Cyber Security Manager

About The Position

Requirements

• 4+ years of cybersecurity experience with a strong hands-on technical foundation. You have not left the work behind.
• Experience leading or mentoring a security team or function, formally or informally
• Direct EDR/XDR platform ownership: real policy management, real alert triage, real incident response
• Strong working knowledge of Microsoft 365 security and compliance tooling
• Experience building and managing DLP policies and data classification frameworks
• Strong understanding of email security: DMARC, DKIM, SPF, and Exchange Online hardening
• Experience managing security in a complex, multi-site, or distributed environment
• Working knowledge of HIPAA requirements, BAA obligations, and PHI/PII risk management
• Comfortable doing the work and directing others at the same time - This is not an either/or role

Nice To Haves

• Hands-on SIEM experience: implementation or operational ownership of Sentinel, Splunk, or similar
• Background in AI security governance: shadow AI detection, approved tool management, DLP for AI tools
• Experience building vendor and third-party security oversight programs
• Hands-on experience with Microsoft 365 compliance and data governance tooling
• Security certifications: CISSP, CISM, SC-200, AZ-500, CompTIA Security+, or equivalent
• Dental, healthcare, or other HIPAA-regulated industry experience

Responsibilities

• Lead, mentor, and develop MB2 Dental's cybersecurity team alongside your own hands-on technical work
• Set daily direction, handle escalations, and hold the team accountable to standards and timelines
• Serve as the primary security voice to IT and compliance leadership, translating technical risk into clear business terms
• Own the security program roadmap and drive prioritized execution
• Build reporting that gives leadership accurate, actionable visibility into security posture
• Administer our endpoint detection and response (EDR) platform across the organization
• Lead incident response end-to-end: detection, investigation, containment, remediation, and post-incident review
• Tune detection policies, improve alert quality, and develop and maintain response playbooks
• Drive continuous improvement of managed endpoint coverage and detection capability across the organization
• Own security configuration and hardening across the Microsoft 365 environment
• Implement and mature data loss prevention (DLP) policies covering PHI, PII, and sensitive financial data
• Build and enforce a data classification and sensitivity label taxonomy aligned to HIPAA requirements
• Harden email security: DMARC, DKIM, SPF, anti-phishing, safe links, and safe attachments
• Manage identity security controls, Conditional Access policies, and tenant-wide governance
• Establish, refine, and enforce controls governing MB2 Dental's use of AI tools across the organization
• Manage approved AI tool configurations, data access scope, and acceptable use policy enforcement
• Identify and remediate shadow AI risk: unauthorized tools, unsanctioned integrations, and PHI/PII exposure
• Evaluate new AI tools and third-party connectors for security and HIPAA compliance before deployment
• Keep AI governance current as the regulatory and technology landscape continues to evolve
• Own hands-on administration and continued maturation of MB2 Dental’s SIEM platform
• Define and build log ingestion, detection rules, alerting, and correlation logic
• Create dashboards and reporting that give leadership real visibility into security events
• Continuously refine detection logic and response playbooks as the platform matures
• Define, enforce, and audit security standards for third-party technology partners and vendors
• Review and govern external access to MB2 Dental systems and data, including BAA compliance
• Build and maintain a vendor security review process for onboarding new technology providers
• Identify and drive remediation of vendor-introduced risk across the organization
• Assess network security posture across the organization and prioritize hardening opportunities
• Guide firewall configuration, segmentation standards, and access control policy
• Support DNS filtering, threat intelligence integration, and network visibility initiatives
• Own HIPAA security compliance: risk assessments, audit preparation, BAA management, and control evidence

Benefits

• medical/dental/vision/life insurance
• long- and short-term disability
• PTO
• paid holidays
• traditional and Roth 401(k) options