities sent straight to your email.

Accepted file types: pdf, doc, docx, txt, rtf

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

Education

School Select...

Degree Select...

Select...

Select...

Start date year

End date month Select...

End date year

Preferred Name *

What state do you currently reside in? * Select...

Have you ever been employed by Vail Health? * Select...

If you were referred by a Vail Health employee, please provide name.

How many years of relative work experience do you have? * Select...

Please indicate which domains you have a background in from this list:Application Security,Security products and technologies,Security engineering,Networking protocols and data center,Security analysis and investigations,Risk assessment and management *

How many years of experience do you have in a manager or senior manager role? *

Do you possess an industry certification such as the Certified Information Systems Security Professional (CISSP)? *

Do you possess the Certified Health Information Security Leader (CHISL) certification? * Select...

Do you have hands-on experience with risk management frameworks (e.g., NIST, HITRUST) and HIPAA security compliance? * Select...

Do you have healthcare-specific IT security experience? * Select...

A Bachelor's degree is required for this position. Please indicate if you have this degree. * Select...

What is your notice period? * Select...

Desired Annual Pay *

Do you consent to communication by text message regarding your application? * Select...

Will you require visa sponsorship now or in the future? * Select...

If hired, can you provide proof of your authorization to work in the United States? * Select...

Read carefully and acknowledge. *

I acknowledge.

I certify that all the information provided in this employment application is true and complete. I understand that any false information or omission may disqualify me from further consideration for employment and may result in my dismissal if discovered at a later date. I understand that Vail Health may request an investigative consumer report from a consumer reporting agency. I understand I have the right to make a written request within a reasonable time for the disclosure of the name and address of the consumer reporting agency so that I may obtain a complete disclosure of the nature and scope of the investigation. Vail Health may request information as to my character, reputation, personal characteristics and mode of living from my neighbors, friends, former employers, school and other. I authorize that investigation of any or all statements contained in this application and also authorizes whether listed or not, any person, school, current employers (except as previously noted), past employers and organizations to provide relevant information and opinions that may be useful in making a hiring decision. I consent to the release of any or all medical information as may be deemed necessary to judge my capability to do the work for which I am applying. I agree to immediately disclose to Vail Health any debarment, suspension, exclusion, conviction of a criminal offence, or other event that may make me ineligible to participate in federally funded healthcare programs. I understand and I will be required to successfully pass a drug screening examination. I hereby consent to a drug screening as a condition of employment.

I UNDERSTAND THAT THIS APPLICATION OR SUBSEQUENT EMPLOYMENT DOES NOT CREATE A CONTRACT OF EMPLOYMENT NOR GUARANTEE EMPLOYMENT FOR ANY DEFINITE PERIOD OF TIME. IF EMPLOYED , I UNDERSTAND THAT I HAVE BEEN HIRED AT THE WILL OF VAIL HEALTH OR ONE OF ITS OUTREACH FACILITIES AND MY EMPLOYMENT MAY BE TERMINATED AT ANY TIME, WITH OUT WITHOUT CAUSE AND WITH OR WITHOUT NOTICE.