The Chief Technology & Cybersecurity Officer (CTCO) is a strategic, hands-on technology and security leader responsible for leading Protocall’s technology strategy, cybersecurity program, infrastructure, product technology direction, vendor security oversight and compliance readiness.
The CTCO is responsible for ensuring that our information systems are scalable, secure, resilient, and aligned with the needs of healthcare, public-sector, higher education, and enterprise customers. This position also serves as our Security Officer as defined by HIPAA.
Responsibilities
Technology Strategy & Leadership
- Develop and execute the organization’s technology strategy in alignment with business goals, customer needs, compliance obligations, and product growth.
- Serve as the senior technology advisor to executive leadership, helping translate technical risks and opportunities into business decisions.
- Provide leadership across internal IT, cloud infrastructure, data systems, software platforms, cybersecurity, and technology vendor relationships.
- Evaluate current systems, architecture, tools, and processes and recommend improvements for scalability, reliability, interoperability, security, and cost effectiveness.
- Partner with product, operations, clinical, compliance, and customer success teams to ensure technology supports our service offerings.
- Help guide build-versus-buy decisions, platform modernization, integrations, and technology roadmap priorities.
- Establish technology governance practices appropriate for a healthcare organization serving commercial, higher education, and government-adjacent customers.
Cybersecurity, Privacy & Compliance
- Lead the organization’s information security program, including security strategy, policies, risk assessments, controls, incident response, vendor risk management, and employee security awareness.
- Ensure technology and security practices support HIPAA requirements and customer expectations related to protected health information, privacy, confidentiality, availability, and breach prevention.
- Lead readiness efforts related to GovRAMP, NIST, SOC 2, HITRUST, or similar security and compliance frameworks, as applicable to customer and market needs.
- Develop and maintain security policies, standards, procedures, and documentation required for customer audits, RFPs, security questionnaires, and compliance reviews.
- Oversee security monitoring, vulnerability management, access controls, endpoint protection, cloud security, backup and recovery practices, and incident response planning.
- Partner with legal, compliance, People Services, and operations teams on privacy, data retention, business continuity, disaster recovery, and security incident response.
- Lead or coordinate tabletop exercises, risk reviews, vendor assessments, and remediation plans.
- Support sales and customer-facing teams by responding to security questionnaires, participating in customer security reviews, and clearly explaining the organization’s security posture.
Infrastructure, Operations & Reliability
- Oversee the reliability, availability, and security of technology systems supporting 24/7 mission-critical operations.
- Ensure appropriate disaster recovery, business continuity, backup, monitoring, and escalation processes are in place.
- Manage cloud platforms, SaaS systems, telecommunications-related technology, identity and access management, and internal IT systems either directly or through staff and vendors.
- Establish appropriate service levels, operational metrics, and technology performance reporting.
- Identify and reduce technology risks that could affect service continuity, customer trust, compliance, or clinical operations.
Product & Data Support
- Partner with product and business leaders on the technology direction of our digital product offerings.
- Advise on secure software development practices, data architecture, integrations, authentication, privacy-by-design, and customer-specific security needs.
- Help ensure product platforms can support Protocall’s existing customer base, as well as potential expansion in new markets.
- Support evaluation of third-party tools, APIs, data exchange capabilities, analytics platforms, and customer reporting infrastructure.
- Promote secure, scalable, user-centered technology solutions that support both clinical quality and business growth.
Team & Vendor Leadership
- Lead, mentor, and develop technology, IT, security, and related vendor resources.
- Build practical processes that improve accountability without creating unnecessary bureaucracy.
- Manage external technology partners, managed service providers, security vendors, auditors, consultants, and platform vendors.
- Develop department budgets, staffing plans, technology investment recommendations, and vendor management practices.
- Foster a culture of security, reliability, responsiveness, and continuous improvement.
Artificial Intelligence, Automation & Emerging Technology
- Lead the organization’s strategy for the responsible evaluation, adoption, and governance of artificial intelligence, machine learning, automation, and emerging technologies.
- Establish AI governance practices that address privacy, security, HIPAA compliance, bias, transparency, vendor oversight, data use, clinical risk, and customer trust.
- Partner with executive, clinical, compliance, legal, product, and operations leaders to identify appropriate AI-enabled opportunities that improve service quality, operational efficiency, workforce support, customer reporting, and user experience.
- Evaluate AI tools and vendors for security, privacy, data retention, model training practices, contractual protections, and alignment with healthcare and public-sector customer requirements.
- Ensure that AI solutions involving protected health information, crisis services, clinical workflows, or customer data are reviewed through appropriate risk, compliance, and ethical governance processes before implementation.
- Develop policies and guardrails for employee use of generative AI tools, including acceptable use, prohibited data sharing, documentation expectations, and review requirements.
- Support responsible use of AI in areas such as contact center operations, quality assurance, documentation support, analytics, fraud/risk detection, customer insights, product personalization, and administrative workflow automation.
- Help the organization distinguish between safe, practical AI use cases and high-risk applications that require additional oversight, validation, human review, or should not be pursued.
