Vice President, ACM Information Security, CISO
$220k - $250kRound Rock ISD
Position Summary
The Vice President, ACM Information Security; CISO leads the enterprise-wide information security and cyber risk management program for ACM. This role ensures that all information assets-technology, applications, systems, infrastructure, and processes-are protected across the digital ecosystem, and identifies, evaluates, and reports on legal, regulatory, IT, and cybersecurity risks while enabling business objectives.
The position safeguards the confidentiality, integrity, and availability of data and systems supporting R&D, clinical trials, manufacturing, supply chain, regulatory submissions, and commercial operations. It protects high-value research assets, clinical development systems, proprietary algorithms, and sensitive partner data, while enabling rapid innovation, collaboration, and compliance.
Operating in a highly regulated environment, the VP, ACM Information Security; CISO balances cybersecurity with clinical trial needs, innovation, speed to market, and patient safety.
Key Responsibilities
Strategic Leadership & Governance
EDUCATION: LICENSES / CERTIFICATIONS: PHYSICAL REQUIREMENTS:
L - Light Work - Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force frequently, and/or a negligible amount of force constantly; requires occasional walking, standing or squatting. For disease specific care programs refer to the program specific requirements of the department for further specifications on experience and educational expectations, including continuing education requirements. Any physical requirements reported by a prospective employee and/or employee's physician or delegate will be considered for accommodations. PAY RANGE:
$220,000.00 - $250,000.00 CITY: Rochester POSTAL CODE: 14624 The listed base pay range is a good faith representation of current potential base pay for a successful full time applicant. It may be modified in the future and eligible for additional pay components. Pay is determined by factors including experience, relevant qualifications, specialty, internal equity, location, and contracts. Rochester Regional Health is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex (including pregnancy, childbirth, and related medical conditions), sexual orientation, gender identity or expression, national origin, age, disability, predisposing genetic characteristics, marital or familial status, military or veteran status, citizenship or immigration status, or any other characteristic protected by federal, state, or local law.
The Vice President, ACM Information Security; CISO leads the enterprise-wide information security and cyber risk management program for ACM. This role ensures that all information assets-technology, applications, systems, infrastructure, and processes-are protected across the digital ecosystem, and identifies, evaluates, and reports on legal, regulatory, IT, and cybersecurity risks while enabling business objectives.
The position safeguards the confidentiality, integrity, and availability of data and systems supporting R&D, clinical trials, manufacturing, supply chain, regulatory submissions, and commercial operations. It protects high-value research assets, clinical development systems, proprietary algorithms, and sensitive partner data, while enabling rapid innovation, collaboration, and compliance.
Operating in a highly regulated environment, the VP, ACM Information Security; CISO balances cybersecurity with clinical trial needs, innovation, speed to market, and patient safety.
Key Responsibilities
Strategic Leadership & Governance
- Facilitate an ACM information security governance structure through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.
- Define and execute the enterprise information security strategy and roadmap aligned with business objectives and regulatory obligations
- Provide regular reporting on the current status of the information security program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes.
- Ensure that IT security requirements are included in vendor contracts by liaising with vendor management and procurement organizations.
- Create and manage a targeted information security awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences.
- Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management.
- Serve as executive advisor on cyber risk to ACM's Executive Leadership Team (ELT)
- Establish security governance, policies, standards, and metrics across global operations
- Lead security investment planning and budgeting
- Develop an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensure senior stakeholder buy-in and mandate.
- Develop, implement and monitor a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization.
- Develop and enhance an up-to-date information security management framework based on ISO 27001.
- Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations.
- Develop and maintain a document framework of continuously up-to-date information security policies, standards and guidelines. Oversee the approval and publication of these information security policies and practices.
- Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection of information assets.
- Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the information security, and review it with stakeholders at the executive and board levels.
