Director of Information Security & Risk

Director of Information Security & Risk Children's Hospital Association - 3.9 Lenexa, KS Job Details $113,000 - $204,000 a year 21 hours ago Benefits Wellness program Paid parental leave Health savings account Paid holidays Health insurance Dental insurance Paid time off Parental leave Vision insurance Qualifications Data encryption Cloud identity and access management (IAM) Regulatory compliance Cloud-based systems Risk management IT services information & network security IT Senior leadership Full Job Description Director of Information Security & Risk Lenexa, KS Join us in shaping a healthier future for kids. At Children's Hospital Association, we unite more than 200 member hospitals to put children first—advancing care, informing policy, and driving progress together. Where You'll Work This position is based in our Lenexa, KS office. We leverage a hybrid working model working three days in the office, two days optional remote work. What You'll Do The Director of Information Security & Risk is a senior strategic leader responsible for overseeing, securing, and continuously advancing the organization's enterprise information security program. This role provides governance and risk leadership across the organization, with a strong focus on risk management frameworks, security governance and controls, protection of cloud-based data assets, and securing AI/ML systems and data analytics pipelines. Owns the design, scalability, and maturity of the enterprise security program, ensuring the protection of sensitive information, compliance with regulatory and contractual requirements, and the secure growth of cloud-based platforms, products, and services. Develop and execute a multi-year information security and risk management strategy aligned with organizational objectives, regulatory regulations, and recognized security frameworks. Oversee the development, implementation, and maintenance of the enterprise security policy, standards, guidelines, and procedures. Translate legal, regulatory, and contractual requirements into enforceable technical security standards. Draft and enforce the Enterprise Information Security Policy (EISP) framework, ensuring it evolves alongside AI advancements and Cloud scale. Lead enterprise risk assessments, identifying and mitigating security risks associated with data analytics (Enterprise & Member Facing data), third-party cloud vendors, and new technology adoption. Proposes security policies, procedures, initiatives, and standards specific to regulatory compliance, loss and fraud prevention, and breach prevention in both security and privacy. Lead the strategy for securing hybrid/cloud environments and AI/ML model security, including training data protection and model inference monitoring. Oversee data governance, classification, and secure data-sharing models for enterprise data platforms. Manage annual compliance audits (SOC 2 Type II and NIST risk audit). Identifies and addresses exposures to accidental or intentional destruction, disclosure, modification, or interruption of information that may cause regulatory compliance issues or serious financial and/or information loss. Creates and maintains security system architecture design documentation. Stays current on new IT security trends and understands potential threats and control techniques Identify risks across the technology stack and lead incident response teams to detect, analyze, and mitigate threats. Understands business needs, security risks and the company's risk tolerance and balance between them in a way that ensures business continuity and regulatory compliance. Manage security operations, including 24x7 monitoring, threat detection, and incident response, leading post-incident forensics and remediation. Coordinates active penetration tests; discovers vulnerabilities in information systems and identifies and implements solutions to resolve them. Provide enterprise leadership by partnering with IT, business, legal, and risk stakeholders to embed Security by Design across cloud, AI, and analytics development lifecycles. Develop and manage the information security budget, ensuring effective prioritization, scalability, and efficient use of resources. Communicate security strategy, risk posture, and performance metrics to executive leadership through regular updates and dashboards. Lead organization-wide security awareness and training programs to foster a strong culture of security and shared accountability. What You'll Bring to CHA Any combination of education and experience providing the required skill and knowledge is qualifying. Bachelor's degree in computer science, Information Security, or related field. Minimum 8 years in IT/Cybersecurity, with 3-5+ years in leadership roles within a SaaS, cloud-native, or technology-driven environment. Strong understanding of data protection and privacy principles, risk management, and security compliance expectations. Extensive experience with AWS or Azure security, IAM, data encryption, and network security. Knowledge of risks related to AI/ML development pipelines and big data infrastructure. Deep understanding of relevant security and privacy frameworks and requirements (e.g., HIPPA, HITRUST, HITECH, NIST, ISO 27001, SOC 2, and applicable privacy regulations). CISSP, CISM, or CCSP certifications are highly preferred.

Our Perks and Benefits:

Competitive total compensation package Medical, dental and vision insurance Retirement Savings program with generous company contribution Hybrid working model Health Savings Account with company contribution Wellness program Paid time off and personal days 9 paid holidays Paid Parental Leave And more! More About CHA This pay range shown is a guideline.

Min:

$113,000

Max:

$204,000 Compensation is based on factors such as qualifications, skill level, and competencies; compensation is based on the role's location and is subject to change based on work location. Diversity, Equity and Inclusion CHA is committed to advancing diversity, equity and inclusion within our organization, our membership, the care delivery of children's hospitals and their communities and through the federal policymaking environment. With children's hospitals we strive to ensure organizational cultures where everyone feels valued and actively participates in the mission of our organizations. Racism stands firmly in the way of improving children's health. We remain vigilant in our quest for a diverse and inclusive community and in standing against racism and discrimination wherever it exists. Equal Opportunity Employer All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin, and protected veteran status, or disability status. Visa sponsorship is not available for this position.