• Provide technical leadership to write/review/enhance security policies, standards, methods and/or procedures.
• Lead teams to test and govern Cybersecurity controls and their enforcement at M Health Fairview. Make recommendations and lead response teams to deploy necessary controls and address identified gaps
• Lead tactical and strategic teams to define, collect, analyze and prioritize security requirements based on evolving technical and security needs for the company, indicators of compromise, indicators of anomalous behavior and/or external threat indicators
• Build and enhance security threat models for specific applications and technology areas considering risk, policy, compliance needs.
• Participate in industry forums and relevant technical briefings to understand advancements in Cybersecurity and Risk Management areas, compliance, governance and business continuity management capabilities.
• Apply understanding of various domains of security including authentication, authorization, network security, data, system device and Operating Systems, coding principles, development methodologies, web/mobile applications, use of public and private networks, devices and applications hosted in public/private/hybrid cloud environments
• Analyze risk and prioritization of vulnerability remediation using MITRE ATT&CK within the greater context of assets and the control stack
• Lead collaboration work with vendors, health and business partners to ensure security remediation milestones are being met
• Lead technical and risk management groups to identify and remediate gaps including tool/technology deficiencies or develop compensating control measures
• Lead Red/Blue/Purple teams as needed to test security controls and help improve security posture of M Health Fairview.
• Assist in design, implement, maintain and support current and future complex information security technologies, processes and procedures. Lead the design and development of security controls that ensure the safety of information assets and protect from unauthorized access or intentional destruction.
• May lead complex projects related to security regulatory compliance and the implementation and maintenance of all cybersecurity programs, processes and technologies. Assure the implementation of appropriate security configurations or re-configurations and work with appropriate teams to execute them as required.
• Foster a culture of improvement, efficiency gains and innovative thinking. Coach and mentor team members as needed. Adapt and embrace change and demonstrate flexibility in taking up and fulfilling other duties as assigned.

Education

• 
  Bachelor’s degree in Technology, Liberal Arts, Engineering or related disciplines or combination of relevant experience/education.

Experience

• 10+ years of cumulative experience in engineering, development and/or support of IT Systems
• 5+ years of experience in two or more areas of IT Security Risk and Compliance management areas - Risk Management, Disaster Recovery, BCP, Governance, Audit, Security Operations, Policy & Awareness, Security Training & Threat modeling
• Excellent understanding of fundamentals of IT systems, frameworks, development methodologies, network, firewalls, communication layers, devices/end points, computing environment
• Deeper understanding of Threats, Vulnerabilities, Risk, Cybersecurity frameworks, policies and Cybersecurity standards
• Understanding of Web Applications, software security, security frameworks
• Ability to thrive in a sense-of-urgency environment and leverage best practices

• 
  Excellent ability to effectively communicate both verbally and written with all levels within the organization
• Ability to visually represent technical, logical and system interaction concepts and adjust messaging based on the audience, including non-technical groups
• Expertise in use of visual representation tools such as MS Visio Pro, PowerPoint
• Ability to influence through outstanding interpersonal skills, collaboration, and negotiation skills
• Ability to work well within a team environment, as well as independently

Experience

• Bachelor’s degree or higher in Computer Science, Computer Engineering, Digital Forensics, Cybersecurity and/or related technical discipline.

Experience

• Ability to author and edit scripts such as PowerShell, Python and exposure to or knowledge of REST API and JSON batching and workflow automation

License/Certification/Registration

• Industry specific certifications – Security+, CISSP, CISM, CISA etc