Director Information Security Operations

Position SummaryReporting to the VP, Chief Information Security Officer, the Director of Information Security Operations to lead and mature enterprise-wide cybersecurity operations for one of the largest not-for-profit healthcare systems in the United States.This role is responsible for overseeing day-to-day security operations while driving continued maturity, automation, and resilience across a hybrid security operations model that includes internal teams and a 24x7x365 outsourced MSSP. The Director will lead a highly visible function focused on threat detection, incident response readiness, SOC performance, and protection of clinical, enterprise, cloud, endpoint, and medical device environments.The ideal candidate is a hands-on, technically strong leader who can operate calmly during major incidents, build and mentor high-performing teams, and communicate complex security topics clearly to executives and business leaders.Key ResponsibilitiesSecurity Operations LeadershipLead and develop an internal Security Operations team of approximately 8 professionals, including multiple people managers.Provide strategic and operational oversight of a 24x7x365 outsourced MSSP SOC, including both onshore and offshore components.Establish clear accountability for MSSP performance through well‑defined SLAs, KPIs, and continuous service improvement metrics.Serve as a senior escalation point for major security incidents and lead coordinated enterprise response efforts.SOC, Detection, and ResponseOversee hybrid SOC operations across internal and vendor‑managed environments.Ensure comprehensive log ingestion, validation, and monitoring coverage across endpoints, cloud platforms, enterprise systems, and medical devices.Lead development and continuous improvement of detection use cases, alert triage processes, and response workflows.Drive the creation, testing, and maintenance of playbooks and runbooks aligned to real‑world healthcare threats.Ensure incident response readiness through regular tabletop exercises and cross‑functional coordination.Own the enterprise Vulnerability Management program from a Security Operations perspective, including vulnerability discovery, prioritization, tracking, and remediation oversight.Provide operational oversight for network security monitoring and response, including firewall telemetry, IDS/IPS, network detection and response, and segmentation controls.Automation and MaturityDrive automation initiatives using best‑in‑class SIEM, SOAR, and AI‑enabled security operations technologies.Reduce mean time to detect and respond through orchestration, automated containment, and response workflows.Continuously mature the security operations program to address emerging threats, evolving attack techniques, and changes in the healthcare threat landscape.Technical OversightProvide operational leadership for: Endpoint Detection and Response and XDR, Email security, Cloud security operations, Desktop security, OT and medical device security, Vulnerability Management, and Network Security.Partner with MSSP, infrastructure, and application teams to ensure security telemetry and controls are correctly implemented and monitored.Cross-Functional and Executive EngagementAct as a trusted security partner to Legal, Risk, Compliance, Privacy, Internal Audit, and executive leadership.Translate technical security risks into clear business and patient safety impacts for non‑technical stakeholders.Support regulatory, audit, and compliance activities related to security operations and incident response.Engage with vendors and service providers to ensure alignment with organizational security objectives.Preferred QualificationsProven leadership experience in enterprise security operations, including direct management of people managers.Demonstrated experience managing both internal SOC teams and outsourced MSSP SOC providers.Strong hands‑on experience with modern SIEM, SOAR, EDR, XDR, and email security platforms.Deep understanding of incident response, threat detection, and security operations processes.Ability to lead during high‑pressure incidents with sound judgment and clear communication.Strong executive communication skills with the ability to explain technical issues in business terms.Healthcare security experience strongly preferred.Experience with: HIPAA, HITECH, NIST CSF 2.0, HITRUST, Medical device and OT security.Experience supporting regulated clinical and patient care environments.Certifications: CISSP and or CISM strongly preferred.Work ExpectationsRemote‑friendly role with periodic onsite engagement.Availability to support major security incidents outside normal business hours when required.Occasional travel for leadership meetings, vendor engagements, and operational needs.What Success Looks LikeA well‑run, accountable SOC with measurable improvements in detection and response.A productive partnership with MSSP providers that delivers value, not noise.Increased automation and reduced manual effort across security operations.A confident, engaged security operations team with clear direction and mentorship.Executive leadership that trusts the security operations function during critical events.Minimum RequirementsBachelor?s Degree or 4 years of work experience above the minimum qualification5 years of experience #J-18808-Ljbffr