Job Description

Our leading healthcare client is seeking a strategic, hands-on Cybersecurity Director to oversee and continuously improve information security, governance, risk, and compliance programs. This high-impact leadership role requires a dynamic communicator and seasoned technologist who will serve as a trusted advisor to business and technology units, ensuring security is embedded across all functions and systems.

You will be responsible for directing enterprise-wide security efforts, including vulnerability management, compliance with industry standards (ISO 27001, NIST), risk mitigation, vendor oversight, and external representation. Your role will be both strategic and operational—balancing board-level reporting with day-to-day oversight of cybersecurity tools and processes.

Key Responsibilities:

• Lead and manage the Vulnerability Management Program, overseeing regular assessments, tracking remediation efforts, and reporting findings to executive stakeholders.

• Direct and execute Governance, Risk, and Compliance (GRC) initiatives to ensure continued alignment with ISO 27001, NIST 800-53, and audit requirements.

• Act as a Security Subject Matter Expert for emerging projects, ensuring that security is considered and integrated throughout the system development lifecycle.

• Represent the organization at security and healthcare industry events through public speaking and publishing articles or white papers.

• Monitor and enforce internal security policies, procedures, and standards, while educating internal teams to foster a security-first culture.

• Oversee the cybersecurity technology portfolio, ensuring operational health, efficiency, and alignment with business needs.

• Identify gaps in security coverage and provide tactical and strategic recommendations to improve the organization’s security posture.

• Serve as a key advisor to stakeholders across privacy, development, operations, and business teams on security best practices.

• Collaborate with infrastructure and IT teams to ensure secure design, configuration, and deployment of systems and applications.

• Manage third-party vendor relationships, including oversight of the Security Operations Center (SOC) provider.

• Define and monitor key security metrics; produce executive-level reporting and briefings for leadership and the Board.

Qualifications:

• 7–10+ years of progressive experience in cybersecurity, IT security operations, or risk management.

• Demonstrated leadership in vulnerability management, compliance, and cybersecurity governance.

• Deep understanding of ISO 27001, NIST 800-53, and other industry frameworks and best practices.

• Experience managing third-party vendors, SOCs, and cross-functional internal teams.

• Strong communicator with the ability to distill complex technical information into business-friendly insights.

• Experience presenting at conferences or contributing to industry publications is a strong asset.

• Preferred certifications: CISSP, CISM, CRISC, ISO 27001 Lead Auditor/Implementer, or related.