MaxHealth is seeking an experienced and proactive Manager of Cybersecurity to lead and evolve our cybersecurity operations. This role is accountable for safeguarding our multi-site clinical and administrative environment, including EHR (eClinicalWorks), Salesforce-based platforms, Microsoft 365, Azure cloud services, and integrated third-party SaaS systems. You will oversee a small team responsible for monitoring, incident response, vulnerability management, threat detection, and security platform administration.
The ideal candidate brings a balance of hands-on technical experience, leadership acumen, and healthcare security awareness, including HIPAA, NIST CSF, and HITRUST-aligned practices.
This position earns a competitive wage , depending on experience. We provide fantastic benefits, including health benefits, a 401k plan, life insurance, long-term disability, paid holidays, and PTO (paid time off)!

MINIMUM QUALIFICATIONS-

• Bachelor’s degree in Cybersecurity, Information Systems, or equivalent experience.
• 8+ years in IT, with 5+ years focused on cybersecurity operations and tools.
• 3+ years in a formal people leadership role.
• Experience implementing NIST RMF and NIST CSF 2.0, including Govern function.
• Hands-on in CI/CD security: SAST, DAST, SCA, NIST SSDF.
• Familiarity with AI governance frameworks: model cards, risk assessments, fairness testing.
• Experience in app security, secure SDLC, pen testing, and application vulnerability remediation.
• Deep expertise in Microsoft 365 Security, Entra ID, Intune, Defender suite, and Azure infrastructure security.
• Experience managing incident response workflows, threat hunting, and security automation.
• Familiarity with PHI/PII handling, HIPAA, NIST, CIS benchmarks, and modern EDR/XDR systems.
• Strong written and verbal communication skills
• Strong ability to explain risks and controls to non-technical stakeholders.

PREFERRED QUALIFICATIONS-

• Relevant certifications such as CISSP, GIAC, Microsoft Security Engineer, or CRISC.
• Experience in healthcare, SaaS platforms (Salesforce, ECW), and cloud-native threat detection.
• Experience with PowerShell, KQL, and log correlation techniques.
• Exposure to Microsoft Defender for IoT, Patch My PC, and automated patch governance.
• Knowledge of CASB tools, preferably Microsoft Defender for Cloud Apps.