To Apply for this Job Click Here
Job Description:
Position Overview
Experienced cybersecurity professional to lead the security posture across infrastructure, applications, data systems, and DevOps. This role is critical in protecting sensitive health data, ensuring regulatory compliance (HIPAA, HITRUST, SOC2), and embedding robust security practices across the technology landscape.
The ideal candidate will bring strong hands-on technical skills, cybersecurity governance expertise, and a proactive mindset to drive enterprise-wide security initiatives while collaborating with cross-functional stakeholders.
Key Responsibilities
Security Governance & Risk Management
- Define and enforce cybersecurity policies, standards, and internal controls aligned with regulatory requirements.
- Design and implement cyber risk mitigation strategies, supporting ongoing risk assessments and audit readiness.
- Lead security assessments for infrastructure, applications, and enterprise tools to ensure industry-best security posture.
- Develop and operationalize a cross-functional cybersecurity operating model integrated into broader enterprise threat management.
- Maintain cybersecurity policies and controls aligned with HIPAA, HITRUST, and SOC 2 frameworks.
Security Engineering & Implementation
- Design and implement secure cloud infrastructure (IaC), leveraging tools like Terraform or CloudFormation.
- Deploy and maintain cybersecurity solutions including firewalls, endpoint protection, SIEM, and email security gateways.
- Implement encryption, access control, data loss prevention (DLP), and labeling mechanisms to secure sensitive assets.
- Partner with application portfolio and integrate security into DevOps pipelines and assist in automating code analysis, scanning, and compliance checks (e.g., SAST/DAST).
Application & DevSecOps Security
- Conduct reviews, static and dynamic analysis to identify and resolve vulnerabilities.
- Collaborate with engineering and DevOps teams to embed security into the SDLC.
- Monitor and respond to security events using tools like Splunk, Sentinel, or equivalent SIEM platforms.
- Implement security-as-code and automate scans for IaC, container, and image vulnerabilities.
- Perform risk assessments, static/dynamic code analysis, and vulnerability scans (OWASP, SAST/DAST).
- Remediate security flaws in internal and customer-facing applications.
- Operational Excellence
- Continuously enhance logging, monitoring, and alerting to detect and respond to cyber threats.
- Perform vulnerability assessments, penetration tests, and drive remediation activities across the enterprise.
- Monitor emerging threats, conduct impact analysis, and recommend strategic actions to leadership.
- Lead efforts to operationalize analytics and visibility into key cybersecurity metrics.
- Conduct security audits, risk assessments, and incident response exercises
- Support internal and external compliance audits.
Qualifications
Education, Tools & Certifications
- Bachelor’s degree in Computer Science, Cybersecurity, or related field.
- Industry certifications such as CISSP, CEH, CISM, or CSSLP preferred.
- Hands-on experience with various Cyber/Security tools in various categories below
- SIEM : Security Information & Event Management
- IAM : Identity & Access Management
- EDR : End Point Detection and Response
- DevSecOps & Application Security
- Network & Perimeter Security
- Data Security & DLP
- CSPM : Cloud Security Posture Management
- Penetration Testing & Red Team Tools
- Vulnerability Management
- Governance, Risk & Compliance (GRC)
- Threat Intelligence & Automation
Experience
- 7+ years of exclusive cybersecurity experience with a focus on infrastructure security, application security, and DevSecOps.
- Experience in healthcare, insurance or PBM industry
- Proven experience designing, implementing, and maintaining enterprise security architecture.
- Strong understanding of security frameworks (e.g., NIST, ISO 27001, HITRUST) and regulatory standards (e.g., HIPAA).
SAN-TT1415098_1745446762