Vice President, Deputy Chief Business Information Security Officer

Be part of a team that unleashes the power of leading-edge technologies to help improve the health and well-being of those most vulnerable in our country and communities. Working at Gainwell carries its rewards. You’ll have an incredible opportunity to grow your career in a company that values work flexibility, learning, and career development. You’ll add to your technical credentials and certifications while enjoying a generous, flexible vacation policy and educational assistance. We also have comprehensive leadership and technical development academies to help build your skills and capabilities.

Summary

The Vice President, Deputy Chief Business Information Security Officer (VP, Deputy CBISO) is a senior leadership role responsible for overseeing the operations of information security delivery, vulnerability management, security delivery shared services, and account and client focused incident response activities. This role will work closely with the VP, Chief Business Information Security Officer, to ensure the security of the organization's information assets and to lead the execution and implementation of comprehensive security strategies. The VP, Deputy CBISO will be accountable for ensuring the highest standards of client excellence, experience, account performance, driving continuous improvement and innovation in information security practices.

Your role in our mission

• Act as the operational leader within the information security delivery organization, ensuring that information security initiatives are executed efficiently and effectively.
• Develop and implement operational plans that drive the achievement of key performance indicators (KPIs) and ensure the continuous improvement of information security practices.
• Lead the execution of long-term strategic plans that align with the organization's overall business objectives and ensure the continuous improvement of information security practices.
• Drive the positioning of information security as a key differentiator for clients. This involves developing and implementing strategies that highlight the unique value and competitive advantage provided by the organization's information security practices.
• Lead program maturity assessments using the NIST Cybersecurity Framework to evaluate the maturity of the information security program. This involves using established frameworks and methodologies to measure the effectiveness of security controls, identify gaps, and prioritize areas for improvement.
• Establish and maintain strong relationships with clients, ensuring that their needs and expectations are understood and met. This involves regular communication, feedback sessions, and proactive engagement to build trust and rapport.
• Collaborate with clients to understand their unique challenges and requirements, providing tailored information security solutions that address their specific needs and objectives.
• Ensure that the information security team is aligned with client goals and priorities, fostering a client-centric culture that emphasizes responsiveness, reliability, and excellence in service delivery.
• Provide regular updates and reports to clients on the status and effectiveness of information security initiatives, ensuring transparency and accountability.

• Foster a culture of results-driven performance within the information security team, emphasizing the importance of achieving measurable outcomes and delivering value to the organization.
• Promote a focus on results and accountability, ensuring that all team members understand their roles and responsibilities and are committed to achieving organizational goals.

• Ensure the delivery of high-quality work by maintaining rigorous quality standards. This includes implementing quality assurance processes that verify the accuracy, completeness, and reliability of information security deliverables.
• Optimize the allocation and utilization of resources to ensure the efficient and effective delivery of information security services.
• Identify and implement process improvements that enhance operational efficiency and reduce costs.
• Establish shared services model for security resources where possible to streamline processes, standardization, and capacity management.
• Monitor and evaluate the effectiveness of risk management processes, making adjustments as necessary to ensure the continuous protection of organizational assets.
• Oversee the development of a centralized metrics program that addresses risk, performance, and effectiveness at various organizational levels. This includes defining metrics that provide meaningful insights into the organization's information security posture and performance.
• Use metrics and dashboards to drive informed decision-making and continuous improvement. This includes analyzing data to identify trends, assess risks, and make evidence-based recommendations for enhancing information security practices.
• Foster a culture of accountability and ownership by encouraging teams to take responsibility for their actions and outcomes. This involves promoting transparency, integrity, and a commitment to excellence in all aspects of information security.

• Build and lead a dedicated team responsible for vulnerability management, providing guidance, training, and support to ensure the team's success.
• Establish and run governance for the vulnerability management program, ensuring that policies, procedures, and standards are in place to guide the identification, assessment, and remediation of vulnerabilities.
• Utilize technology to enhance the vulnerability management program, including the selection and implementation of tools for vulnerability scanning, assessment, and reporting.
• Collaborate with other teams and stakeholders to ensure that vulnerability management efforts are integrated with other security and IT initiatives, and that vulnerabilities are addressed in a timely and effective manner.

What we're looking for

• Master's degree required, preferably an MBA
• Bachelor's degree in Information Security, Computer Science, or a related field preferred
• A minimum of 15 years of experience in information security, with at least 10 years in leadership roles.
• Relevant certifications such as CISSP, CISM, or CISA are required
•  

What you should expect in this role

• This role is 100% remote within the continental United States with opportunity to travel for work up to 20% annually.

The deadline to submit applications for this posting is October 6, 2025.

The pay range for this position is $176,100.00 - $251,500.00 per year, however, the base pay offered may vary depending on geographic region, internal equity, job-related knowledge, skills, and experience among other factors. Put your passion to work at Gainwell. You’ll have the opportunity to grow your career in a company that values work flexibility, learning, and career development. All salaried, full-time candidates are eligible for our generous, flexible vacation policy, a 401(k) employer match, comprehensive health benefits, and educational assistance. We also have a variety of leadership and technical development academies to help build your skills and capabilities.

We believe nothing is impossible when you bring together people who care deeply about making healthcare work better for everyone. Build your career with Gainwell, an industry leader. You’ll be joining a company where collaboration, innovation, and inclusion fuel our growth. Learn more about Gainwell at our company website and visit our Careers site for all available job role openings.

Gainwell Technologies is an Equal Opportunity Employer, where all qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical condition), age, sexual orientation, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.