Role Overview for VP, Data Privacy & Security with a Global Healthcare System – Baltimore, MD
JRG Partners is proud to partner with a world-renowned global healthcare system in their search for a visionary and strategic Vice President of Data Privacy & Security. Based in Baltimore, MD, this executive leadership role is critical to upholding the organization’s commitment to patient trust, data integrity, and regulatory excellence. In an era of escalating cyber threats and increasingly complex data protection regulations, this position serves as the principal architect and guardian of the institution’s comprehensive privacy and security framework.
The VP, Data Privacy & Security will be responsible for the strategic direction, operational execution, and continuous improvement of all initiatives designed to protect sensitive patient, employee, and corporate information. Reporting to the Chief Information Officer (CIO), you will lead a dedicated team of professionals and collaborate across all facets of the organization—from clinical operations and research to finance and legal—to embed a culture of security and privacy by design. This is a unique opportunity to make a profound impact on a mission-driven organization, ensuring that the privacy and security of data are paramount as they continue to innovate in patient care, medical research, and global health initiatives. The ideal candidate is a seasoned leader with a deep understanding of the healthcare landscape, a masterful command of security technologies and governance, and an unwavering ethical compass to navigate the challenges of protecting data in the 21st century.
Key Responsibilities of VP, Data Privacy & Security with a Global Healthcare System – Baltimore, MD
Strategic Leadership & Vision
Develop, implement, and maintain the enterprise-wide vision, strategy, and multi-year roadmap for data privacy and information security. Ensure alignment with the organization’s strategic goals, clinical objectives, and risk appetite.
Governance & Policy Development
Establish and chair the Information Security and Data Privacy Governance Committee. Develop, publish, and enforce a comprehensive suite of information security and privacy policies, standards, and procedures based on industry best practices and regulatory requirements.
Regulatory Compliance & Risk Management
Serve as the primary authority on data protection regulations, ensuring organizational compliance with the Health Insurance Portability and Accountability Act (HIPAA), HITECH, GDPR, CCPA, and other relevant state, federal, and international laws. Oversee a robust risk management program, including regular risk assessments, vulnerability scanning, penetration testing, and the management of the enterprise risk register.
Security Operations & Architecture
Lead the Security Operations Center (SOC) and oversee the architecture, implementation, and management of advanced security technologies. This includes Identity and Access Management (IAM), Data Loss Prevention (DLP), Security Information and Event Management (SIEM), endpoint protection, and cloud security controls (AWS, Azure).
Incident Response & Business Continuity
Command the organization’s cyber incident response efforts. Develop, maintain, and regularly test a comprehensive incident response plan to ensure timely detection, containment, eradication, and recovery from security events. Collaborate with business leaders to integrate security into business continuity and disaster recovery planning.
Team Leadership & Development
Recruit, mentor, and lead a high-performing team of security and privacy professionals. Foster a culture of continuous learning, collaboration, and innovation within the department. Manage departmental budgets, resource allocation, and vendor relationships effectively.
Third-Party Risk Management
Design and manage a comprehensive third-party risk management (TPRM) program. Ensure all vendors, partners, and contractors with access to sensitive data adhere to the organization’s stringent security and privacy standards.
Training & Awareness
Champion a system-wide security and privacy awareness program. Develop and deliver engaging training materials and campaigns to educate all employees, from frontline clinicians to executive leaders, on their role in protecting organizational data assets.
Executive & Board Advisory
Act as the trusted advisor to the executive leadership team and the Board of Directors on all matters related to cybersecurity and data privacy. Prepare and present regular, clear, and concise reports on the organization’s security posture, risk landscape, and program maturity.
Requirements for the VP, Data Privacy & Security with a Global Healthcare System – Baltimore, MD
Educational Background
A Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or a related field is required. A Master’s degree (MBA, MS, or JD) is strongly preferred.
Professional Experience
A minimum of 15 years of progressive experience in information security, data privacy, and/or IT risk management. At least 7-10 years of experience in a senior leadership role, managing teams and influencing enterprise-level strategy.
Industry Expertise
Demonstrable and significant experience within the healthcare sector is mandatory. A deep understanding of clinical workflows, electronic health records (EHR), medical devices (IoMT), and the specific privacy challenges of a patient care environment is essential.
Certifications
Professional certifications are highly desirable. These include, but are not limited to: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Privacy Professional (CIPP/US), and/or HealthCare Information Security and Privacy Practitioner (HCISPP).
Technical Acumen
Expert-level knowledge of security frameworks and standards such as NIST Cybersecurity Framework (CSF), NIST 800-53, HITRUST, and ISO 27001/27002. Proven experience with modern security architectures and technologies.
Regulatory Knowledge
In-depth, expert-level understanding of HIPAA, HITECH, and other data protection laws (e.g., GDPR, CCPA). Experience interacting with regulatory bodies is a plus.
Leadership & Communication Skills
Exceptional leadership, interpersonal, and team-building skills. The ability to communicate complex and technical issues to diverse audiences, both orally and in writing, in an easily understood, authoritative, and actionable manner. Proven ability to influence and build consensus at all levels of the organization.
Strategic & Business Acumen
Strong strategic thinking, analytical, and problem-solving skills. The ability to understand and articulate the business implications of security decisions and to provide pragmatic, risk-based solutions.
Benefits & Perks Offered
Our client offers a highly competitive executive compensation package and a comprehensive benefits program designed to support the health, well-being, and financial security of their leaders and their families. Benefits include:
Competitive Executive Salary & Bonus
A highly competitive base salary complemented by an annual performance-based bonus and long-term incentive plan.
Comprehensive Health & Wellness
Premier medical, dental, and vision insurance plans for you and your eligible dependents. Access to wellness programs, mental health resources, and on-site fitness facilities.
Retirement Savings
A robust 401(k) or 403(b) retirement plan with a generous employer match and/or contribution.
Paid Time Off
A generous paid time off (PTO) package, including vacation, sick leave, and paid holidays.
Professional Development
A significant budget for continuous learning, including support for attending industry conferences, pursuing advanced certifications, and other executive education opportunities.
Relocation Assistance
A comprehensive relocation package is available for qualified candidates.
Work-Life Balance
A commitment to supporting a healthy work-life balance for all employees.
How to Apply
This is a retained search being conducted exclusively by JRG Partners. To be considered for this confidential opportunity, please submit your resume and a cover letter outlining your qualifications and interest in the role. All applications will be treated with the utmost confidentiality.
Qualified candidates are encouraged to apply directly through the JRG Partners’ Healthcare Technology Practice Area. We look forward to reviewing your application and discussing this exceptional leadership opportunity with you.
