Cyber Security Manager

The Cybersecurity Manager reports to the Chief Information Security Officer (CISO) and is responsible for leading the organization’s cybersecurity strategy and day-to-day operations. This role ensures the confidentiality, integrity, and availability of information assets, with a strong on protecting sensitive data, including PHI.

This leader sets the vision and direction for cybersecurity services, establishes and enforces security standards and policies, and oversees technical security initiatives across the enterprise. The Director of Cybersecurity manages budgets, vendors, and external partners, and leads an extended team of cybersecurity professionals, supporting performance management, career development, and workforce growth.

The role partners closely with IT, clinical technology, and business stakeholders to secure systems, manage risk, and ensure compliance with healthcare regulatory requirements, including HIPAA.

• Provide leadership and direction to cybersecurity teams, including Security Analysts, Incident Responders, and Compliance Specialists
• Act as a change agent to modernize cybersecurity culture, processes, and technologies
• Lead performance management, coaching, and career development for cybersecurity leaders and staff
• Champion workforce development, recruitment, retention, and adoption of innovative practices

• Oversee daily cybersecurity operations, including monitoring, detection, and incident response
• Lead and coordinate response efforts for security incidents and breaches
• Ensure compliance with HIPAA and other applicable regulations and security standards
• Lead technical cybersecurity implementation initiatives to meet organizational needs
• Continuously evaluate emerging threats, technologies, and industry trends to drive improvements

• Develop and maintain multi-year cybersecurity strategies, roadmaps, and tactical action plans
• Conduct proactive resource and capacity planning based on anticipated demand
• Define project milestones, deliverables, and timelines in partnership with senior leadership
• Ensure cybersecurity strategies align with overall IT and organizational objectives
• Manage relationships with cybersecurity vendors and external partners, ensuring performance and contractual compliance
• Develop and manage annual operating budgets and long-term capital plans for cybersecurity initiatives

• Monitor system and network performance to ensure availability, reliability, and scalability
• Oversee service management processes and performance of technology subcontractors

• Partner with IT, clinical technology, Legal, HR, and Privacy/Compliance teams to integrate cybersecurity services across the organization
• Build strong relationships with business leaders to identify risks, gaps, and improvement opportunities

• Design and deliver enterprise-wide security awareness and training programs to promote compliance and reduce risk

• Oversee cybersecurity risk assessments and controls related to third-party vendors, partners, and biomedical devices
• Develop, implement, and enforce cybersecurity policies, standards, and procedures
• Lead the design and implementation of secure architectures and infrastructure
• Oversee incident management and forensic investigations to identify root causes and prevent recurrence

• Develop and maintain cybersecurity components of business continuity and disaster recovery plans

• Local travel required
• Comply with organizational policies, procedures, safety standards, and required education
• Support quality improvement initiatives and perform other duties as assigned

• A combination of education and experience sufficient to perform the role is required
• Bachelor’s degree in Cybersecurity, Information Technology, or a related field preferred

• Minimum of 7 years of leadership experience in cybersecurity within a large, enterprise IT environment

• Valid Tennessee driver’s license with state-mandated minimum insurance coverage
• Driving record must meet organizational standards throughout employment