Executive Director Cybersecurity

Job Summary

The role involves leading and managing cybersecurity initiatives within a healthcare IT environment, experience in healthcare IT leadership, software development, and cybersecurity management. Requires expertise in mitigating cybersecurity incidents, ensuring compliance with healthcare regulations such as HIPAA, HITECH, and FDA guidelines, and securing IT systems, medical devices, and cloud environments. Responsibilities include designing and implementing enterprise security solutions, conducting risk assessments, managing disaster recovery plans, and leading forensic investigations into breaches. The role also emphasizes collaboration with executive leadership, external partners, and regulatory bodies to strengthen cybersecurity posture, while mentoring teams and driving operational excellence. Strong communication skills, technical knowledge, and the ability to adapt under pressure are essential for success in this position.

Job Specific Duties

• Design, implement, manage, and support appropriate solutions for enterprise security infrastructure, including host-based and appliance firewalls, intrusion detection/prevention systems, virtual private networks, vulnerability scanning systems, penetration testing, and forensics analysis.
• Research and develop security procedures and guidelines in support of security policy, including topics such as data classification, system configuration, malware protection, access control, encryption, risk assessment, and disaster recovery.
• Identify, assess, and prioritize cybersecurity risks across healthcare systems, including electronic health records (EHRs), medical devices, and IT infrastructure. Develop and implement risk mitigation strategies to protect sensitive patient data and critical healthcare operations.
• Serve as the key liaison for the IT department and leadership on matters related to technology and IT security.
• Provide regular updates to executive leadership and the board on cybersecurity risks, initiatives, and outcomes. Present metrics and reports that demonstrate the effectiveness of cybersecurity programs.
• Lead forensic investigations into cybersecurity incidents to identify root causes and ensure compliance with healthcare regulations.
• Develop and maintain disaster recovery and business continuity plans to minimize disruptions during cybersecurity incidents. Test and update plans regularly to ensure effectiveness. Direct compliance to IT Service Management/Information Technology Infrastructure Library (ITIL/ITSM) methodologies.
• Direct and manage internal control oversight and compliance with laws and regulations, safeguarding of assets, and compliance with NCHS policies and procedures.
• Continuously evaluate the effectiveness of cybersecurity programs and tools. Implement improvements based on performance metrics, audits, and feedback.
• Conduct risk and security assessments and direct and manage the response to and mitigation of identified issues.
• Work closely with the offices of the General Counsel and Compliance to provide technical assistance and review for operations, investigation, and organization education related to information security.
• Collaborate with external partners, government agencies, and industry groups to strengthen the organization's cybersecurity posture. Participate in healthcare cybersecurity forums and initiatives.
• Direct the access and identity management operations.

Minimum Job Requirements

• Bachelor's Degree in Information Technology, Business, Healthcare, related field (OR) 8-10 years of IT experience
• More than 10 years of experience in Healthcare IT leadership
• More than 10 years of experience in software programming and development
• 4-7 years of experience in IT security
• 4-7 years of experience in managing and mitigating cybersecurity incidents in a healthcare organization

Knowledge, Skills, and Abilities

• In-depth knowledge and understanding of Cybersecurity practices and how they apply to healthcare delivery operations.
• Deep understanding of healthcare-specific regulations such as HIPAA, HITECH, FDA cybersecurity guidelines, and other data privacy standards.
• Strong written and verbal communication skills to convey technical concepts to non-technical stakeholders, including clinicians and executives.
• Broad base of technical knowledge in IT systems including operating systems, telecommunications, client/server networks, system design and implementation, desktop computing and emerging technology trends, and issues.
• Industry-recognized certifications validate expertise in cybersecurity management and technical domains, especially in healthcare.
• Ability to lead incident response efforts, manage breaches, and ensure business continuity during crises in healthcare settings.
• Expertise in managing complex cybersecurity projects, ensuring timely delivery and alignment with healthcare priorities.
• Ability to analyze emerging threats, vulnerabilities, and attack vectors specific to healthcare systems.
• Knowledge of securing connected medical devices (IoMT) and ensuring compliance with FDA cybersecurity guidelines.
• Knowledge of securing cloud environments used for healthcare applications, including SaaS, PaaS, and IaaS platforms.
• Experience in evaluating and managing risks associated with third-party vendors, especially those handling healthcare data.
• Ability to develop and enforce cybersecurity policies, standards, and procedures tailored to healthcare operations.
• Capacity to build, train, and mentor cybersecurity teams to enhance organizational capabilities in healthcare.
• Expertise in digital forensics tools to investigate breaches and ensure compliance with healthcare regulations.
• Expertise in duplicative forensics tools (e.g., EnCase) to investigate breaches and ensure compliance with healthcare regulations.
• Ability to interpret, adapt to, and react calmly under stressful conditions.
• Ability to relate cooperatively and constructively with customers and peers.
• Effectively monitor and develop the abilities of subordinates.
• Ability to use logical and analytical thinking to interpret technical data and solve a broad range of problems.
• Ability to collect and interpret data related to program operating and financial performance.