- Ensure compliance with regulations and standards, including;
- ISO 27001
- NIST, HIPAA, SOC 2, PCI
- FDA (21 CFR Part 11)
- GxP (GMP, GLP, GCP)
- HIPAA / HITECH
- GDPR and global privacy laws
- Partner with Quality, Regulatory Affairs, and Legal to support audits and inspections
- Oversee data integrity and validation controls for regulated systems
- Safeguard research data, clinical trial data, patient data, software development, manufacturing IP, and trade secrets
- Implement data classification, encryption, and access control strategies
- Oversee secure collaboration with CROs, CMOs, research partners, and academia
- Identify, assess, and mitigate cyber risks across IT, OT, cloud, and laboratory environments
- Oversee and provide continuous status updates regarding ACM's vulnerability management, penetration testing, and threat intelligence and related remediation efforts
- Oversee ACM's vulnerability management, penetration testing, and threat intelligence efforts
- Work collaboratively with RRH IT to establish and oversee incident response, breach management, and cyber resilience programs
- Work collaboratively with RRH IT to coordinate with law enforcement and regulators in the event of security incidents
- Develop cyber resilience and business continuity capabilities
- Guide secure implementation of cloud platforms, AI/ML, digital labs, IoT/OT, and data platforms
- Ensure security-by-design across system development and validation lifecycles
- Oversee identity and access management, zero trust architecture, endpoint security, network security, and SOC operations
- Embed security into SDLC and system validation processes
- Develop and enforce third-party risk management programs for vendors, CROs, CMOs, and SaaS providers
- Assess cyber risks in manufacturing, logistics, and distribution partners
- Support secure onboarding and continuous monitoring of partners
- Create a risk-based process for the assessment and mitigation of any information security risk in your ecosystem consisting of supply chain partners, vendors, consumers and any other third parties
- Work with the ACM QA staff to ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy
- Collaborate and liaise with the ACM's data privacy officer and RRH IT security to ensure that data privacy requirements are included where applicable
- Define and facilitate the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings
- Ensure that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines
- Oversee technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk
- Working collaboratively with RRH IT Security leadership, coordinate the management and containment of information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation
- Working with RRH IT, monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action
- Working with the RRH CISO, coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support and in-house consulting in these areas
- Facilitate and support the development of asset inventories, including information assets in cloud services (manage by ACM, RRH or 3rd parties)
- Build and lead a high-performing global information security organization
- Develop talent, succession planning, and security culture across the enterprise
- Promote security awareness training tailored to scientists, engineers, and business users
- Working closely with the RRH IT CISO and IT security leaders, develop a collaborative, virtual expanded IT security team best support the ACM organization
- Create the necessary internal networks among the information security team and line-of-business executives, corporate compliance, audit, physical security, legal and HR management teams to ensure alignment as required.
- Build and nurture external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks.
- Liaise with external agencies/regulators and clients, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies and clients.
- Related Master's degree in related field or MBA preferred
- Demonstrated success managing global security programs in complex, regulated environments
- Demonstrated experience managing / ensuring IT cloud security
- ISO 27001 Lead Implementer/Auditor
- Proven experience (5+ years) in global life sciences, biotech industries
- Proven experience developing / managing ISO 27001 compliant IT security framework
- Cloud security certifications (AWS, Azure, GCP)
- Deep understanding of life sciences / biotech regulatory environments (global environments)
- Proven ability to partner with and manage service providers to ensure compliance with organizational expectations
- Significant experience /knowledge building IT security frameworks compliant with the following regulations / standards:
- FDA (21 CFR Part 11)
- GxP (GMP, GLP, GCP)
- ISO 27001, NIST
- HIPAA / HITECH
- GDPR and global privacy laws
- SOC 2, PCI
- Advanced troubleshooting and analytical skills
- Strong communication and cross-functional collaboration abilities
- High attention to detail and commitment to system reliability
- Ability to manage multiple complex initiatives simultaneously
- Strong communication skills / strong executive communication and board-level presentation skills
- Risk-based decision-making and business acumen
- Experience balancing innovation with compliance and patient safety
- Up-to-date knowledge of IT security methodologies and trends in both business and IT
- Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment
- Project management skills: financial/budget management, scheduling and resource management
- Engagement and collaboration with service providers
- Bachelor's degree in Computer Science, Information Security, Engineering, or related field
- 10 years in information security, with 5 years in senior IT security leadership roles
- 5 years of experience in global life sciences, biotech industries
- CISSP or CISM or CISA
EDUCATION: LICENSES / CERTIFICATIONS: PHYSICAL REQUIREMENTS:
L - Light Work - Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force frequently, and/or a negligible amount of force constantly; requires occasional walking, standing or squatting. For disease specific care programs refer to the program specific requirements of the department for further specifications on experience and educational expectations, including continuing education requirements. Any physical requirements reported by a prospective employee and/or employee's physician or delegate will be considered for accommodations. PAY RANGE:
$220,000.00 - $250,000.00 CITY: Rochester POSTAL CODE: 14624 The listed base pay range is a good faith representation of current potential base pay for a successful full time applicant. It may be modified in the future and eligible for additional pay components. Pay is determined by factors including experience, relevant qualifications, specialty, internal equity, location, and contracts. Rochester Regional Health is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex (including pregnancy, childbirth, and related medical conditions), sexual orientation, gender identity or expression, national origin, age, disability, predisposing genetic characteristics, marital or familial status, military or veteran status, citizenship or immigration status, or any other characteristic protected by federal, state, or local law.
