Overview The Director, Cybersecurity Defense & Operations, is the leader responsible for running 24x7x365 cyber security operations, monitoring and hunting cyber threats, collecting and curating threat intelligence, deploying countermeasures, responding to and containing cyber incidents and managing Network Security for Fairview Health Services. Leader will also be overseeing Network Security including Firewalls, Network Access Controls, VPN, Application Firewalls, manage Micro and Macro Segmentation. Successful candidate will oversee teams of skilled Cyber Incident Response Analysts and Subject Matter Experts to ensure early and accurate detection, response, containment and recovery from cyber threats directed at Fairview. Operating under Cyber Security Risk Management (CSRM) group, this leader will promote Security First culture and contribute to deploying and defending frictionless security controls that can be risk adaptive. Responsibilities Job Description Director, Cybersecurity Defense & Operations will assist the CISO to formulate and execute cybersecurity operations and incident response strategy, aligned with organizational objectives. Responsibilities include the following: Manage cybersecurity managers/leaders and oversee three core groups of Cybersecurity operations – Access Provisioning; Cyber Security Operations & BLUE Team; Threat Intel & Darkweb Monitoring; Cyber threat and Incident Response; Network & Medical Devices Security Will assist CISO with prioritization of strategic initiatives, remediate security risks in a cost-effective manner, in collaboration with Finance and other IT leadership teams Formulate strategy and oversee execution of incident response and investigations of potential events across the organization. Accountable for directing all cybersecurity incident processes and communication practices 24/7/365 Partner with Infrastructure, Applications and other Security leadership to detect and respond to cyber threats, incidents and ad-hoc requests, participate in governance meetings to effectively improve timely patching and remediation of security vulnerabilities Will oversee a combination of in-house and managed services partners to execute operations, investigate & respond to cyber threats Drive end-to-end Cybersecurity incident response activities, serve as an escalation point for high priority or complex incidents and coordinate with local & federal cybercrime & law enforcement authorities when necessary Drives continuous refinement and improvement of incident response processes, playbooks, Standard Operating Processes (SOPs) through automation, autonomous response orchestration Will hire, coach, mentor high performing diversified teams in Cybersecurity Operations, Threat and Incident Response Partner with CISO to actively manage the Annual Operating and Capital Budgets allocated for assigned departments Qualifications Required Education Bachelors degree any field or equivalent combination of experience and education. Experience Minimum of 15 Years of cumulative experience in Information Technology/Operations leading teams with three or more of these specialized areas – Security Operations Center, Security Incident Response, Threat & Vulnerability Management, Cybersecurity Engineering, 24x7 Operations and Customer Service Management, Network Security Operations, Digital Forensics, Threat Hunting, Identity & Access Management, User On/Offboarding, Security Orchestration & Automated Response, Ransomware Playbooks & DR Drills, Cyber Risk Management etc. 5+ years of direct leadership/management of IT/Cybersecurity teams Exposure to Zero Trust Security, defense-in-depth approaches Understanding of tools, techniques used by threat actors to breach networks, server systems, cloud workloads or applications including deep understanding of MITRE ATT&CK framework and its use in cyberattack detection, containment and prevention Experienced in securing public cloud environments in either AWS, AZURE, or GCP Understanding of common cybersecurity frameworks and methods such as NIST CSF 2.0, regulatory compliance such as HIPAA, PCI 4.0 etc and understanding of certifications with HITRUST Understanding of core networking concepts (TCP/IP, etc.) and common protocols (HTTP, SMB, etc.) Deep understanding and experience of Service Oriented Delivery, SLA/OLAs, Operational & Productivity Metrics, Key Risk Indicators (KRI) Understanding of AI/GenAI/ML powered compute methods, pattern recognitions, AI BOTs, TOR Networks and associated attack patterns Demonstrated understanding of security related technologies and practices, including authentication and authorization systems, endpoint protection, encryption, segmentation strategies, vulnerability management, network and Host Incident Detection and Prevention, Data Loss Prevention, Data Security, risk based and strong authentication, cloud access security, secure remote access, firewalls, Application Security etc. Excellent problem-solving skills including triage, root cause determination, cross functional & cross team collaboration Experience in managing department budgets, planning, forecasting etc. Leadership presence, comfortable presenting to and collaborating with all levels Proven ability to successfully manage and execute multiple, large-scale projects to achieve target state Strong team and individual coaching and mentoring skills Excellent oral, written, and interpersonal communication and presentation skills. Ability to facilitate problem solving among groups with varying needs and priorities Preferred Education Master’s in Computer Science/Cybersecurity or related fields Experience Prior experience as a Senior Manager/Director in IT, Infrastructure or Cybersecurity areas Prior experience in executing large scale strategic and transformational projects of budgets >$1M with multi-location sourced and dispersed teams Prior Experience in managing P&L of department or organizational unit, product or service-oriented delivery with attribution to cost of services etc. License/Certification/Registration Cybersecurity Industry recognized certifications such as CISSP, CISA, CISM, GCFE, GCIH, CCE, EnCE etc. EEO Statement EEO/AA Employer/Vet/Disabled: All qualified applicants will receive consideration without regard to any lawfully protected status