Description

Responsibilities include, but are not limited to: 

• Develop and execute the enterprise cybersecurity strategy aligned with organizational goals.
• Lead the design and maturity of the organization’s security program, roadmap, and governance structure.
• Provide executive leadership, guidance, and reporting to senior leadership regarding cybersecurity risk posture, initiatives, and incidents.
• Establish security KPIs, maturity benchmarks, and reporting dashboards. 

• Own the enterprise risk management practices for cybersecurity, including ongoing risk assessment, mitigation strategies, and executive reporting.
• Develop, maintain, and enforce security policies, standards, and procedures.
• Oversee vendor and third-party security risk evaluation.
• Ensure compliance with applicable regulatory and industry requirements (e.g., PCI-DSS, NIST, and, state privacy laws, etc., as applicable). 

• Lead security operations including threat detection, incident monitoring, vulnerability management, and response.
• Oversee EDR, SIEM, identity management, zero trust initiatives, data loss prevention, email protection, network segmentation, and other core security controls.
• Direct responses to cybersecurity incidents, including triage, containment, investigation, recovery, communication, and post-incident review.
• Partner with IT Infrastructure and Application teams to embed security-by-design across technology initiatives. 

• Lead enterprise identity strategy including authentication, authorization, SSO/MFA, privileged access, and lifecycle governance.
• Develop and implement data protection programs including encryption, DLP, data governance, and secure information handling. 

• Oversee disaster recovery and business continuity frameworks, ensuring resilience planning, testing, and readiness.
• Ensure crisis management playbooks, tabletop exercises, and executive readiness programs are in place. 

• Lead, mentor, and develop high-performing security teams and managed service partners.
• Build strong partnerships across IT, Compliance, Legal, HR, Clinical/Operations, and Executive Leadership.
• Serve as a trusted advisor and champion for security culture, awareness, and training initiatives enterprise wide.

Knowledge, Skills, and Abilities

• Bachelor’s Degree in Information Security, Computer Science, Information Systems, or related discipline; equivalent experience considered.
• Proven experience building and leading enterprise cybersecurity programs in mid-to-large scale environments.
• Deep knowledge of security frameworks and standards (NIST CSF, ISO 27001, CIS Controls, Zero Trust, etc.).
• Demonstrated expertise in incident response, risk management, vulnerability management, identity security, and modern cloud security.
• Experience working with executive leadership and presenting risk posture at a senior level.
• Certifications strongly preferred: CISSP, CISM, CISA, CCSP, CRISC, or equivalent. 

• Experience in multi-site or geographically distributed organizations.
• Experience in healthcare, financial services, or other highly regulated environment (if applicable).
• Experience leading outsourced or hybrid security program models (MDR, SOC providers, managed SIEM, etc.).
• Strong understanding of Microsoft 365, Azure, cloud platforms, and modern enterprise environments.