• Develop and execute a long-term information security strategy aligned with organizational goals. • Build and maintain an enterprise security framework (NIST CSF, 405D, ISO 27001, HITRUST, etc.). • Advise executive leadership and the Board on security posture, threats, and mitigation plans. • Manage the information security budget and security technology investments. • Lead enterprise risk assessments and prioritize mitigation initiatives. • Ensure compliance with HIPAA/HITECH, GDPR, and other relevant data privacy regulations. • Oversee creation and enforcement of security policies, procedures, and standards. • Direct internal and external audit readiness and remediation (HITRUST, SOC 2, etc.). • Manage a robust vendor and third-party risk management program. • Lead security operations, including threat/vulnerability management, IAM, SIEM, and endpoint protection. • Oversee development and testing of Incident Response, Disaster Recovery, and Business Continuity plans. • Serve as executive incident manager during security events, breaches, and investigations. • Ensure security of EHR systems, medical devices, and clinical technologies. • Build and lead a strong GRC and SecOps team. • Drive organization-wide security awareness and training initiatives. • Partner with IT, Clinical Operations, Legal, HR, and other departments to embed security into systems and workflows.