Director, IT Security

Description

Responsibilities include but are not limited to:

• Develop and execute the enterprise cybersecurity strategy aligned with organizational goals.
• Lead the design and maturity of the organizations security program roadmap and governance structure.
• Provide executive leadership guidance and reporting to senior leadership regarding cybersecurity risk posture initiatives and incidents.
• Establish security KPIs maturity benchmarks and reporting dashboards.

• Own the enterprise risk management practices for cybersecurity including ongoing risk assessment mitigation strategies and executive reporting.
• Develop maintain and enforce security policies standards and procedures.
• Oversee vendor and third-party security risk evaluation.
• Ensure compliance with applicable regulatory and industry requirements (e.g. PCI-DSS NIST and state privacy laws etc. as applicable).

• Lead security operations including threat detection incident monitoring vulnerability management and response.
• Oversee EDR SIEM identity management zero trust initiatives data loss prevention email protection network segmentation and other core security controls.
• Direct responses to cybersecurity incidents including triage containment investigation recovery communication and post-incident review.
• Partner with IT Infrastructure and Application teams to embed security-by-design across technology initiatives.

• Lead enterprise identity strategy including authentication authorization SSO/MFA privileged access and lifecycle governance.
• Develop and implement data protection programs including encryption DLP data governance and secure information handling.

• Oversee disaster recovery and business continuity frameworks ensuring resilience planning testing and readiness.
• Ensure crisis management playbooks tabletop exercises and executive readiness programs are in place.

• Lead mentor and develop high-performing security teams and managed service partners.
• Build strong partnerships across IT Compliance Legal HR Clinical/Operations and Executive Leadership.
• Serve as a trusted advisor and champion for security culture awareness and training initiatives enterprise wide.

Knowledge Skills and Abilities

• Bachelors Degree in Information Security Computer Science Information Systems or related discipline; equivalent experience considered.
• Proven experience building and leading enterprise cybersecurity programs in mid-to-large scale environments.
• Deep knowledge of security frameworks and standards (NIST CSF ISO 27001 CIS Controls Zero Trust etc.).
• Demonstrated expertise in incident response risk management vulnerability management identity security and modern cloud security.
• Experience working with executive leadership and presenting risk posture at a senior level.
• Certifications strongly preferred: CISSP CISM CISA CCSP CRISC or equivalent.

• Experience in multi-site or geographically distributed organizations.
• Experience in healthcare financial services or other highly regulated environment (if applicable).
• Experience leading outsourced or hybrid security program models (MDR SOC providers managed SIEM etc.).
• Strong understanding of Microsoft 365 Azure cloud platforms and modern enterprise environments.