Deputy Chief Security Officer

Join us on the heart-warming journey with a team that is a top leader in the rehabilitation industry

Encompass Health is the leader in inpatient rehabilitation industry, you'll feel the Encompass Health difference as soon as you join. We collaborate and provide high-quality, compassionate, individualized care for our patients, allowing us time to get to know them and help them achieve their goals during their rehabilitation journey.

Position Purpose
Reporting to the Chief Security Officer, the Deputy Chief Security Officer (DCSO) is responsible for supporting the CSO in executing the cybersecurity vision and leading strategic and technical initiatives to defend Encompass Health's infrastructure. This role requires a uniquely qualified leader who combines hands-on technical capability with cybersecurity strategy development and organizational influence.

This position is designed for a leader who thrives in high-stakes environments and has a strong command of enterprise networks, cloud infrastructure, threat detection, incident response, and secure design. The DCSO is expected to be deeply engaged in both tactical and strategic domains, ensuring the effective translation of security strategies into executable technical plans across the organization.

-    The Information Technology Group (ITG) comprises +/-280 people with an average tenure of 13.5 years. This role will play a key part in sustaining a culture of security-mindedness, hands-on execution, and technical excellence.
-    This is a high-impact role with direct influence on the resilience and strategic direction of Encompass Health's cybersecurity posture. The ideal candidate is a technical leader who leads by example, solves problems at their root, and can bridge strategic vision with operational execution.
-    This position must sit at our Birmingham, Alabama office and offers a hybrid work schedule.
-    Limited travel to key hospital and operational sites is expected.

Responsibilities & Tasks
-    Drive execution of the cybersecurity strategy in close coordination with the CSO.
-    Serve as a technical authority and escalation point for complex security events, architectural reviews, and strategic security initiatives.
-    Oversee cloud and on-premise security operations including identity, access, perimeter defense, endpoint protection, and network segmentation.
-    Lead incident response efforts, threat hunting operations, and forensic investigations.
-    Assess and evolve security infrastructure including SIEM, EDR, firewalls, WAFs, and vulnerability management platforms.
-    Represent the security team in architecture planning, change control, compliance assessments, and vendor evaluations.
-    Lead and mentor a growing technical team; establish a high-performance culture grounded in hands-on expertise and risk-driven decision-making.
-    Facilitate security integration with key departments such as IT Infrastructure, DevOps, Clinical Systems, Compliance, and Business Continuity.
-    Develop and maintain security policies, procedures, and technical standards aligned with NIST, HITRUST, HIPAA, and enterprise risk management goals.
-    Act as a security liaison for internal audit, legal, and clinical leadership, translating technical risk into business impact.

Skills & Abilities
-    Deep technical competency with network protocols, cloud security (Oracle Cloud Infrastructure/Azure), Linux/Windows environments, and enterprise security architecture
-    Incident response leadership and experience in live operational environments
-    Ability to diagnose misconfigurations, detect threat activity, and lead remediation across hybrid environments
-    Strong understanding of security engineering and operations, including hands-on familiarity with tools such as SIEM, Firewalls, EDR and IDS.
-    High level of personal integrity and discretion, especially with sensitive security data and incident management
-    Commitment to mentoring, coaching, and fostering a hands-on security culture
-    Strong planning, analytical, and communication skills with the ability to convey complex information to diverse audiences

Minimum Qualifications
-    Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent experience
-    Minimum 10 years of progressive experience in cybersecurity, with at least 5 in hands-on technical roles
-    Minimum 4 years of experience in a security leadership role with direct responsibility for cloud/on-prem security operations
-    Demonstrated ability to implement and manage enterprise security systems, tools, and controls
-    Experience leading incident response and security architecture across hybrid environments
-    Relevant certifications such as CISSP, GCIH, GCIA, or similar

Preferred Qualifications
-    Master's degree in Cybersecurity, IT Management, or related
-    Experience in healthcare IT environments, including HIPAA, HITECH, and HITRUST controls
-    Familiarity with ITIL practices and security frameworks such as NIST CSF and ISO 27001
-    Hands-on experience with automation (e.g., scripting for response, policy enforcement)

A little about us:
We're confident you'll see the difference the moment you join our team. Working at Encompass Health means working with a growing national inpatient rehabilitation leader. We're proud of our career growth opportunities and how our team members work together for the greater good of our patients. We've been named one of the "World's Most Admired Companies" and a Fortune 100 Best Companies to Work For® Award, among others, which is pretty amazing.

Our benefits start day one:
-    Affordable medical, dental and vision plans for full-time and part-time employees and their families.
-    Generous paid time off that accrues over time.
-    Tuition reimbursement and continuing education opportunities.
-    Company-matching 401(k) and employee stock purchase plans.
-    Flexible spending and health savings accounts.
-    A community of people who love what they do. Yes, we see that as a benefit.