Cybersecurity Operations Lead

The Cybersecurity Lead is responsible for driving the organizations cybersecurity strategy leading investigations and guiding the operational execution of critical security initiatives. This position serves as a primary point of contact for cross-functional security matters balancing hands-on technical work with mentoring and influencing team members. The Cybersecurity Lead will collaborate with stakeholders across IT engineering compliance and business operations to proactively identify address and prevent security risksensuring the confidentiality integrity and availability of organizational assets.

This role requires an individual with proven leadership experience the ability to communicate complex technical concepts clearly and the judgment to make timely informed security decisions in high-pressure situations.

Key Responsibilities

Leadership & Strategic Influence

• Act as the primary point of contact for significant security incidents investigations and escalations.
• Drive cybersecurity initiatives from planning to execution ensuring alignment with business objectives and regulatory requirements.
• Mentor and guide junior analysts fostering a culture of continuous learning and operational excellence.
• Influence security strategy by proactively identifying gaps recommending solutions and championing best practices.
• Represent the Information Security team in cross-departmental meetings communicating risks and recommendations to both technical and non-technical stakeholders.

Threat Detection & Response

• Lead the monitoring analysis and triage of security events from SIEM EDR IDS/IPS firewalls and other detection platforms.
• Oversee and direct root cause analyses for complex security incidents ensuring timely containment eradication recovery and lessons learned.
• Enhance the organizations threat detection and response capabilities through tool optimization process improvement and integration efforts.

Vulnerability & Risk Management

• Oversee vulnerability assessments ensure accurate risk prioritization and collaborate with stakeholders to address findings within defined SLAs.
• Partner with IT and application teams to embed security into project lifecycles reducing exposure to known and emerging threats.

Identity & Access Governance

• Lead enforcement of identity and access management controls including periodic access reviews least-privilege enforcement and privileged access oversight.
• Collaborate with HR IT and compliance teams to ensure identity governance processes meet operational and regulatory requirements.

Governance Compliance & Awareness

• Ensure adherence to industry regulations (HIPAA PCI-DSS SOC 2 HITRUST) and security frameworks (NIST CIS).
• Prepare and present security posture updates audit findings and remediation status to leadership.
• Lead the delivery of targeted security awareness training and phishing simulations measuring effectiveness and engagement.

Qualifications Required:

• Bachelors degree in Cybersecurity Information Technology Computer Science or equivalent work experience.
• 58 years of progressive experience in information security with at least 2 years in a lead or senior analyst capacity.
• Demonstrated leadership in incident response vulnerability management and security operations.
• Advanced knowledge of security platforms such as Splunk CrowdStrike SentinelOne Azure Security Center or equivalents.
• Deep understanding of network protocols cloud infrastructure security (Azure preferred) and endpoint security.
• Proven ability to communicate clearly and concisely avoiding unnecessary rambling.
• Strong active listening skills ensuring understanding before responding.
• Willingness to ask clarifying questions when needed instead of making assumptions.
• Experience collaborating effectively with both technical and non-technical stakeholders.

Preferred:

• Relevant certifications: CISSP CISM CEH GSEC CySA or equivalent.
• Experience in healthcare fintech or other regulated industries.
• Direct involvement in SOC 2 HITRUST or PCI-DSS audits.