Director - Cybersecurity, CISO

About The Position

Requirements

• Bachelor’s degree in information technology or a related field or 4 years of U.S. Military cybersecurity training experience
• 8+ years of security related experience in healthcare
• 4+ years of management or supervisory experience
• In depth knowledge of security processes
• In depth knowledge of incident response, investigative, and forensic procedures
• In depth knowledge of security tools including threat detection and prevention, systems and network security monitoring, vulnerability management, certificate services, data loss prevention (DLP), endpoint protection (IDR/EDR), and SIEM technologies
• Experience obtaining HiTRUST certification and SOC2 Type II attestation
• Broad knowledge of Identity Access Management, including PAM/PIM
• Broad knowledge of enterprise systems, operating systems, and hardware platforms
• Broad knowledge of storage technologies, local storage, Arrays, SAN's, IP-Storage, NAS, File Systems
• Deep knowledge of cloud platforms and security controls (e.g., IAM, network segmentation, encryption/key management, logging/monitoring, vulnerability management) and cloud security posture/workload protection concepts
• Working knowledge of AI/ML and GenAI security concepts, including data governance, model and pipeline security, threat modeling, security testing/evaluation, and AI risk management frameworks (e.g., NIST AI RMF)
• Proven ability to define and govern security architecture (principles, standards, reference architectures, patterns, and guardrails) and influence engineering roadmaps through risk-based decision-making
• Basic knowledge of financial models and budgeting
• Ability to understand the long-term ("big picture") and short-term perspectives of situations
• Ability to quickly comprehend the functions and capabilities of new technologies
• Ability to work with individuals of all levels with varying technical skills
• Ability to work under pressure with minimal supervision, managing multiple projects simultaneously
• Ability to work within a high performing team against tight deadlines
• Ability to interface and communicate well across all departments of the organization and with Technology leadership at ownership organizations
• Familiarity with Agile/Scrum methodologies preferred
• Experience with ADO preferred
• In depth knowledge of PCI/DSS, HIPAA and SOX audits, and other industry audits preferred

Nice To Haves

• Master’s degree in information technology or a related field
• Certified Information Security Professional (CISSP), Certified Information Security Manager (CISM), Global Information Assurance Certification (GIAC), and/or Security Leadership Certification

Responsibilities

• Responsible for the overall end-to-end management of the company’s cybersecurity program for corporate and cloud environments across our footprint, including governance, risk management, and security operations
• Develop and lead the cybersecurity function in execution of the company’s strategy, establishing security-by-design through security architecture and delivering secure, compliant, scalable platforms, applications, data, and AI-enabled services
• Own and evolve the enterprise security architecture (e.g., landing zones/guardrails, identity and access controls, segmentation, encryption/key management, logging/monitoring), aligning to shared responsibility models and business risk tolerance
• Establish best practices AI security architecture for AI/ML and GenAI use cases, including data/model protection, secure training and inference environments, third-party/model supply-chain risk, evaluation and testing, and controls for emerging threats (e.g., prompt injection and data exfiltration)
• Partner with Engineering and Data/AI teams to embed DevSecOps and secure AI/ML lifecycle practices (requirements, threat modeling, code/IaC scanning, CI/CD controls, secrets management, and runtime protections)
• Partner with management and other technical teams in support of various internal and external audits (i.e. HIPAA, PCI, etc.)
• Develop and implement strategic, technical, and operational security/infrastructure controls that are properly aligned with organizational goals and objectives
• Manage the Security Operations team responsible for maintaining security configurations for critical infrastructure systems and for using applicable encryption methods
• Provide information to management regarding the negative impacts on the organization caused by theft, destruction, alteration, or denial of access to information
• Carry out managerial responsibilities in accordance with the organization's policies and planning, assigning, and directing work; appraising performance; training employees, performance management; addressing feedback and resolving issues
• Manage, coordinate, and prioritize the schedules, projects, and activities of direct reports
• Work with management to coordinate responses to information security control testing and vulnerability scans, audits, and assessments and implement practices to optimize this process across the organization for the proactive reduction of organizational risk
• Manage security vendors including Approved Scanning Vendors, Managed Security Service Providers, and external pen test vendors
• Oversee Company Information Security operations
• Execute and improve the core functions of the Cybersecurity Operations Center, including threat detection and prevention, incident response, systems and network security monitoring, forensics, vulnerability management, and data loss prevention at enterprise scale
• Review computer security incident reports and anomalous activity of network and ensure ongoing proactive measures to mitigate risks
• Responsible for creating and maintaining dashboards that monitor security and risk KPIs
• Research, develop, and keep abreast of tools, techniques, and process improvements in support of security detection and analysis
• Serve as internal information security consultant on information security projects/initiatives, automation of security testing
• Participate in major new system implementation projects to ensure that appropriate security controls are built into systems prior to production cutover
• Work closely with the Engineering, Applications, and Infrastructure teams to design and implement automated security controls in operational methodology along with the associated tools and processes
• Ensure ongoing system and security health checks on identified high-risk network segments, systems, and applications as well as follow up remediation
• Use tools and techniques to collect, analyze, and act on signals across data loss prevention, SIEM/SOAR, privileged access management, encryption, and cloud security posture/workload protection to reduce risk and improve detection and response
• Ensure the monitoring of intrusion detection and security information management systems to discover and mitigate malicious activity on networks
• Work with Compliance department and cyber insurance company on serious security violations
• Responsible for managing, monitoring, and reporting risks within the scope of your work area, to include, but not limited to Information Security risks
• Develop and maintain a prioritized list of customer requirements and integrate with the IT governance process
• Employees will be required to perform other job-related assignments as requested.

Benefits

• Health, Dental, Vision, Disability & Life Insurance, and much more
• 401K Retirement Plan (with company match)
• Tuition, Professional License and Certification Reimbursement
• Paid Time Off, Holidays and Volunteer Time
• Paid Orientation and Training
• Great Place to Work Certified
• Established in 11 states
• Largest home-based primary care practice in the US for over 28 years, making a huge impact in healthcare today!