- Define and own the multi-year information security strategy and roadmap aligned to business objectives.
- Build, mentor, and lead the security and compliance team, including security engineers, analysts, and GRC staff.
- Own the enterprise risk management program: identify, assess, prioritize, and track remediation of security risks.
- Lead audit readiness and certification efforts (e.g., SOC 2 Type II, ISO 27001, HIPAA, HITRUST, GDPR, CCPA).
- Direct security operations, including monitoring, detection, vulnerability management, and patching.
- Own the incident response program, including preparation, detection, containment, and post-incident review.
- Design and administer security awareness, training, and phishing simulation programs across the organization.
CybersecurityHIPAA