Our leading healthcare client is seeking a strategic, hands-on Cybersecurity Director to oversee and continuously improve information security, governance, risk, and compliance programs. This high-impact leadership role requires a dynamic communicator and seasoned technologist who will serve as a trusted advisor to business and technology units, ensuring security is embedded across all functions and systems.

You will be responsible for directing enterprise-wide security efforts, including vulnerability management, compliance with industry standards (ISO 27001, NIST), risk mitigation, vendor oversight, and external representation. Your role will be both strategic and operational—balancing board-level reporting with day-to-day oversight of cybersecurity tools and processes.

Key Responsibilities:

• Lead and manage the Vulnerability Management Program, overseeing regular assessments, tracking remediation efforts, and reporting findings to executive stakeholders.

• Direct and execute Governance, Risk, and Compliance (GRC) initiatives to ensure continued alignment with ISO 27001, NIST 800-53, and audit requirements.

• Act as a Security Subject Matter Expert for emerging projects, ensuring that security is considered and integrated throughout the system development lifecycle.

• Represent the organization at security and healthcare industry events through public speaking and publishing articles or white papers.

• Monitor and enforce internal security policies, procedures, and standards, while educating internal teams to foster a security-first culture.

• Oversee the cybersecurity technology portfolio, ensuring operational health, efficiency, and alignment with business needs.

• Identify gaps in security coverage and provide tactical and strategic recommendations to improve the organization’s security posture.

• Serve as a key advisor to stakeholders across privacy, development, operations, and business teams on security best practices.

• Collaborate with infrastructure and IT teams to ensure secure design, configuration, and deployment of systems and applications.

• Manage third-party vendor relationships, including oversight of the Security Operations Center (SOC) provider.

• Define and monitor key security metrics; produce executive-level reporting and briefings for leadership and the Board.

Qualifications:

• 7–10+ years of progressive experience in cybersecurity, IT security operations, or risk management.

• Demonstrated leadership in vulnerability management, compliance, and cybersecurity governance.

• Deep understanding of ISO 27001, NIST 800-53, and other industry frameworks and best practices.

• Experience managing third-party vendors, SOCs, and cross-functional internal teams.

• Strong communicator with the ability to distill complex technical information into business-friendly insights.

• Experience presenting at conferences or contributing to industry publications is a strong asset.

• Preferred certifications: CISSP, CISM, CRISC, ISO 27001 Lead Auditor/Implementer, or related.

We’re an equal opportunity employer committed to increasing diversity and inclusion in today’s workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. Minorities, women, LGBTQ candidates, and individuals with disabilities are encouraged to apply. If you require an accommodation, please review our accessibility policy and reach out to our accessibility officer with any questions.