Sign upLog in

Director, Cybersecurity Operations

Valley Medical Center

Renton, WA

Apply
JOB DETAILS
SKILLS
Access Control, Biomedical Engineering, Biomedicine, Budgeting, Business Operations, Business Support, CISSP - Certified Information Systems Security Professional, Capital Budgeting, Clinical Information Systems, Cloud Applications, Cloud Architecture, Communication Skills, Computer Science, Computer Security, Continuous Improvement, Contract Requirements, Cost Benefit Analysis, Cryptography, Endpoint Security, Establish Priorities, Financial Operations, Financial Systems, Healthcare, Hunting, Identity Data Management, Incident Response, Information Systems/Technology IS/IT Administration, Information Technology & Information Systems, Information/Data Security (InfoSec), Internet Security, Investment Strategy, Leadership, Legal, Medical Equipment, Medical Record System, Medical Records, Mentoring, Metrics, Multitasking, Network Monitoring, Operational Measurement, Operational Strategy, Operational Support, Operations, Organizational Skills, Patient Care, Patient Safety, People Management, Performance Analysis, Performance Management, Performance Metrics, Physical Demands, Privacy Controls, Problem Solving Skills, Project Planning, Project/Program Management, Ransomware, Regulations, Regulatory Compliance, Resource Management, Risk, Risk Management, Risk Modeling, Security Analysis, Security Architecture, Security Information and Event Management (SIEM), Security Infrastructure, Security Monitoring, Strategic Planning, Threat Modeling, Threat and risk analysis (TRA), Time Management, U.S. National Institute of Standards and Technology (NIST), Vertical Machining
LOCATION
Renton, WA
POSTED
7 days ago

JOB DESCRIPTION

The position description is a guide to the critical duties and essential functions of the job, not an all-inclusive list of responsibilities, qualifications, physical demands, and work environment conditions. Position descriptions are reviewed and revised to meet the changing needs of the organization.

TITLE: Director, Cybersecurity Operations

JOB OVERVIEW: The Director of Cybersecurity Operations is responsible for establishing, leading, and continuously maturing Valley Medical Center''s (VMC) enterprise cybersecurity program. This role ensures the protection of patient information, clinical systems, medical devices, and business operations while supporting patient safety, regulatory compliance, and organizational resilience. This role directly provides strategic leadership and operational oversight across cybersecurity domains, including security operations, identity and access management (IAM), governance, risk and compliance (GRC), and data protection. This position also serves as the key advisor to executive leadership on cybersecurity risks, priorities, and investments. The Director of Cybersecurity Operations reports to the Chief Information Officer (CIO) and collaborates closely with IT, compliance, privacy, legal, clinical, and executive teams across the organization.

DEPARTMENT: Information Technology Administration

WORK HOURS: Monday - Friday, 8:00a - 5:00p, or as required to fulfill responsibilities

REPORTS TO: SVP Chief Information Officer

PREREQUISITES:

  • Bachelor''s degree in Cybersecurity, Information Systems, Computer Science or related field, required. Master''s Degree preferred.

  • Minimum of ten years of progressive experience in cybersecurity experience, preferably in a healthcare environment, to include five years of leadership experience with direct responsibility for staff, strategic planning, and program execution. .

  • Certified Information Systems Security Professional (CISSP) required or obtained in 12 months.

  • Healthcare Information Security and Privacy Practitioner (HCISPP) required or obtained in 12 months.

QUALIFICATIONS:

  • Proven ability to build, scale, or transform cybersecurity programs in complex environments.

  • Proven record of excellent leadership, communications, and organization skills across all levels of management.

  • Ability to understand, analyze, and solve problems in a complex, multi-system environment.

  • Strong understanding of modern security architectures (cloud, Zero Trust, identity-centric security).

  • Demonstrated experience in risk-based decision-making, particularly in environments where operational disruption may impact patient care.

  • Demonstrated experience in strategic thinking and risk-based decision-making.

UNIQUE PHYSICAL/MENTAL DEMANDS, ENVIRONMENT AND WORKING CONDITIONS:

  • Requires prolonged periods of sitting and prolonged exposure to computer monitor and keyboarding.

  • Requires the ability to move PC''s and printers weighing up to 40 lbs.

  • Requires planning, organizing, and working on multiple tasks at one time.

  • Tolerates ambiguity in instructions and work situations.

PERFORMANCE RESPONSIBILITIES:

  • Generic Job Functions: See Generic Job Description for Director

  • Essential Responsibilities and Competencies:

  • Strategic Leadership and Program Development

  • Lead the development, execution, and continuous maturation of VMC''s cybersecurity program, identifying strategic opportunities to better cybersecurity posture.

  • Enhance and implement VMC''s enterprise cybersecurity strategy to protect clinical, financial, and operational systems, ensuring alignment with VMC goals and patient safety priorities.

