Job description

MaxHealth is seeking an experienced and proactive Manager of Cybersecurity to lead and evolve our cybersecurity operations. This role is accountable for safeguarding our multi-site clinical and administrative environment, including EHR (eClinicalWorks), Salesforce-based platforms, Microsoft 365, Azure cloud services, and integrated third-party SaaS systems. You will oversee a small team responsible for monitoring, incident response, vulnerability management, threat detection, and security platform administration. The ideal candidate brings a balance of hands-on technical experience, leadership acumen, and healthcare security awareness, including HIPAA, NIST CSF, and HITRUST-aligned practices. This position earns a competitive wage , depending on experience. We provide fantastic benefits, including health benefits, a 401k plan, life insurance, long-term disability, paid holidays, and PTO (paid time off)! Location- Flexible- Must Reside in FL to be Considered for this Position Minimum Qualifications- • Bachelor's degree in Cybersecurity, Information Systems, or equivalent experience. • 8+ years in IT, with 5+ years focused on cybersecurity operations and tools. • 3+ years in a formal people leadership role. • Experience implementing NIST RMF and NIST CSF 2.0, including Govern function. • Hands-on in CI/CD security: SAST, DAST, SCA, NIST SSDF. • Familiarity with AI governance frameworks: model cards, risk assessments, fairness testing. • Experience in app security, secure SDLC, pen testing, and application vulnerability remediation. • Deep expertise in Microsoft 365 Security, Entra ID, Intune, Defender suite, and Azure infrastructure security. • Experience managing incident response workflows, threat hunting, and security automation. • Familiarity with PHI/PII handling, HIPAA, NIST, CIS benchmarks, and modern EDR/XDR systems. • Strong written and verbal communication skills • Strong ability to explain risks and controls to non-technical stakeholders. Preferred Qualifications- • Relevant certifications such as CISSP, GIAC, Microsoft Security Engineer, or CRISC. • Experience in healthcare, SaaS platforms (Salesforce, ECW), and cloud-native threat detection. • Experience with PowerShell, KQL, and log correlation techniques. • Exposure to Microsoft Defender for IoT, Patch My PC, and automated patch governance. • Knowledge of CASB tools, preferably Microsoft Defender for Cloud Apps. Key Responsibilities Strategic & Operational Leadership • Direct a small team of cybersecurity analysts and engineers responsible for real-time threat monitoring, log analysis, incident response, and security tool tuning. • Policy & Governance Management - Develop, implement, and refine cybersecurity policies, standards, and guidelines (covering cloud, SaaS, EHR, AI systems), ensuring alignment with NIST CSF, RMF, HIPAA, and ISO 27001 • Risk Framework Oversight - Lead enterprise risk assessments, vendor risk reviews, and continuous risk monitoring using NIST RMF and AI-specific risk frameworks such as NIST AI RMF • Drive the maturity and scalability of the cybersecurity program, aligning with NIST CSF, HIPAA, and internal ITIL processes. • Lead development of threat detection use-cases, MITRE ATT&CK-aligned response playbooks, and vulnerability remediation plans. • Oversee the integration of Microsoft Sentinel, Defender XDR suite, Entra ID, and other critical toolsets. • Define metrics to track response performance, remediation timelines, and overall risk posture. • Drive cross-functional oversight of AI-enabled systems, ensuring regulated use, ethical standards, and compliance with HIPAA and AI-specific laws • Develop security metrics and GRC reporting for board review: CSPM, security posture, AI risk KPIs • Champion organizational security culture: regular policy updates, training, DevOps education, and enforcement Tool & Platform Ownership • Manage security operations across Microsoft Defender for Endpoint, Office 365, IoT, and Cloud Apps, Microsoft Sentinel, Intune, and Azure Security Center. • Govern identity and access controls via Entra ID (Azure AD), PIM, MFA, Conditional Access, and RBAC frameworks. • Collaborate on secure deployment pipelines with data engineering teams using GitHub Enterprise and Azure DevOps. • Administer Purview DLP, IRM, and data classification across Microsoft 365 and clinical systems. • Secure SDLC/DevSecOps - Embed NIST SSDF practices into CI/CD pipelines; integrate SAST, DAST, SCA tools, threat modeling into software development lifecycles • Application Security - Oversee application security including pen testing, code reviews, vulnerability scanning, and managing SAST/DAST/SCA Risk & Compliance Management • Partner with VP of IT & Compliance Officer to maintain HIPAA safeguards and support PHI-related incident investigations. • Own vulnerability lifecycle management including CVE analysis, Freshservice ticketing workflows, and remediation tracking through Domo dashboards. • Coordinate vendor risk reviews and ensure third-party services with PHI access maintain security baselines. • Enterprise Risk Program - Manage formal risk registers, ownership assignments, risk treatment strategies, and risk reporting cycles, in coordination with Compliance/Privacy teams • AI Governance & Safeguards - Establish AI governance framework • Maintain and enhance logs aggregation of access and activity across EHR, Salesforce, and critical infrastructure. MaxHealth is dedicated to simplifying healthcare and ensuring healthier futures. Founded in 2015, MaxHealth is a leading primary care platform focused on providing high-quality, integrated care to adults and senior patients throughout Florida. We provide care for more than 120,000 patients, most of which are beneficiaries of government-sponsored healthcare programs like Medicare, or of health plans purchased on the Affordable Care Act exchange marketplace. MaxHealth is a rapidly growing medical practice with more than 50 clinics spread across central and southern Florida. MaxHealth also partners with independent providers who are like-minded and utilizes its platform to help them provide high-quality care. We are customer-centered; compassionate; results-driven; proactive; collaborative; and adaptable in executing our vision to help patients live their best lives. Our mission is to deliver quality care, a simplified experience, and happiness. One patient at a time. #IND123

Requirements