Manager, Security Operations & Governance

Join to apply for the Manager, Security Operations & Governance role at MaxHealth.

MaxHealth is seeking an experienced and proactive Manager of Cybersecurity to lead and evolve our cybersecurity operations. This role is responsible for safeguarding our multi-site clinical and administrative environment, including EHR (eClinicalWorks), Salesforce-based platforms, Microsoft 365, Azure cloud services, and integrated third-party SaaS systems. You will oversee a small team responsible for monitoring, incident response, vulnerability management, threat detection, and security platform administration.

The ideal candidate combines hands-on technical expertise, leadership skills, and healthcare security knowledge, including HIPAA, NIST CSF, and HITRUST-aligned practices.

This position offers a competitive salary, depending on experience, along with benefits such as health insurance, a 401k plan, life insurance, long-term disability, paid holidays, and PTO.

Location: Flexible - Must Reside in FL to be Considered

• Bachelor's degree in Cybersecurity, Information Systems, or equivalent experience.
• 8+ years in IT, with 5+ years focused on cybersecurity operations and tools.
• 3+ years in a leadership role.
• Experience with NIST RMF and NIST CSF 2.0, including Govern functions.
• Hands-on experience with CI/CD security: SAST, DAST, SCA, NIST SSDF.
• Familiarity with AI governance frameworks: model cards, risk assessments, fairness testing.
• Experience in application security, secure SDLC, pen testing, and vulnerability remediation.
• Deep expertise in Microsoft 365 Security, Entra ID, Intune, Defender suite, and Azure security.
• Experience managing incident response, threat hunting, and automation.
• Knowledge of PHI/PII handling, HIPAA, NIST, CIS benchmarks, and modern EDR/XDR systems.
• Strong communication skills and ability to explain risks to non-technical stakeholders.

• Certifications such as CISSP, GIAC, Microsoft Security Engineer, or CRISC.
• Healthcare, SaaS platforms, and cloud-native threat detection experience.
• Skills in PowerShell, KQL, and log correlation.
• Knowledge of Microsoft Defender for IoT, Patch My PC, and automated patch management.
• Familiarity with CASB tools, especially Microsoft Defender for Cloud Apps.

• Lead a team of cybersecurity analysts and engineers in threat monitoring, incident response, and security tuning.
• Develop and update cybersecurity policies and standards aligned with NIST CSF, RMF, HIPAA, ISO 27001.
• Oversee enterprise risk assessments, vendor reviews, and continuous risk monitoring.
• Enhance the cybersecurity program’s maturity and scalability.
• Create threat detection use-cases, response playbooks, and remediation plans.
• Manage integration of security tools like Microsoft Sentinel, Defender XDR, Entra ID.
• Define metrics for response performance, remediation, and risk posture.
• Ensure AI systems are used ethically and in compliance with regulations.
• Report on security metrics and KPIs for executive review.
• Promote security awareness through training and policy enforcement.

• Oversee security operations across Microsoft Defender, Sentinel, Intune, Azure Security Center.
• Manage identity and access controls with Entra ID, MFA, Conditional Access, RBAC.
• Coordinate secure deployment pipelines with data teams using GitHub and Azure DevOps.
• Administer data loss prevention, information rights management, and data classification.
• Embed security practices into software development pipelines, including threat modeling and vulnerability scanning.
• Manage application security including pen testing, code reviews, and vulnerability management.

• Collaborate with leadership to maintain HIPAA compliance and investigate PHI incidents.
• Manage vulnerability lifecycle, CVE analysis, and remediation tracking.
• Coordinate vendor risk assessments and ensure third-party security standards.
• Maintain enterprise risk registers and treatment strategies.
• Establish AI governance frameworks and safeguards.
• Aggregate logs and monitor activity across EHR, Salesforce, and infrastructure.

MaxHealth is committed to simplifying healthcare and promoting healthier futures. Founded in 2015, it is a leading primary care provider in Florida, serving over 120,000 patients through numerous clinics and partnerships. We are dedicated to quality, compassion, and innovation to improve patient lives.

#IND123

Job Posted by ApplicantPro