Senior Manager, Cybersecurity

In this role, you will serve as the Senior Manager, Cybersecurity & Information Security an individual-contributor-oriented program leader who partners closely with the SVP, Technology. You’ll lead the cybersecurity program (strategy through execution), collaborate deeply across IT operations, infrastructure, product development, software/dev teams, data analytics and clinic-IT operations, and also support the privacy program (in collaboration with Legal/Compliance). You’ll remain hands-on with technical controls, incident response and vendor/third-party security operations, while also aligning with broader business and regulatory risk imperatives.

This role reports to the SVP, Technology, and is a core partner to them in defining and delivering our security and privacy goals.

Develop, own and execute the cybersecurity/information-security program strategy — aligned with business objectives, risk appetite and regulatory/privacy landscape.
Identify, assess and prioritize cybersecurity and privacy risks (technical, process, third-party/supply-chain, analytics, clinic IT) and drive mitigation/remediation plans.
Perform or oversee vulnerability assessments, penetration testing, threat-hunting, monitoring (SIEM/EDR), incident detection & response, forensics as required.
Work closely with IT operations/infrastructure to ensure secure configuration, patching, network segmentation, identity & access management (IAM), endpoint protection, cloud security controls, logging/monitoring, business continuity/disaster recovery.
Collaborate with product, software development and data analytics teams to embed security and privacy controls: code reviews, secure APIs, data protection/encryption, access controls, analytics platform security.
Partner with clinic IT operations (medical systems, EHR/EMR, medical devices, remote/clinic networks) to ensure cybersecurity controls in a clinical/health-care environment: endpoint protection, identity management, network security, data protection, regulatory compliance with patient-data implications.
Support the privacy program in collaboration with Legal/Compliance: implement data-privacy policies & procedures, perform privacy impact assessments (PIAs)/data protection impact assessments (DPIAs), manage data-subject rights, cross-border data flows, privacy-by-design integration in technology/business processes.
drive post-incident review/lessons learned.
Develop and maintain security and privacy policies, standards and procedures (e.g., aligned with frameworks such as NIST CSF, ISO 27001/2) and foster a culture of security & privacy awareness across the organization.
Provide regular reporting to senior leadership (including the SVP, Technology) on security/privacy metrics, risk posture, incident status, vendor/third-party security performance and program maturity.
Stay current on cybersecurity threats, vendor/supply-chain risk trends, privacy/regulatory changes and emerging technologies; propose improvements, tools or architectural enhancements.
Mentor and guide junior security analysts/engineers or vendor teams (especially if role grows) and contribute to building our security/privacy capability and maturity.

Demonstrated experience implementing security controls, managing risk, incident response and working across infrastructure, application and data domains.
Technical proficiency with security tools/technologies: firewalls, IDS/IPS, endpoint detection & response (EDR), SIEM, vulnerability scanning/penetration testing, cloud security (AWS/Azure/GCP), IAM, encryption/data protection, network segmentation, secure SDLC practices.
Strong understanding of regulatory/compliance requirements applicable to healthcare/clinical settings (patient data protection, medical device networks, clinic IT environment) and privacy regulations (e.g., Strategic mindset: ability to engage senior leadership, articulate cybersecurity, privacy and vendor/third-party risk in business terms; treat security & privacy as enablers not blockers.
Excellent communication skills (technical and non-technical audiences), ability to operate in a collaborative, fast-paced environment and influence without direct authority.
Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, Information Assurance or related field (Master’s preferred but not required).
Approximately 5-8+ years of experience in cybersecurity/information security — including hands-on technical work.
Experience in healthcare or a regulated environment, product/SaaS development, data/analytics-driven business and clinic/health-IT operations strongly preferred.