Director, Cyber Security Operations

Mosaic Health is a national care delivery platform focused on expanding access to comprehensive primary care for consumers with coverage across Commercial, Individual Exchange, Medicare, and Medicaid health plans. The Business Units which comprise Mosaic Health are multi-payer and serve nearly one million consumers across 19 states, providing them with access to high quality primary care, integrated care teams, personalized navigation, expanded digital access, and specialized services for higher-need populations. Through Mosaic Health, health plans and employers have an even stronger care provider partner that delivers affordability and superior experiences for their members and employees, including value-based primary care capacity integrated with digital patient engagement and navigation. Each of the companies within Mosaic Health provide unique offerings that together promise to improve individuals' health and wellbeing, while helping care providers deliver higher quality care. For more information, please visit www.mosaichealth.com

The Director of Cyber Security Operations is responsible for overseeing all aspects of security operations including security technology design, solution implementation, and management of the process, procedures
to ensure consistent security practices. This role involves leading a team of cyber security managers, architects, engineers, administrators, and incident response to ensure the protection of information systems and data.
This role will develop strategies to safeguard against cyber threats, ensure compliance with security policies, and maintain the overall integrity of the organization's cyber security posture.

Responsibilities
• Formulate and implement a comprehensive cyber security strategy that aligns with the overarching
goals and objectives of the organization.
• Design, implement, and enhance security strategies that bolster the efficiency of systems and data assets in compliance with healthcare regulations, including HIPAA and related laws.
• Ensure strict compliance with pertinent cyber security regulations, standards, and frameworks, including HIPAA, NIST Cybersecurity Framework (CSF), ISO 27001, Zero Trust architecture principles, and OWASP guidelines.
• Plan and oversee the deployment of enterprise-level security solutions, leveraging both internal resources and external service providers to achieve optimal security outcomes.
• Assess and integrate advanced cyber security technologies and tools that elevate Mosaic Health's
security capabilities in a rapidly changing threat landscape.
• Spearhead the selection and implementation of state-of-the-art cyber security technologies, including
AI-driven security analytics, threat intelligence platforms, and automated incident response systems, to enhance proactive defense mechanisms.
• Create and implement robust policies, standards, and procedures grounded in established security frameworks to strengthen the organization's security posture.
• Establish and enforce security standards and best practices across network and system security to safeguard organizational assets effectively.
• Direct the SOC to ensure continuous, 24/7 monitoring and analysis of security events, facilitating timely and effective incident response.
• Develop and execute proactive threat hunting strategies aimed at identifying and neutralizing potential threats before they materialize.
• Manage the SOC by integrating threat intelligence, prevention and detection engineering, security operations, and data security functions, ensuring effective monitoring, detection, and resolution of security incidents.
• Collaborate with cross-functional teams, including IT, development, and business units, to ensure that security considerations are thoroughly integrated into all organizational processes.
• Support the formulation of cyber security policies, procedures, and standards to ensure alignment with industry regulations and adherence to security best practices.
• Manage vulnerability scans, penetration tests, and security investigations to effectively identify and mitigate threats and risks to the organization.
• Lead the cyber security incident response team in the investigation, containment, and resolution of security incidents to minimize impact and restore operations.
• Conduct comprehensive post-incident analyses to evaluate the response to security events, implementing lessons learned to strengthen the overall security posture.
• Develop and conduct security tabletop exercises to improve the security response process, ensuring the team is well-prepared to handle potential incidents effectively.
• Establish and track key performance indicators (KPIs) to measure the effectiveness of incident response activities, vulnerability management, threat intelligence, and compliance efforts.
• Perform thorough assessments to identify security gaps and vulnerabilities, providing actionable recommendations for enhancements to the existing security framework.
• Prepare and present detailed reports on security status, risks, and recommendations to senior leadership and relevant stakeholders to facilitate informed decision-making.
• Stay abreast of emerging cyber security threats, trends, and technologies, continuously enhancing the organization's security posture and ensuring resilience against evolving risks.
• Provide leadership, mentorship, and professional development opportunities for the cyber security team to foster growth and maintain a high level of expertise within the department.
• Demonstrate excellent guest service to internal team members and patients.
• Perform other related duties as assigned.

Qualifications
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field; a master's degree is preferred.
• Certifications: Certified Information Systems Security Professional (CISSP), Certified Protection Professional (CPP), Certified Information Security Manager (CISM), or Certified Information Privacy Professional (CIPP) are highly desirable.
• 10+ years of comprehensive experience in cybersecurity operations, with at least 5 years in leadership capacity.
• A proven track record of innovation and driving continuous improvement initiatives within cybersecurity and enterprise environments.
• Significant expertise in Security Operations Center (SOC) operations, threat hunting, incident investigation, endpoint protection, security frameworks, managing external Managed Detection and Response (MDR) partners, cloud security, and strategic planning.
• Experience handling cybersecurity insider threats, incident response, and security investigations effectively.
• Strong foundational knowledge of cybersecurity principles, practices, and technologies.
• Proficient with various security tools and technologies, including Security Information and Event Management (SIEM), identity and access management systems, endpoint protection solutions, application security protocols, data security measures, and cloud security environments.
• Demonstrated success in managing and leading a team of cybersecurity professionals, fostering growth and collaboration.
• Proven experience with identity and access management (IAM), encompassing Multi-Factor Authentication (MFA) and Single Sign-On (SSO) solutions.
• Excellent analytical, problem-solving, and decision-making skills.
• Strong communication and interpersonal abilities, enabling effective collaboration with stakeholders at all organizational levels.
• Ability to work independently in a fast-paced, cross-functional environment.

Physical Demands
• Sedentary work. Exerting up to 10 pounds of force occasionally and/or negligible amount of force frequently or constantly to lift, carry, push, pull, or otherwise move objects. Repetitive motion. Substantial movements (motions) of the wrists, hands, and/or fingers. The worker must have close visual acuity to perform an activity such as: preparing and analyzing data and figures; transcribing;
viewing a computer terminal; extensive reading. Ability to lift to 15 lbs. independently not to exceed 50 lbs. without help.

Equal Employment Opportunity
• MPG is committed to equal employment opportunities. We will not discriminate against employees or applicants for employment in employment opportunities or practices based on race, color, sex (including pregnancy), genetic information, sexual orientation, religion, physical or mental disability, age, military or veteran status, marital status, familial status, national origin, or any other legally protected class.
• Equal opportunity applies to all areas of the employment relationship, including hiring, promotions, training, terminations, working conditions, pay, and other terms and conditions of employment.
• Millennium Physician Group (MPG) is committed to the full inclusion of all qualified individuals. In keeping with our commitment, MPG will take steps to assure that people with disabilities are provided reasonable accommodations. Accordingly, if reasonable accommodation is required to fully participate in the job application or interview process, to perform the essential functions of the
position, and/or to receive all other benefits and privileges of employment, contact
HRbenefits@mpgus.com.