This role serves as the primary authority on cybersecurity risk and controls, providing oversight, guidance, and approval for security decisions across systems, networks, and cloud environments.

Supervision

Receives general supervision from the IT Director and other members of the IT Department.

The Position and Job Summary

(These are examples of the types of duties that may be performed. Additional duties may be added, and some tasks will be completed as needed.)

Cybersecurity Strategy & Program Leadership

· Lead and evolve the enterprise cybersecurity program aligned with business goals and risk tolerance

· Develop and manage a multi-year cybersecurity roadmap with measurable outcomes

· Report cybersecurity posture, risks, and maturity to executive leadership

· Establish KPIs/KRIs to track program effectiveness

Governance, Risk & Compliance (GRC)

· Own and maintain the Information Security Management System (ISMS) aligned with ISO 27001

· Lead ISO 27001 certification readiness, audits, and continuous improvement

· Oversee HITRUST and HIPAA compliance, ensuring audit readiness and control effectiveness

· Conduct enterprise risk assessments and manage remediation lifecycle

· Develop and enforce security policies, standards, and procedures

3. Security Architecture & Microsoft Security Ecosystem

· Drive improvements in Microsoft Secure Score and security posture

· Oversee security across:

§ Identity (Entra ID / Azure AD)

§ Endpoint (Defender)

§ Email & Collaboration (M365 Security)

§ Cloud Security (Azure Security)

· Govern Microsoft Purview for data protection, DLP, and compliance

Security Operations & Incident Management

· Provide oversight for:

§ Vulnerability management

§ Threat detection and monitoring

§ Incident response and escalation

§ Lead incident investigations and root cause analysis (RCA)

§ Ensure security is integrated into:

§ System design

§ Change management

§ Infrastructure standards

. Vendor Risk & Audit Management

· Manage third-party cybersecurity risk assessments

· Lead external audits, penetration testing, and compliance reviews

· Act as the primary liaison for auditors, regulators, and stakeholders

· Coordinate remediation across business and IT teams

Leadership & Organizational Enablement

· Lead, mentor, and develop cybersecurity team members

· Drive security awareness and training programs across the organization

· Support budgeting, vendor selection, and strategic investments

· Foster a culture of security accountability

Employment Standards

· Executive-level communication and stakeholder engagement

· Strategic thinking and risk-based decision making

· Deep understanding of regulatory environments (HIPAA, HITRUST, ISO)

· Strong leadership and cross-functional collaboration

· Ability to translate technical risk into business impact

Education & Experience

· Bachelor’s degree in IT, Computer Science, or related field

· 7+ years in cybersecurity, risk, or information security (healthcare preferred)

· 4+ years of leadership experience managing teams and programs

· 5+ years of hands-on HIPAA compliance experience

Preferred Certification
· CISSP, CISM, CRISC, HCISPPrtifications

· Microsoft Azure / Security certifications

Essential Requirements

A valid California Driver's License and transportation, or acceptable substitute, may be required based on assigned duties.

Pay: $133,000.14 - $168,000.00 per year

Benefits:

• Dental insurance
• Employee assistance program
• Flexible spending account
• Health insurance
• Life insurance
• Paid time off
• Referral program
• Retirement plan
• Vision insurance

Work Location: In person