Director of Cybersecurity

Job Description

Job Description

MaxHealth is looking for a Director of Cybersecurity to lead enterprise security operations across our clinical and corporate environments. Reporting to the VP IT, this role will drive our cybersecurity strategy, safeguard patient information, lead cyber defense operations, and shape the future of security across our expanding footprint.

As a key security leader, the Director acts as the primary operational advisor to the Sr. Leadership, ensuring that cybersecurity decisions, budgets, and roadmaps align with enterprise risk and support business outcomes.

Location- Hybrid- Must reside in FL with flexibility to work in person in the greater Tampa area with team as needed.

Responsibilities-

• Develop and execute a comprehensive cybersecurity strategy aligned to healthcare regulations, enterprise risk, and organizational goals.
• Lead multi-year cybersecurity roadmap planning, including budgets, staffing, and investment priorities.
• Serve as a primary security advisor to executive leadership, communicating risk in business terms and influencing strategic decisions.
• Approve security architecture decisions and ensure secure design principles across cloud, identity, clinical systems, and vendor technologies.
• Oversee threat monitoring, incident response, and forensic investigations while ensuring proper escalation and collaboration with Compliance, Privacy, and Legal.
• Maintain incident response procedures, reporting workflows, and post-incident corrective action programs.
• Own and enforce cybersecurity policies, standards, and technical control frameworks across the enterprise.
• Lead risk assessments, vulnerability remediation priorities, and measurable improvements in risk reduction.
• Ensure implementation of appropriate safeguards for PHI/PII in partnership with Compliance and Privacy teams.
• Govern identity and access management (IAM), including privileged access, authentication, and access lifecycle processes.
• Ensure protection mechanisms such as encryption, secure configuration, endpoint security, logging, monitoring, and data loss prevention are effectively maintained.
• Conduct security due diligence for vendors and third-party services, including business associates with PHI access.
• Partner with Compliance and Legal on Business Associate Agreements (BAAs) and contract security requirements.
• Lead organization-wide cybersecurity awareness programs and executive education sessions.
• Build a strong security culture by driving shared accountability across technology, business operations, and clinical teams.
• Hire, develop, and mentor cybersecurity personnel; manage performance, workload, and succession planning
• Ensure coordinated response activities, timely escalation, and measurable remediation following security incidents and regulatory reviews

Qualifications-

• Master's degree in cybersecurity, information security, IT, or related field; or equivalent professional leadership experience.
• Professional certifications: CISSP-ISSMP, CISM, CRISC, HCISPP, or CCISO
• 8+ years of progressive cybersecurity leadership experience in security operations, risk management, or security governance.
• 3+ years directly managing cybersecurity teams, including hiring, coaching, and performance accountability.
• Direct cybersecurity experience in a healthcare organization (provider, payer, clinical SaaS, or other PHI-regulated environment).
• Proven leadership protecting systems that handle PHI or regulated clinical data, including incident containment and remediation oversight.
• Demonstrated experience governing cybersecurity programs aligned to HIPAA Security Rule safeguards and frameworks such as NIST CSF, NIST RMF, or ISO 27001.
• Oversight responsibility for enterprise security controls such as IAM/PAM, SIEM/EDR, cloud security, encryption, data protection, secure configuration, logging, and DLP.
• Experience overseeing third-party cybersecurity risk, including BAAs and contractual safeguards for PHI access.
• Ability to clearly communicate technical risk, business impact, and mitigation strategies to executives, clinicians, and operational leaders.
• Leadership experience securing high-risk healthcare systems such as EHRs, clinical IoT/medical devices, and PHI-processing SaaS platforms.
• Experience overseeing cloud-security architectures (e.g., identity-first design, Zero Trust, CASB/DLP strategy).
• Familiarity with modern enterprise security operations, including SIEM, EDR/XDR, threat analytics, and forensic investigation practices.
• Experience governing cybersecurity for multi-site clinical environments or distributed workforce models.

MaxHealth is dedicated to simplifying healthcare and ensuring healthier futures. Founded in 2015, MaxHealth is a leading primary care platform focused on providing high-quality, integrated care to adults and senior patients throughout Florida. We provide care for more than 120,000 patients, most of which are beneficiaries of government-sponsored healthcare programs like Medicare, or of health plans purchased on the Affordable Care Act exchange marketplace. MaxHealth is a rapidly growing medical practice with more than 50 clinics spread across central and southern Florida. MaxHealth also partners with independent providers who are like-minded and utilizes its platform to help them provide high-quality care. We are customer-centered; compassionate; results-driven; proactive; collaborative; and adaptable in executing our vision to help patients live their best lives. Our mission is to deliver quality care, a simplified experience, and happiness. One patient at a time.

#IND123

Job Posted by ApplicantPro