Vacancy posted 4 days ago
Similar jobs that could be interesting for youBased on the Vice President, ACM Information Security, CISO in United States vacancy
- ...VP, Chief Information Security Officer (CISO) Job Category : Officer Requisition Number : CHIEF003580 Full-Time Locations Sarasota Home Office Sarasota, FL 342408424, USA Description We are seeking a strategic and experienced Chief Information Security Officer (CISO)...SuggestedFull timeWork at officeLocal areaHome office
$260.5k - $325.6k
...Vice President & Chief Information Security Officer Welcome to Planet. We believe in using space to help life on Earth. Planet designs, builds, and... ...Vice President and Chief Information Security Officer (CISO), you will serve as a key executive and thought leader...SuggestedFull timeTemporary workWork experience placementWork at officeLocal areaRemote workWorldwideHome officeShift work3 days per week$200k - $240k
...Vice President, Infrastructure & Chief Information Security Officer (CISO) Location: Houston, TX or Tampa, FL (Hybrid) or Remote Salary Range: $200,000 - $240,000 Reports To: Chief Information Officer (CIO) Role Overview As the VP of Infrastructure & CISO...SuggestedRemote workFlexible hours- ...Job Title: Chief Information Security Officer (CISO) Location: Houston, TX (On-Site) Type: Full-Time About Us: Our Client is a leading provider specializing in laboratory testing services, dedicated to delivering accurate, timely, and high-quality...SuggestedFull timeRemote work
$120k - $187.5k
About the job Who We Are Looking For The VP, Information Security Officer, provides cyber risk management advisory services across all lines of business within State Street. This role is responsible for working closely with the development teams and aligned cybersecurity...SuggestedTemporary work- ...Chief Information Security Officer (CISO) Location: Wall Township, NJ (Hybrid) Employment Type: Full-Time Security Requirement: U.S. Person Required | Public Trust Eligible About the Opportunity JFR Staffing is partnering with a rapidly growing SaaS technology...Full time
$180k - $220k
...Deputy Chief Information Security Officer RK&K is seeking a Deputy Chief Information Security Officer to lead the development and execution... ...Reporting directly to the Chief Information Officer, the Deputy CISO will be responsible for all cybersecurity operations, cyber...Contract workRemote work- ...The Reinalt-Thomas Corporation is seeking a Chief Information Security Officer (CISO) to oversee enterprise-wide cybersecurity and risk management strategies. As a critical leadership role, the CISO will be responsible for protecting corporate information systems and...
- ...the Kore.ai team and help companies of all sizes simplify the adoption of advanced AI solutions responsibly. Chief Information Security Officer (CISO), Global Delivery OVERVIEW: We are looking for a Chief Information Security Officer (CISO), Delivery who...Full timeWorldwide
- ...The Security Executive Council is seeking a Chief Information Security Officer (CISO) in Chicago, Illinois. The CISO leads the information security strategy, ensuring the protection of sensitive data and compliance with regulatory standards. This role involves advising...
$151.3k - $264.8k
...cybersecurity program, ensuring alignment with CISO strategy, risk tolerance, and business... ..., and leadership maturity across the security organization. * Nurture a collaborative,... ...employee. We take your privacy very seriously and confidentially handle your information....Minimum wageFlexible hours- Viavi Solutions Inc. is seeking a Senior Director, IT Security (CISO) to lead the global information security program. This role involves defining and executing the company’s cybersecurity strategy, advising on cyber resilience, and transforming security programs within...
- ...Career Opportunities: Chief Information Security Officer (CISO) (5967) Requisition ID 5967 -Posted - Permanent Contract Be part of a new era in communications, transforming connectivity with Eutelsat – the world’s first GEO-LEO integrated global satellite operator. As...Permanent employmentContract workFor subcontractorRemote workWork from homeFlexible hours
- ...sizes to explore, design, and implement AI strategies that are secure, scalable, and human-centered. We believe AI should amplify human... ...same. The Opportunity This is not a traditional enterprise CISO role where you inherit a legacy infrastructure, manage a large...Full timeFor contractorsRemote workDay shift
- ...Chief Information Security Officer (CISO) Houston, TX (Hybrid) Reports to: Chief Information Officer (CIO) . The Opportunity This role goes beyond traditional security leadership. You will: Architect the security foundation for a rapidly evolving...
