[Hiring] Vice President, ACM Information Security, CISO @Rochester Regional Health

Role Description

The Vice President, ACM Information Security; CISO leads the enterprise-wide information security and cyber risk management program for ACM. This role ensures that all information assets—technology, applications, systems, infrastructure, and processes—are protected across the digital ecosystem, and identifies, evaluates, and reports on legal, regulatory, IT, and cybersecurity risks while enabling business objectives.

The position safeguards the confidentiality, integrity, and availability of data and systems supporting R&D, clinical trials, manufacturing, supply chain, regulatory submissions, and commercial operations. It protects high‑value research assets, clinical development systems, proprietary algorithms, and sensitive partner data, while enabling rapid innovation, collaboration, and compliance.

Operating in a highly regulated environment, the VP, ACM Information Security; CISO balances cybersecurity with clinical trial needs, innovation, speed to market, and patient safety.

Qualifications

• Related Master’s degree in related field or MBA preferred
• Demonstrated success managing global security programs in complex, regulated environments
• Demonstrated experience managing / ensuring IT cloud security
• ISO 27001 Lead Implementer/Auditor
• Proven experience (5+ years) in global life sciences, biotech industries
• Proven experience developing / managing ISO 27001 compliant IT security framework
• Cloud security certifications (AWS, Azure, GCP)
• Deep understanding of life sciences / biotech regulatory environments (global environments)
• Proven ability to partner with and manage service providers to ensure compliance with organizational expectations
• Significant experience / knowledge building IT security frameworks compliant with the following regulations / standards:
• FDA (21 CFR Part 11)
• GxP (GMP, GLP, GCP)
• ISO 27001, NIST
• HIPAA / HITECH
• GDPR and global privacy laws
• SOC 2, PCI
• Advanced troubleshooting and analytical skills
• Strong communication and cross-functional collaboration abilities
• High attention to detail and commitment to system reliability
• Ability to manage multiple complex initiatives simultaneously
• Strong communication skills / strong executive communication and board-level presentation skills
• Risk-based decision-making and business acumen
• Experience balancing innovation with compliance and patient safety
• Up-to-date knowledge of IT security methodologies and trends in both business and IT
• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment
• Project management skills: financial/budget management, scheduling and resource management
• Engagement and collaboration with service providers

Requirements

• Bachelor’s degree in Computer Science, Information Security, Engineering, or related field
• 10 years in information security, with 5 years in senior IT security leadership roles
• 5 years of experience in global life sciences, biotech industries

Required Licensure/Certifications

• CISSP or CISM or CISA

Physical Requirements

• L - Light Work - Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force frequently, and/or a negligible amount of force constantly; requires occasional walking, standing or squatting.
• For disease specific care programs refer to the program specific requirements of the department for further specifications on experience and educational expectations, including continuing education requirements.
• Any physical requirements reported by a prospective employee and/or employee’s physician or delegate will be considered for accommodations.

Pay Range

$220,000.00 - $250,000.00

City

Rochester

Postal Code

14624

Company Description

Rochester Regional Health is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex (including pregnancy, childbirth, and related medical conditions), sexual orientation, gender identity or expression, national origin, age, disability, predisposing genetic characteristics, marital or familial status, military or veteran status, citizenship or immigration status, or any other characteristic protected by federal, state, or local law.