Cyber Security Manager

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, Information Systems, or a related field or equivalent experience required.
• Minimum of 8 years of progressive experience in cybersecurity, information security, or risk management within a regulated environment (healthcare preferred). 4 of 8 years of progressive supervisory experience should include direct leadership of professional staff, leading cybersecurity programs, governance initiatives, and cross‑functional security efforts.

Nice To Haves

• CISSP, CISM, CRISC, HCISPP, or equivalent.

Responsibilities

• Cybersecurity Program & Roadmap Management
• Lead and manage the enterprise information security program, ensuring alignment with organizational goals, regulatory requirements, and risk tolerance.
• Own and maintain the cybersecurity roadmap, translating strategy into prioritized initiatives, milestones, and measurable outcomes.
• Track execution progress, risks, and dependencies, and provide regular reporting on cybersecurity posture and maturity to executive leadership.
• Governance, Risk, and Compliance (GRC)
• Design, implement, and maintain the Information Security Management System (ISMS) aligned with ISO/IEC 27001.
• Lead planning, readiness, and execution activities for ISO/IEC 27001 certification, including gap assessments, remediation efforts, and internal audits.
• Oversee HITRUST framework adoption and ongoing maturity, including control mapping, evidence management, and third‑party assessments.
• Ensure continuous HIPAA Security Rule compliance through risk assessments, control monitoring, remediation tracking, and audit readiness.
• Develop, maintain, and govern cybersecurity policies, standards, and procedures, ensuring regular review, version control, and organizational adoption.
• Conduct and oversee enterprise security risk assessments and support organizational risk management processes.
• Microsoft Security & Data Protection
• Drive continuous improvement of Microsoft Security Secure Score by prioritizing and overseeing implementation of recommended security controls.
• Provide oversight of Microsoft security platforms (e.g., Microsoft Defender) supporting identity, endpoint, email, and cloud security.
• Manage Microsoft Purview for information protection, data loss prevention (DLP), retention, and compliance policy enforcement.
• Utilize Microsoft Purview to support policy and procedure governance, documentation management, and compliance reporting.
• Security Operations Oversight
• Provide cybersecurity oversight and guidance to IT Operations teams responsible for infrastructure, networks, endpoints, and cloud services.
• Ensure security requirements are embedded into system design, configuration standards, and change management processes.
• Oversee vulnerability management, security monitoring, and incident response coordination.
• Lead or support security incident investigations, root cause analysis, and remediation planning.
• Vendor, Audit, and Stakeholder Management
• Evaluate, select, and manage cybersecurity‑related vendors, tools, and services.
• Coordinate external audits, assessments, and testing activities related to cybersecurity and compliance.
• Serve as the primary cybersecurity liaison with auditors, regulators, and internal oversight bodies.
• Partner with Privacy, Compliance, Legal, and business stakeholders to address findings, risks, and remediation efforts.
• Leadership & Program Management
• Lead, mentor, and develop cybersecurity staff and/or matrixed resources.
• Promote security awareness and training initiatives to strengthen organizational security culture.
• Support cybersecurity budgeting, resource planning, and prioritization activities.