Cyber Security Manager

Job Description

Job Description

Founded in 2007 as America's first dental partnership organization, MB2 Dental has grown to 850+ partner practice locations nationwide. At that scale, protecting patient data is not a back-office concern. It is a core operational and legal responsibility that touches every part of the organization.

We are looking for a Cybersecurity Manager who is ready to own this function. The right person brings technical depth, leadership capability, and the drive to build a security program in a complex, fast-moving healthcare environment. This role requires someone who can operate strategically and execute hands-on without hesitation.

This is not a policy-writing role. MB2 Dental's IT leaders are builders and doers, and we expect the same here. You will own the security function, lead and develop the security team, and personally execute: building controls, responding to incidents, administering platforms, and driving the program forward.

We are pleased to offer a competitive compensation package that includes medical/dental/vision/life insurance, long- and short-term disability, PTO, paid holidays, traditional and Roth 401(k) options, and more.

How We Work: Hands-On by Design
At MB2 Dental, our IT leaders do not just direct the work. They are in it. That is a deliberate part of our culture and something we take pride in. This role is built the same way.

In practice, that means the Cybersecurity Manager is working alongside the team: administering security platforms, personally investigating and responding to incidents, building and configuring controls, and maturing the SIEM program. Third-party risk reviews, vendor access assessments, and daily team direction all live here, too.

This is also a leadership role with real influence. The team looks to this person for guidance, mentorship, and escalation support. We want someone who brings out the best in the people around them while staying deeply connected to the technical work. That balance is what makes this role meaningful.

If that sounds like the kind of environment where you do your best work, we would like to meet you.

What You'll Own:
Security Team Leadership:

• Lead, mentor, and develop MB2 Dental's cybersecurity team alongside your own hands-on technical work.
• Set daily direction, handle escalations, and hold the team accountable to standards and timelines.
• Serve as the primary security voice to IT and compliance leadership, translating technical risk into clear business terms.
• Own the security program roadmap and drive prioritized execution.
• Build reporting that gives leadership accurate, actionable visibility into security posture.

Endpoint Security and EDR Administration:

• Administer our endpoint detection and response (EDR) platform across the organization.
• Lead incident response end-to-end: detection, investigation, containment, remediation, and post-incident review.
• Tune detection policies, improve alert quality, and develop and maintain response playbooks.
• Drive continuous improvement of managed endpoint coverage and detection capability across the organization.

Microsoft 365 Security and Hardening:

• Own security configuration and hardening across the Microsoft 365 environment.
• Implement and mature data loss prevention (DLP) policies covering PHI, PII, and sensitive financial data.
• Build and enforce a data classification and sensitivity label taxonomy aligned to HIPAA requirements.
• Harden email security: DMARC, DKIM, SPF, anti-phishing, safe links, and safe attachments.
• Manage identity security controls, Conditional Access policies, and tenant-wide governance.

AI Security Governance:

• Establish, refine, and enforce controls governing MB2 Dental's use of AI tools across the organization.
• Manage approved AI tool configurations, data access scope, and acceptable use policy enforcement.
• Identify and remediate shadow AI risk: unauthorized tools, unsanctioned integrations, and PHI/PII exposure.
• Evaluate new AI tools and third-party connectors for security and HIPAA compliance before deployment.
• Keep AI governance current as the regulatory and technology landscape continues to evolve.

SIEM and Security Operations:

• Own hands-on administration and continued maturation of MB2 Dental’s SIEM platform.
• Define and build log ingestion, detection rules, alerting, and correlation logic.
• Create dashboards and reporting that give leadership real visibility into security events.
• Continuously refine detection logic and response playbooks as the platform matures.

Third-Party and Vendor Security Oversight:

• Define, enforce, and audit security standards for third-party technology partners and vendors.
• Review and govern external access to MB2 Dental systems and data, including BAA compliance.
• Build and maintain a vendor security review process for onboarding new technology providers.
• Identify and drive remediation of vendor-introduced risk across the organization.

Network Security and HIPAA Compliance:

• Assess network security posture across the organization and prioritize hardening opportunities.
• Guide firewall configuration, segmentation standards, and access control policy.
• Support DNS filtering, threat intelligence integration, and network visibility initiatives.
• Own HIPAA security compliance: risk assessments, audit preparation, BAA management, and control evidence.

What You Bring:

Required:

• 4+ years of cybersecurity experience with a strong hands-on technical foundation. You have not left the work behind.
• Experience leading or mentoring a security team or function, formally or informally.
• Direct EDR/XDR platform ownership: real policy management, real alert triage, real incident response.
• Strong working knowledge of Microsoft 365 security and compliance tooling.
• Experience building and managing DLP policies and data classification frameworks.
• Strong understanding of email security: DMARC, DKIM, SPF, and Exchange Online hardening.
• Experience managing security in a complex, multi-site, or distributed environment.
• Working knowledge of HIPAA requirements, BAA obligations, and PHI/PII risk management.
• Comfortable doing the work and directing others at the same time - This is not an either/or role.

Preferred:

• Hands-on SIEM experience: implementation or operational ownership of Sentinel, Splunk, or similar.
• Background in AI security governance: shadow AI detection, approved tool management, DLP for AI tools.
• Experience building vendor and third-party security oversight programs.
• Hands-on experience with Microsoft 365 compliance and data governance tooling.
• Security certifications: CISSP, CISM, SC-200, AZ-500, CompTIA Security+, or equivalent.
• Dental, healthcare, or other HIPAA-regulated industry experience.

The Opportunity:

This role has real scope and real authority. You will own MB2 Dental's security function across a large, complex healthcare organization with significant responsibility for PHI and PII. You will have direct access to IT and compliance leadership, executive support, and the latitude to shape the program as it grows.

MB2 Dental's IT culture is collaborative and fast-moving, with less bureaucracy and more opportunity to do meaningful work. We invest in our people through continuous learning and access to training resources. If you want to build something you are proud of inside an organization that is growing and investing in the right things, this is that opportunity.

What the First 90 Days Look Like:
Days 1–30: Learn the Landscape:

• Get fully oriented on the environment, team, tooling, and current security posture.
• Assume hands-on ownership of EDR administration and incident response.
• Complete an M365 security review and SIEM maturity assessment to establish your baseline.

Days 31–60: Sharpen the Program:

• Deliver a prioritized M365 hardening roadmap based on your assessment findings.
• Review the existing sensitivity label framework and recommend enhancements.
• Conduct a third-party vendor access review and validate current controls.

Days 61–90: Accelerate and Align:

• Advance Purview DLP policies toward broader enforcement across the highest-risk PHI and PII data types.
• Deliver a 6-month security roadmap that builds on existing investments with sequenced priorities and recommendations.

Who You'll Work With:

You will report directly to the VP of Information Technology and work closely with the Chief Compliance and Information Officer on HIPAA compliance, BAA obligations, and data governance. You will lead the cybersecurity team day to day and collaborate with IT Infrastructure, IT Service Desk, and field IT staff across the MB2 Dental network.

MB2 Dental is an equal opportunity employer.