Qualifications

EXPERIENCE REQUIREMENTS:

• 10 years of progressive experience in cybersecurity, information security, or related fields.
• Minimum of 5 years in a leadership or supervisory role, with demonstrated experience leading teams and managing external partners.
• Minimum 3 years of healthcare experience (preferred)
• Proven success managing MSSP relationships and third-party vendor performance.
• Strong knowledge of cybersecurity technologies, tools, and frameworks, including NIST, HIPAA, and MITRE ATT&CK.
• Experience in incident response, vulnerability management, and risk mitigation.
• Strong communication, analytical, and problem-solving skills, with the ability to lead across technical and non-technical groups.

Responsibilities

• Lead and manage a team of cybersecurity professionals, fostering a culture of accountability, growth, and continuous learning.
• Coach and mentor team for high performance, creating a supportive working environment where everyone has the opportunity to fulfill their potential
• Manage employees including performance management, salary administration, succession planning and workforce development.
• Monitor and report on staff productivity and performance, including workload distribution, contributions, development opportunities, and blockers.
• Oversee the performance and accountability of the Managed Security Services Provider (MSSP), ensuring alignment with SLAs and organizational priorities.
• Conduct regular operational metrics reviews, including key security KPIs, incident trends, vulnerability findings, and service-level adherence.
• Provide project status updates for initiatives under cybersecurity operations, highlighting progress, risks, dependencies, and upcoming deliverables.
• Oversee the administration and tuning of security technologies, including SIEM, EDR, IDS/IPS, DLP, and vulnerability scanners.
• Ensure timely patch management and remediation of vulnerabilities across systems, coordinating with infrastructure and application teams.
• Participate in forensic investigations and root cause analysis following security incidents.
• Support secure configuration and hardening of endpoints, servers, and network appliances.
• Perform ongoing risk assessments, threat modeling, and vulnerability management activities.
• Drive incident response processes, ensuring rapid containment, communication, and remediation of cybersecurity events.
• Prepare executive-level reports and dashboards that summarize security posture, trends, and performance indicators.
• Assist with forensics investigation, penetration testing, implementation of new security solutions, participation in the creation and or maintenance of policies, standards, and procedures, runbooks, etc.
• Recommend changes/upgrades to service components, technologies, processes and metrics to keep pace with the threat landscape and align with and business strategies.
• Maintain up-to-date knowledge of industry standards, best practices and the evolving security threat landscape
• Partner & collaborate with other IT teams as necessary to ensure that overall IT objectives are met.
• Performs special projects and other duties as assigned by management

This position will report to the Chief Information Security Officer. It will require being on site for a hybrid schedule in Stamford, Connecticut.