Orlando Health has retained Kirby Partners to conduct a nationwide executive search for their CISO/Corporate Director of Security & Resiliency position.

Orlando Health is a $3.4 billion not-for-profit healthcare organization with more than 2,400 beds serving Central Florida residents and 10,000 international annual visitors.

Orlando Health consists of eight hospitals and several outpatient centers. The health system has the area’s only Level One Trauma Center for adults and pediatrics and is a statutory teaching hospital system that offers both specialty and community hospitals.

Corporate Director of Security & Resiliency Overview

The Orlando Health (OHi) Corporate Director of IT Resiliency and Chief Information Security Officer (CISO) is responsible for establishing and maintaining the vision, strategy and program to ensure information assets and technologies are adequately protected across the entire OHi organization.

As a member of the office of the CIO (OCIO), collaborates and interacts with all OCIO council members regarding operational, financial, legal, program management, audit services and special project planning. In a matrix organizational manner, reports directly to the Orlando Health Chief Information Officer, and indirectly to the Chief Compliance and Ethics Officer, working in collaboration with the Chief Privacy Officer (CPO) and Corporate Manager of Emergency Preparedness to ensure the right audit and general controls, risk management and compliance independence are adhered to.

This position has direct leadership duties for Security leaders, IT Disaster Recovery, Major Incident Management and Business Continuity leaders who will be leading teams responsible for the development of security and business continuity policies and procedures, security architectures, operational support, regulatory compliance and major incident response. The CISO will interact at the executive level with third party organizations that provide services to Orlando Health to ensure the security and IT resiliency needs of OHi are being met.



  • Bachelor’s degree
  • CISSP (Certified Information Systems Security Professional)
  • At least three (3) years of security leadership in a health care environment and seven (7) years of full-time experience in information systems security planning, auditing, design, testing, implementation and maintenance
  • Working knowledge of information systems and related technologies such as data networking, end-user applications, data center operations, customer support, general IT controls and processes, server and PC hardware, operating systems, monitoring tools, encryption, and wireless networking
  • Thorough knowledge of healthcare privacy and information security policies, procedures, regulations, and law


  • Master’s degree
  • Certified Information Systems Auditor (CISA)
  • Other relevant certifications such as CHS (Certified in Healthcare Security) and CSCS (Certified Security Compliance Specialist)


For more information about the organization, position, and the community, click the “Full Profile” link (top right sidebar) or click here.

Please note that Kirby Partners exclusively represents this opportunity and all candidates will be presented through our team of executive recruiters.  If you have questions about this position, please email Bryan Kirby.



MedAllies has retained Kirby Partners to identify, qualify, and present individuals for their  Chief Information Security and Compliance Officer position.

Reporting directly to the CEO, the Chief Information Security and Compliance Officer is responsible for oversight and management of the MedAllies Security and Accreditation Programs (including information security, training and physical security), recurring third-party security and compliance audits.

MedAllies is a rapidly growing national healthcare consulting firm in Fishkill, New York.  The firm focuses on clinical practice and health system transformation, connecting providers as a health information service provider and develops software which enables thousands of healthcare providers and organizations to provide efficient and effective patient care.

Key Network Indicators:

  • 6,000 health care organizations
  • 200,000 Direct users
  • 51 employees

Chief Information Security and Compliance Officer


Chief Information Security and Compliance Officer Position Description:

This opportunity will let you use your experience and knowledge to further develop leading security initiatives in this growing organization working with nationally known leaders in healthcare. MedAllies is an exciting place to work where you can learn new technologies and design security operations in the healthcare sector. It is a fast and innovative organization and the Security and Compliance Officer must be able to balance industry strength security with business operations.


The ideal Chief Information Security and Compliance Officer would have an understanding of HIPAA security, and understanding of industry standards/regulations such as ISO, NIST, GDPR, and healthcare specifications such as ENHAC and HITRUST.

  • Bachelor’s degree required in computer science, information systems, or equivalent experience (Master’s preferred)
  • CISSP certification required
  • At least 5-10 years in the healthcare information security field, with risk management preferred
  • Must have working knowledge of HIPAA, ISO, and HITRUST
  • Must be able to communicate security-related concepts to a broad range of technical and non-technical staff, including senior leadership
  • Must have experience with business continuity planning, auditing, and risk management
  • Experience in defining standards, guidelines, best practices related to risk management, and identity management
  • Ability to to troubleshoot complex problems related to security, risk management, and resolve issues quickly identifying the best option in an emergency situation


For more information about the organization, position, and the community, click the “Full Profile” link (top right sidebar) or click here.

Lifespan has retained Kirby Partners to identify, qualify and present individuals for their VP / Chief Information Security Officer Position.


Organization Overview

Lifespan, Rhode Island’s first health system was founded in 1994 by Rhode Island Hospital and The Miriam Hospital. A comprehensive, integrated, academic health system affiliated with The Warren Alpert Medical School of Brown University, Lifespan’s present partners also include Rhode Island Hospital’s pediatric division, Hasbro Children’s Hospital, Bradley Hospital, Newport Hospital, and Gateway Healthcare. A not-for-profit organization, Lifespan is overseen by a board of volunteer community leaders who are guided by its mission to improve the health status of the people it serves in Rhode Island and New England through the provision of customer friendly, geographically accessible and high value services.


VP / Chief Information Security Officer Position Highlights

Under the general direction of the Senior VP/CIO, the Chief Information Security Officer directs development, implementation, and oversight of Lifespan’s information technology security infrastructure in compliance with industry best practices and federal and state regulations. Responsibilities include developing information security strategy and implementation plans, as well as policies and procedures related to patient health information and all other confidential information in electronic form. The CISO provides leadership in development, management, control, and security assessment of all Lifespan systems include legacy applications, new applications, data centers, local area networks, wide area networks, firewall/proxy servers, telecommunications systems, service desk, technology centers and facility infrastructure.