Director of Cybersecurity Risk & Operations - FULLY REMOTE
Optomi, in partnership with a leading provider in the Healthcare industry is seeking a Director of Cybersecurity Risk & Operations.
This individual will be responsible for setting strategic direction for cybersecurity initiatives and establishing a forward-thinking roadmap.
You will have oversight of regulatory compliance and risk management, and ensure the organization operates within industry standards.
Your responsibilities extend to fostering innovation, adapting to emerging threats, and maintaining positive stakeholder relationships.
Responsibilities :
- Develop, execute, and communicate a comprehensive cybersecurity strategy aligned with business objectives
- Provide high-level leadership to the cybersecurity department, overseeing all aspects of cybersecurity operations
- Partner with privacy officer to ensure appropriate ownership and compliance in areas such as PCI and HIPPA
- Report regularly to leadership on the overall performance and status of the cybersecurity department
- Manage and coordinate third party contractors and consultants
- Lead vulnerability scans
- Participate in Cyber Security audits and penetration testing
- Monitoring and oversight of third-party relationships
- Create and test Cyber Incident Response Plan
- Create and test BCP / DR plan
- Create and monitor vulnerability management program
- Create and monitor operating system and application patching standards
- Review and audit existing security policies and make suggestions based on current industry trends
- Field inquiries regarding the organization’s security profile
- Lead the highest level of escalation for security incidents
- Analyze and mitigate security vulnerabilities
Qualifications :
- Proven experience in a security operations role, preferably in a managerial capacity.
- Understanding of security by design’ principles and architecture level security concepts
- Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities
- Working knowledge of Cyber security frameworks i.e. ISA / IEC 62243, NIST 800-53, NIST RMF, etc
- Understanding of DevSecOps
- Experience conducting secure product reviews leveraging both automated (i.e. SAST, DAST, SCA, etc.) & manual activities (Penetration Testing)
- Certifications in security and privacy demonstrating deep practical knowledge such as CSSLP or CISSP
- Excellent problem-solving skills with the ability to work under pressure during incidents.
- Strong communication skills to effectively convey complex security concepts to non-technical stakeholders.
23 days ago