Deputy CISO

Methodist Le Bonheur Healthcare has retained Kirby Partners to support its search for a Deputy CISO.

Methodist Le Bonheur Healthcare (MLH) is an integrated healthcare delivery system based in Memphis, Tennessee with six hospitals, a home health agency, ambulatory surgery centers, outpatient facilities, hospice residence and physician practices.

MLH is widely recognized for providing the highest‐quality of patient care and services, offering a wide variety of care options from cancer care, emergency services, diabetes control and more for the whole family.

Methodist Le Boneur Healthcare has received the following accolades:

• A U.S. News & World Report’s best regional hospital (four of MLH metro adult hospitals are licensed as one) and third in Tennessee
• One of U.S. News & World Report’s nation’s best children’s hospitals (Le Bonheur Children’s Hospital)
• One of Becker’s Hospital Review’s 150 top places to work in healthcare 2022-2023
• One of Modern Healthcare’s top nine organizations for diversity
• A Fortune’s best workplace in healthcare in 2021 and a best company to work for in 2019

University of Tennessee Health Science Center (UTHSC) and Methodist Healthcare became formally affiliated in 2002, making Methodist the principal adult private teaching hospital in Shelby County for UTHSC.

Le Bonheur Children’s Hospital collaborates with St. Jude Children’s Research Hospital on many clinical and educational programs, including a successful brain tumor program with some of the world’s best-documented one‐year survival rates. The children’s hospital also hosts the Biorepository and Integrative Genomics project, one of the country’s only pediatric biorepositories solely focused on genetic causes for childhood disease.

Position Overview

The Deputy Chief Information Security Officer (CISO) reports to the VP/CISO and is responsible for day-to-day operations to support and augment the VP/CISO’s overall responsibilities. The Deputy CISO is an advanced role supporting the entire cybersecurity program.

This role provides leadership, executive support, strategic and tactical guidance, and complete execution for a world-class cybersecurity program supporting enterprise security initiatives. The Deputy CISO supports and reports on strategic planning and execution of enterprise security systems, applications and operations.

The Deputy CISO will lead an adaptable and secure business-supporting cybersecurity team, in addition to influencing and executing with technical team members such as software developers, system engineers, cybersecurity engineers and systems administrators.

Key Responsibilities:

• Works closely with security leadership overseeing security operations, incident response, application security and infrastructure.
• Actively informed and engaged in daily security operations.
• Enforces a strong security culture, ensuring uniformity across security leadership, business units and Associates.
• Fosters strong relationships with internal business units and external entities to maintain a strong network.
• In tandem with the VP/CISO, manages the security budget and additional fiduciary responsibilities.
• Advises on enterprise-wide people, process and technology security recommendations.
• Maintains an up-to-date level of knowledge relating to security threats, vulnerabilities and mitigations set forth to reduce the corporate attack surface.
• Ensures security projects are delivered on time and within budget.
• Implements a continuous vulnerability assessment and exposure analysis process and aligns technical teams to address a timeline for remediation and validation across applications and infrastructure.
• Sponsors vendor and technology solution selection, as well as third-party consulting services as needed.
• Requires and supports independent verification and validation testing of the company networks and data protection through internal team resources and independent consulting engagements.
• In conjunction with security leadership, defines key performance indicators (KPIs) and metrics aligning with business initiatives and delivers to non-technical teams in terms that are readily comprehensible.
• Provides motivation to security teams and Associates to maximize rigorous system security controls.
• Removes complexities and obstacles that hinder efficient security controls enterprise-wide.
• Builds relationships with technical and compliance teams to deliver security-by-design controls that are incorporated into projects, architecture, infrastructure and applications.
• Works closely with operational risk, compliance, legal and audit teams.
• Stays abreast of new laws, regulations and standards, and assesses their impacts to the business.
• Verifies security content training initiatives, as well as internal and external communication are conducted regularly.
• Oversees testing and validation of security controls across projects.
• Openly supports the VP/CISO, management team and executive leadership, even during tumultuous times.
• Performs other duties as assigned.

Qualifications

Required:

• Bachelor’s degree in Information Systems, Business, Computer Science, or related field.
• Five to eight (5-8) years of experience in risk management and information security fields.

Preferred:

• Master’s degree in Information Systems, Business, Computer Science, or related field strongly preferred.
• Previous experience in a healthcare setting strongly preferred.
• Certified Information System Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Healthcare Privacy & Security (CHPS).

Knowledge, Skills and Abilities:

• Strong written and verbal communication skills across all levels of the organization.
• Ability to effectively manage stress in a constantly changing environment.
• Driven to build a strong, cohesive team and positive enterprise-wide security culture.
• Proven high level of integrity, trustworthiness and confidence, as well as ability to represent the company and security leadership with the highest level of professionalism.
• Strategic vision and ability to influence others.
• Strong project management and organizational skills.
• Ability to work effectively with diverse teams and varying personalities, and adapt management style to effectively reach and develop the team.
• Ability to gain and preserve credibility with the team through sustained industry knowledge.
• Ability to motivate the team to achieve excellence, while giving credit and recognition where it is due.

About Memphis, Tennessee

Thriving downtown

Memphis, known as the birthplace of rock n’ roll, is located on the Mississippi River in southwest Tennessee, 210 miles west of Nashville and 130 miles south of St. Louis, Missouri. The city offers a unique blend of history, music and culture with eclectic restaurants, professional sports teams, shopping, live music venues, and theaters.

Outdoor enjoyment 

A top outdoor staple is Shelby Farms Park, one of the largest parks in the country with over four thousand acres, serves as both a vibrant community hub and a peaceful retreat from the hustle and bustle of city life. The park features more than 40 miles of trails with an iconic 10.65-mile paved cycling and pedestrian trail. There are plenty of opportunities for fishing in the park’s more than 20 bodies of water.

Affordable living

The total cost of housing, food, childcare, transportation, healthcare, taxes, and other necessities is 14.2% lower than the U.S. average.

Procedure for Candidacy

Final candidates should expect two interviews with Kirby Partners recruiters (including a video conference interview). You may be asked to complete our “Executive Profile” and submit references to be considered for presentation to the search committee.