Cyber Security Manager - Job# 1115

About The Position

Requirements

• Executive-level communication and stakeholder engagement
• Strategic thinking and risk-based decision making
• Deep understanding of regulatory environments (HIPAA, HITRUST, ISO)
• Strong leadership and cross-functional collaboration
• Ability to translate technical risk into business impact
• Bachelor’s degree in IT, Computer Science, or related field
• 7+ years in cybersecurity, risk, or information security (healthcare preferred)
• 4+ years of leadership experience managing teams and programs
• 5+ years of hands-on HIPAA compliance experience
• A valid California Driver's License and transportation, or acceptable substitute, may be required based on assigned duties.

Nice To Haves

• CISSP, CISM, CRISC, HCISPP
• Microsoft Azure / Security certifications

Responsibilities

• Lead and evolve the enterprise cybersecurity program aligned with business goals and risk tolerance
• Develop and manage a multi-year cybersecurity roadmap with measurable outcomes
• Report cybersecurity posture, risks, and maturity to executive leadership
• Establish KPIs/KRIs to track program effectiveness
• Own and maintain the Information Security Management System (ISMS) aligned with ISO 27001
• Lead ISO 27001 certification readiness, audits, and continuous improvement
• Oversee HITRUST and HIPAA compliance, ensuring audit readiness and control effectiveness
• Conduct enterprise risk assessments and manage remediation lifecycle
• Develop and enforce security policies, standards, and procedures
• Drive improvements in Microsoft Secure Score and security posture
• Oversee security across Identity (Entra ID / Azure AD), Endpoint (Defender), Email & Collaboration (M365 Security), and Cloud Security (Azure Security)
• Govern Microsoft Purview for data protection, DLP, and compliance
• Provide oversight for vulnerability management, threat detection and monitoring, and incident response and escalation
• Lead incident investigations and root cause analysis (RCA)
• Ensure security is integrated into system design, change management, and infrastructure standards
• Manage third-party cybersecurity risk assessments
• Lead external audits, penetration testing, and compliance reviews
• Act as the primary liaison for auditors, regulators, and stakeholders
• Coordinate remediation across business and IT teams
• Lead, mentor, and develop cybersecurity team members
• Drive security awareness and training programs across the organization
• Support budgeting, vendor selection, and strategic investments
• Foster a culture of security accountability

Benefits

• Health Insurance - NLACRC pays the full cost of coverage for certain Medical plans for employee only. We also provide a generous contribution to additional plans that the employee may select for employee only or employee and dependents costs.
• Dental Insurance – NLACRC pays the full cost of the Dental DMO Plan for employees and eligible dependents. We also offer a Dental PPO plan with a low employee monthly contribution for employees and eligible dependents
• Pre-Tax Flexible Spending Account for eligible health care expenses
• Pre-Tax Dependent Care Flexible Spending Account for eligible dependent care expenses
• No cost Life, Accidental Death & Disability, Long Term Disability Insurance for employees
• No cost Vision plan for employees and eligible dependents
• Retirement plan - NLACRC is a member of CalPERS which is a defined benefit plan that provides a monthly retirement allowance for eligible employees
• NLACRC offers two (2) deferred compensation plans - 457 and 403(b)
• Participate in the Public Service Loan Forgiveness program
• Paid Time Off – Eligible for 3 weeks of accrued vacation in the first year, 8 hours per month sick time, education, wellness, and sabbatical time
• Holidays – NLACRC offers 12 paid holidays throughout the year
• Most positions are offered a hybrid – remote option