- ...Chief Information Security Officer (CISO) We're hiring a Chief Information Security Officer (CISO) to own and elevate our security program at FloatMe. We are looking for someone who can help us as we scale through bank partnerships, pursue SOC2 compliance, and maintain...Sleeping nights
$150k - $200k
...Chief Information Security Officer (CISO) Vistrada is looking to hire strong Chief Information Security Officers (CISO). The CISO will provide strategic cybersecurity guidance and oversight to Vistrada clients by leading and managing their cybersecurity programs to...Work experience placementRemote workFlexible hours$224k - $260k
...Director Of It & Security, Ciso Redox is on a mission to accelerate healthcare's transformation with useful data. Redox Engine, a flexible... ...Security Strategy & Leadership: Own end-to-end information security strategy across cloud, application, infrastructure,...Full timeRemote workFlexible hours- ...A financial technology company is seeking a Chief Information Security Officer to lead their information security and cybersecurity programs. The ideal candidate will have over 10 years of experience in information security within financial institutions, with a proven...Remote work
- ...A financial technology company is seeking a Chief Information Security Officer (CISO) to lead the establishment of its information security programs. The CISO will develop and oversee cybersecurity governance as the bank prepares to launch. This role requires substantial...Remote work
- ...Chief Information Security Officer (CISO) Are you interested in working with the World's AI-first Quality Engineering Company? Ready to advance your career, team up with global thought leaders across industries and make a difference every day? Join us at QualityAI!...Casual workLocal areaFlexible hours
- Chief Technology Officer, Vice President (Defense) Job Locations: US-Remote Job ID: 2025-13487 | # of Openings: 1 | Category: Information Technology | Benefit Type: Salaried High Fringe/... ...within IT. Knowledge of best information security practices. Excellent leadership...Full timeLocal areaRemote work
- ...Position: Chief Information Security Officer (CISO) Location: Wright-Patterson AFB, OH Job Id: 695 # of Openings: 1 Position Title: Chief Information Security Officer (CISO) Location: onsite – Wright-Patterson AFB, Ohio The TTC seeks an experienced Chief Information Security...Contract workLocal areaImmediate start
- ...Chief Information Security Officer (CISO) Organization: Nymbus Location: Fully remote; occasional travel may be required for client meetings and team gatherings. Description: About the job ABOUT NYMBUS: Nymbus is a modern fintech company delivering technology solutions...Contract workRemote workNight shift
- ...A financial technology company is seeking a Chief Information Security Officer (CISO) in Dallas, TX. The role involves leading the information security and cybersecurity programs, ensuring compliance with regulatory standards, and building a strong security posture. The...Remote work
$275k - $305k
...Job Description The Chief Information Security Officer (CISO) is responsible for establishing and executing the enterprise cybersecurity strategy for a high-growth, private fintech company operating in a highly regulated, cloud-first environment. As a forward-thinking...Contract workRemote workWork from homeShift work- ...Chief Information Security Officer (CISO) Illumia empowers education, healthcare, and corporate enterprises with secure, intelligent technology that streamlines operations and enriches experiences for everyone they serve. Formed by the merger of Transact and CBORD,...Remote work
- ...Cohere's Chief Information Security Officer Opportunity Cohere seeks a Chief Information Security Officer who can help shape Cohere's security... ...you possess the following: A proven track record as a CISO or SVP of Security in high-growth technology organizations —...Full timeWork at officeLocal areaRemote workHome office
- ...Chief Information Security Officer (CISO) The CISO is responsible for overseeing and managing the organization's information security program, ensuring the protection of sensitive data and compliance with regulatory requirements. This role involves strategic planning...
$225k - $270k
...The TCW Group, Inc. is seeking a Deputy Chief Information Security Officer in Los Angeles. This role involves leading the security team, shaping security strategy, and ensuring operational excellence across cloud and hybrid infrastructure. The ideal candidate will have...
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Vice President, ACM Information Security, CISO. Be the first to apply!
Related searches
- vp biotech United States
- vp compliance United States
- vice president support services United States
- vice president global communications United States
- vice president legal United States
- vice president of ecommerce United States
- vice president shared services United States
- vice president of revenue cycle United States
- vice president real estate development United States
- vice president corporate strategy United States