  • Oversee daily program operations and lead the continuous evaluation of detection and response capabilities, ensuring security platforms are appropriate for VMC''s needs and program maturity.

  • Provide leadership, mentorship, and direction for cybersecurity staff, in addition to ensuring appropriate staffing levels and training,

  • Oversee staff performance management and professional development to maintain effective teams

  • Advise executive leadership, including CIO, on security risks, mitigation strategies, and investment priorities; provide regular updates on security posture, incidents, and emerging threats.

  • Direct cybersecurity projects and initiatives, including planning, cost/benefit analysis, resource allocation, and execution to ensure alignment with strategic priorities and timely delivery. Ensure work tasks are performed according to work plan and within target times and budget.

  • Establish and monitor key performance indicators (KPIs), service levels, and operational metrics to measure and ensure effectiveness and continuous improvement of cybersecurity services.

  • Ensure all cybersecurity processes and activities are documented, standardized, and compliant with internal and external requirements.

  • Develop and monitor department annual operating and capital budgets to meet the needs of the organization.

  • Support direct audits, assessment, and regulatory inquiries.

  • Governance, Risk and Compliance (GRC)

  • Determine and maintain a comprehensive cybersecurity governance strategy and program aligned with the National Institutes of Standards and Technology (NIST) framework.

  • Ensure VMC''s compliance with HIPAA and HITECH Act, including audit readiness, breach notification, and document requirements.

  • Lead cybersecurity risk management efforts, including risk assessments, threat modeling, and a risk register with prioritized remediation plans.

  • Develop, review, and enforce cybersecurity policies, standards, and procedures; ensure they are updated regularly to address evolving threats and regulatory environments.

  • Security Operations and Incident Response

  • Oversee security operations, including monitoring, detection, and response capabilities (e.g., SIEM, endpoint protection, identity and access management, and vulnerability management).

  • Lead and coordinate cybersecurity incident response activities, including authority to coordinate containment, eradication, and recovery efforts.

  • Establish and evaluate incident response and cyber recovery plans, including ransomware preparedness. Ensure incident response plans are maintained, tested, and updated.

  • Integrate threat intelligence and lead proactive threat hunting activities to reduce organizational risk.

  • Identity and Access Management (IAM)

  • Oversee enterprise IAM strategy, including identity governance, privileged access management, and role-based access controls.

  • Advance Zero Trust principles with strong focus on identity-centric security

  • Manage all access control strategies of the IAM team.

  • Collaboration and Organizational Support

  • Collaborate with clinical, administrative, and technical teams to ensure secure and effective use of technology across the organization.

  • Promote a culture of cybersecurity awareness by leading organization-wide training, education programs, and phishing simulation to reduce human risk factors.

  • Data Protection and Technology Security

  • Ensure the confidentiality, integrity, and availability of sensitive data, including electronic health records (EHR), through strong data protection controls such as encryption, access governance, and data classification.

  • Partner with IT, bio-medical and business / support units to secure infrastructure, applications, cloud environments and connected medical devices.

  • Medical Device and Clinical Systems Security

  • Establish and maintain a cybersecurity program for medical devices (IoMT) in partnership with biomedical engineering and clinical teams.

  • Ensure appropriate network segmentation, monitoring, and risk management for clinical technologies.

  • Third-Party and Vendor Risk Management

  • Oversee third-party cybersecurity risk management, including vendor and third-party security assessments, contract requirements protecting organizational data, and ongoing monitoring.

Created: 4/26

Grade: NC-17

FLSA: E

CC: 8550

Job Qualifications:

PREREQUISITES:

  • Bachelor''s degree in Cybersecurity, Information Systems, Computer Science or related field, required. Master''s Degree preferred.

  • Minimum of ten years of progressive experience in cybersecurity experience, preferably in a healthcare environment, to include five years of leadership experience with direct responsibility for staff, strategic planning, and program execution. .

  • Certified Information Systems Security Professional (CISSP) required or obtained in 12 months.

  • Healthcare Information Security and Privacy Practitioner (HCISPP) required or obtained in 12 months.

QUALIFICATIONS:

  • Proven ability to build, scale, or transform cybersecurity programs in complex environments.

  • Proven record of excellent leadership, communications, and organization skills across all levels of management.

  • Ability to understand, analyze, and solve problems in a complex, multi-system environment.

  • Strong understanding of modern security architectures (cloud, Zero Trust, identity-centric security).

  • Demonstrated experience in risk-based decision-making, particularly in environments where operational disruption may impact patient care.

  • Demonstrated experience in strategic thinking and risk-based decision-making.

About the Company

V

Valley Medical Center

Resume Resources

Free Resume TemplatesFree Resume Builder