Direct Placement Title: Cybersecurity Director Compensation: $95,000 + Comprehensive Benefits Package Location: San Juan, Puerto Rico Company Description: Our client is a premier healthcare information technology company based in Puerto Rico, with a branch in Charlotte, North Carolina. They are primarily a healthcare clearinghouse, which means they act as an intermediary for the electronic exchange of healthcare information, particularly medical claims, between providers, hospitals, health plans, and patients. They're dedicated to leveraging technology to optimize healthcare delivery, ensuring compliance with strict industry regulations like HIPAA, CMS, and ONC, and maintaining robust data security with HITRUST Risk-based, 2-year Certification. Position Description: Our client is actively seeking a highly skilled and strategic Director of Cybersecurity to lead their security initiatives. This critical role involves overseeing the company's entire security architecture, implementing industry-leading security practices, and ensuring strict compliance with all relevant healthcare regulations. As the Director of Cybersecurity, you will play a pivotal role in protecting sensitive healthcare data, securing their cloud-hosted infrastructure, and proactively mitigating cybersecurity risks. This position demands a highly technical leader who can effectively balance strategic security planning with hands-on implementation, ensuring the robust protection of their systems and the trust of their clients. Responsibilities:
Cybersecurity Strategy & Policy Development: You'll be responsible for developing and implementing comprehensive cybersecurity policies, standards, and procedures that align with regulatory requirements and best practices. This includes staying up to date with evolving industry regulations and ensuring continuous compliance with all applicable security and privacy laws.
Security Architecture & Risk Management: You'll lead security architecture reviews and conduct thorough risk assessments for both cloud and on-premises infrastructure. This involves proactively identifying vulnerabilities and ensuring a robust security posture across all systems.
Vulnerability & Incident Management: You'll oversee and continuously improve the company's vulnerability management, incident response, and threat detection processes. This includes leading efforts to manage and respond to security incidents effectively, minimizing their impact.
Security Operations & Technology Deployment: You'll be tasked with evaluating and deploying new security technologies to enhance the company's overall security posture. This role also involves collaborating closely with external cybersecurity partners.
Compliance & Audit Leadership: You'll manage security audits, compliance initiatives, and third-party security assessments. This ensures the company consistently meets regulatory requirements and maintains a strong security reputation.
Secure Development & IT Collaboration: You'll collaborate closely with IT and development teams to embed security into system designs and software development lifecycles. This proactive approach ensures security is a fundamental aspect of all new initiatives.
Security Awareness & Mentorship: You'll lead the company's security awareness training program to foster a security-first culture among all employees. Additionally, you'll provide mentorship and technical guidance to the Security Administrator and other IT personnel.
Reporting & Budget Management: You'll be responsible for reporting key security metrics, incidents, and compliance status to the CISO and executive leadership. You'll also assist in planning and managing the cybersecurity budget for necessary tools, training, and personnel. Expect to provide on-call support outside of business hours when necessary.
Qualifications:
Extensive Cybersecurity Leadership Experience: A minimum of 10 years of experience in cybersecurity, with at least 5 years specifically in a leadership role, demonstrating a proven ability to lead and manage security initiatives.
Cloud Security Expertise (AWS Preferred): Demonstrated hands-on experience with cloud security, preferably within an AWS environment, along with a strong understanding of securing Windows Server and MS SQL environments.
Healthcare Industry Security Frameworks Mastery: Deep and practical knowledge of key healthcare industry security frameworks, including HIPAA, HITRUST, and NIST, and a proven track record of ensuring compliance.
SaaS Security Implementation Experience: Proven success in implementing robust security controls within SaaS-based environments, demonstrating an understanding of the unique challenges and solutions for securing cloud-delivered applications.
Comprehensive Security Domain Expertise: Deep expertise across critical security domains, including network security, identity & access management (IAM), endpoint protection, and threat intelligence.
Proficiency with Security Tools: Advanced proficiency with a wide range of security tools and technologies, such as SIEM, EDR, IDS/IPS, vulnerability management platforms, and firewall technologies.
Scripting & Automation Capabilities: Practical experience with scripting and automation for security operations, using languages like PowerShell, Python, or equivalent, to enhance efficiency and response capabilities.
Strong Leadership & Communication Skills: Exceptional leadership and strategic thinking abilities, coupled with the capacity to effectively communicate complex security risks to both technical and non-technical stakeholders, including executive leadership. Knowledge of secure software development practices in .NET environments is also highly valued.
Education & Certifications:
Bachelor's Degree: A Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a closely related field is required.
Master's Degree (Preferred): A Master's degree in Cybersecurity, Information Assurance, or Business Administration is highly preferred.
Industry Certifications: Relevant and current industry certifications such as CISSP, CISM, CCSP, GIAC, or equivalent are mandatory.
Benefits:
Health Insurance
Life Insurance - one time the annual salary at no cost. The employee can add more benefits by paying additional money.
401k - Employees can contribute and transfer balances from a similar plan. The contribution is discretionary once a year, up to 10% of the employee's contribution.
Paid Holidays - calendar sent annually.
15 days of vacation and 12 sick days.
Birthday (based on policy) that falls on a work day.
Equal Opportunity Statement: RCM is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Pay Transparency: RCM believes in transparency and fairness in compensation. We are committed to providing our employees with competitive salaries that reflect their skills, experience, and contributions to our organization. As part of our commitment to pay transparency, we want to provide you with as much information as possible about our compensation practices. Disclaimer: This job posting is intended to describe the general nature and the level of the work to be performed. It is not intended to include every job duty and responsibility specific to the position. RCM reserves the right to amend and change responsibilities to meet business and organizational needs as necessary. About RCM: RCM is a leading provider of Business, IT, and Engineering Services to over 1,000 clients in the commercial marketplace. RCM partners with clients to define, implement and manage a broad range of technologies across multiple platforms, systems, and networks. Our broad geographic presence ensures that a proven and reliable tactical and strategic capability is available and deployable virtually everywhere in North America.
