Job Description

Our leading healthcare client is looking for a strategic and results-oriented Manager, Security to lead their cybersecurity operations and programs. This is a high-impact leadership role where you will manage a team of security professionals, collaborate cross-functionally across the organization, and play a pivotal role in the design, implementation, and oversight of our security program.

You will be responsible for developing and maintaining an effective information security program aligned with the organization’s goals, risk tolerance, and compliance obligations. This includes leading cyber security initiatives, conducting risk assessments, and building a roadmap for proactive threat detection, incident response, and business continuity. A strong background in Governance, Risk, and Compliance (GRC) is essential.

Key Responsibilities

• Lead a team of security professionals in the execution of the organization’s cyber security strategy, ensuring clear direction, effective delegation, and high performance.

• Develop, implement, and maintain the organization’s enterprise-wide information security program to address risk management, compliance, data protection, and operational resilience.

• Design and maintain security architectures, tools, and practices to uphold the principles of confidentiality, integrity, and availability of information systems.

• Oversee the delivery of threat detection, incident response, and vulnerability management programs; represent security interests on governance committees and cross-functional projects.

• Conduct comprehensive risk, threat, and vulnerability assessments; identify mitigation strategies and oversee implementation of necessary controls.

• Establish and monitor Security and Privacy by Design practices and ensure alignment with relevant organizational policies, regulations, and industry standards.

• Collaborate with internal teams including IT, legal, privacy, crisis management, and business units to implement security controls and ensure readiness for incident response and recovery.

• Develop and test security incident response playbooks and procedures to ensure preparedness across various cyber threat scenarios.

• Drive security awareness initiatives and training programs to promote best practices across the organization.

• Track emerging trends in cyber security, assess their relevance, and advise leadership on potential risks and recommended strategies.

• Manage key vendor relationships including selection, contract negotiation, service evaluations, and ongoing oversight of security-related third-party services.

• Maintain GRC processes and ensure compliance with relevant frameworks such as NIST CSF, ISO 27001, SOC 2, PCI DSS, ITIL, and internal policy standards.

• Prepare and manage the information security budget, including planning for future growth and resource allocation.

Qualifications

Education & Experience

• Bachelor's degree in computer science, information systems, engineering, or a related discipline (or equivalent work experience).

• Minimum of 10 years of experience working with Information Security frameworks and security program leadership.

• At least 5 years of management experience, including leading and coaching technical teams toward high performance and results.

• Proven experience protecting and securing Azure and other cloud-based environments; strong hands-on knowledge of Microsoft security tools is required.

• Strong background and hands-on experience with GRC practices and systems is mandatory.

Certifications

• One or more of the following: CISSP, CISM, GIAC, or equivalent recognized certification.

Nice to Have Certifications

• Systems Security Certified Practitioner (SSCP)

• Certified Ethical Hacker (CEH)

Technical Expertise

• Familiarity with key frameworks and standards: NIST CSF, NIST RMF, ISO 27001, SOC 2, PCI DSS, ITIL.

• Experience in event management/SIEM, identity and access management (IAM), and secure systems development.

• Programming or scripting experience (e.g., Python, PHP, UNIX shell scripting) is considered a strong asset.

• Proven experience conducting risk and control assessments, leading audits, and overseeing remediation activities.

• Strong understanding of vendor risk management and cloud security controls.