Job Description

The Vice President of Information Security & Risk Management is responsible for developing, operationalizing, and overseeing the execution of the enterprise information security and compliance program, ensuring alignment with organizational risk tolerance, regulatory requirements, and business objectives.

This role serves as the primary bridge between enterprise strategy and operational execution, overseeing security governance, compliance programs, and enterprise incident response while leading cross-functional engagement with executives, clients, and external stakeholders.

JOB RESPONSIBILITIES

ESSENTIAL FUNCTIONS

• Develop and operationalize the organization’s information security strategy, ensuring alignment with business priorities
• Translate strategic objectives into measurable programs, initiatives, and controls across the enterprise
• Establish performance metrics (KPIs/KRIs) to evaluate security posture and program effectiveness
• Oversee the enterprise information security compliance program, including HIPAA Security Rule alignment and internal compliance requirements
• Direct security governance frameworks, policies, and standards
• Ensure consistent implementation and monitoring of controls across the organization
• Provide oversight of audit readiness, regulatory responses, and remediation strategies
• Oversee enterprise incident response governance, ensuring consistent processes for escalation, communication, and mitigation
• Coordinate executive-level communications during security incidents
• Ensure alignment between operational response teams and executive decision-making
• Provide leadership oversight of security operations through Director-level teams
• Ensure execution of core security functions, including threat monitoring, vulnerability management, and risk mitigation
• Drive accountability for operational performance and program delivery
• Lead major client, partner, and vendor security engagements, including security reviews and contractual security discussions
• Serve as a key representative for security posture in customer and partner interactions
• Collaborate with Legal, Compliance, and IT to ensure alignment on risk acceptance and mitigation strategies
• Lead and develop information security leadership (Directors, Managers)
• Establish organizational structure, priorities, and resource planning for the security function
• Promote a culture of accountability, risk awareness, and continuous improvement

NON-ESSENTIAL FUNCTIONS

• Work with other departments within PathGroup and subsidiaries.
• Nothing in the job description restricts management’s right to assign or reassign duties and responsibilities to this job at any time.
• Other duties as assigned.

Qualifications

EDUCATION & LICENSURE:

• Bachelor’s degree in Cybersecurity, Information Technology, or related discipline
• Certifications such as CISSP, CISM, CISA, or HITRUST CCSFP

EXPERIENCE:

• 10+ years of progressive experience in information security, with leadership responsibility
• Strong experience in healthcare regulatory environments (HIPAA, HITECH)
• Proven ability to operate at both strategic and operational levels
• Experience leading enterprise security programs in healthcare or regulated environments