- Monitor evolving AI-related legal, regulatory, security, and customer expectations, particularly as they relate to healthcare, behavioral health, HIPAA-regulated data, and government-funded or public-sector programs.
- Promote a culture of innovation that balances AI-enabled efficiency with clinical quality, human judgment, privacy, accessibility, and the organization’s mission.
Required Qualifications:
- 10+ years of progressive experience in technology leadership, information security, infrastructure, software systems, healthcare technology, or related fields.
- Demonstrated experience leading both technology and cybersecurity functions in a healthcare, behavioral health, SaaS, public-sector, or regulated environment.
- Experience managing custom software development teams with strong SDLC controls; experience with DevSecOps tools and procedures preferred.
- Strong working knowledge of HIPAA privacy and security requirements.
- Experience with security and risk frameworks such as NIST CSF, NIST 800-53, NIST 800-171, SOC 2, HITRUST, ISO 27001, FedRAMP, or GovRAMP-related requirements.
- Experience supporting security audits, customer security reviews, vendor risk assessments, RFP responses, and compliance documentation.
- Strong understanding of cloud infrastructure, SaaS platforms, identity and access management, endpoint security, data protection, logging and monitoring, and incident response.
- Ability to communicate effectively with executive leaders, board members, customers, auditors, technical teams, and non-technical stakeholders.
- Demonstrated ability to balance strategic leadership with hands-on execution in a mid-sized or growing organization.
- Experience managing technology vendors, budgets, roadmaps, and cross-functional initiatives.
- Strong judgment, discretion, and integrity when handling sensitive healthcare, business, and security matters.
Preferred Qualifications
- Experience in behavioral healthcare, crisis services, telehealth, digital health, or healthcare SaaS.
- Experience supporting 24/7 mission-critical operations or contact center technology.
- Familiarity with 988 crisis service environments, managed care organizations, EAPs, higher education customers, or Community Behavioral Health Centers.
- Experience with mobile application security, secure software development, product security, and platform architecture.
- Prior experience preparing an organization for GovRAMP, FedRAMP-aligned, SOC 2, HITRUST, or similar certification or assessment.
- Relevant certifications such as CISSP, CISM, CISA, CCSP, HCISPP, PMP, or equivalent experience.
- Experience presenting technology and security updates to executive leadership, boards, customers, or public-sector stakeholders.
Work at Protocall is inherently stressful given the nature of our mission. It is the basic responsibility of each employee to manage their stress in a way that sustains our commitment to the highest level of client care, customer service, professional conduct, and a supportive work environment.
Protocall Services Inc. is an Equal Opportunity Employer. We believe deeply in diversity of race, gender, sexual orientation, religion, ethnicity, national origin, and all of the other fascinating characteristics that make us different
Skills Required
- 10+ years of progressive experience in technology leadership, information security, infrastructure, software systems, healthcare technology, or related fields.
- Experience leading both technology and cybersecurity functions in a healthcare, behavioral health, SaaS, public-sector, or regulated environment.
- Experience managing custom software development teams with strong SDLC controls.
- Experience with DevSecOps tools and procedures.
- Strong working knowledge of HIPAA privacy and security requirements.
- Experience with security and risk frameworks such as NIST CSF, NIST 800-53, NIST 800-171, SOC 2, HITRUST, ISO 27001, FedRAMP, or GovRAMP-related requirements.
- Experience supporting security audits, customer security reviews, vendor risk assessments, RFP responses, and compliance documentation.
- Strong understanding of cloud infrastructure, SaaS platforms, identity and access management, endpoint security, data protection, logging and monitoring, and incident response.
- Ability to communicate effectively with executive leaders, board members, customers, auditors, technical teams, and non-technical stakeholders.
- Demonstrated ability to balance strategic leadership with hands-on execution in a mid-sized or growing organization.
- Experience managing technology vendors, budgets, roadmaps, and cross-functional initiatives.
- Strong judgment, discretion, and integrity when handling sensitive healthcare, business, and security matters.
- Experience in behavioral healthcare, crisis services, telehealth, digital health, or healthcare SaaS.
- Experience supporting 24/7 mission-critical operations or contact center technology.
- Familiarity with 988 crisis service environments, managed care organizations, EAPs, higher education customers, or Community Behavioral Health Centers.
- Experience with mobile application security, secure software development, product security, and platform architecture.
- Prior experience preparing an organization for GovRAMP, FedRAMP-aligned, SOC 2, HITRUST, or similar certification or assessment.
- Relevant certifications such as CISSP, CISM, CISA, CCSP, HCISPP, PMP, or equivalent experience.
- Experience presenting technology and security updates to executive leadership, boards, customers, or public-sector stakeholders.
What We Do
Protocall Services, Inc. is a leading provider of telephonic and digital behavioral health services, specializing in 24/7 crisis intervention, assessment, and wellness solutions. Through its Welltrack ecosystem, the company provides specialty clinical call-center services and digital tools to over 500 organizations, including community behavioral health providers, university counseling centers, and managed behavioral health organizations across the United States.







