Senior Director, Cyber Security and Deputy CISO

HealthPartners is currently hiring for a Senior Director, Cyber Security and Deputy CISO. This role sets the strategic direction for IT security initiatives and serves as a key partner to business leaders. Responsibilities include safeguarding data and systems, advising on security technologies and integration, and collaborating on enterprise-wide security solutions. The position leads IT Security Management and is accountable for the security infrastructure supporting HealthPartners' electronic data and systems. It also serves as the organization's Deputy Chief Information Security Officer.

The Senior Director reports to the Vice President of IT Infrastructure Technology and the Chief Information Security Officer (CISO) and will be part of a 10-person leadership team. In addition, the Senior Director oversees a department of 40 personnel, with 13 direct reports comprising three Managers, nine Analysts, and one Scrum Master.

Required Qualifications:

• Bachelor's degree in computer science, management information services, or equivalent experience.
• Twenty (20) years of progressive experience in information systems, including roles with increasing leadership responsibility and project oversight.
• Ten (10) years of hands-on experience in cybersecurity, with deep expertise in NIST frameworks, CIS Controls, and SIEM tools. Proven record in crafting robust cybersecurity strategies and conducting comprehensive risk assessments.
• Ten (10) years of demonstrated success in staff management and team leadership, fostering high-performance cultures and driving operational excellence.
• Strong understanding of threat intelligence (e.g., MDR).
• Understanding of network, cloud application, endpoint protection, firewalls, Data Loss Protection (DLP) strategies, and security architecture (e.g., Zero Trust framework).
• Proven experience in incident response and crisis management.
• Exceptional verbal and written communication skills, with the ability to convey technical and non-technical information clearly to stakeholders at all levels of responsibility and authority.
• Comprehensive knowledge of IT infrastructure, technologies, and hardware configurations
• Strategic thinker with a focus on long-term solutions
• Strong commitment to delivering exceptional customer service.
• Proven ability to manage moderate to complex projects successfully.
• Excellent critical thinking skills with a focus on minimizing organizational impact.
• Demonstrated ability to manage multiple priorities effectively.
• Skilled in negotiation and conflict resolution
• Experience with service management platforms and tools

Preferred Qualifications:

• Strongly prefer experience securing medical devices and healthcare technologies (e.g., MRIs, infusion pumps, lab equipment, Pyxis systems), as well as other IOT and OT devices. Emphasis on applying cybersecurity best practices across clinical and connected environments.
• CISM, CISSO, CISSIP, or other Security Certification(s) is strongly preferred.
• Extensive knowledge and firsthand experience with security and compliance frameworks, including HIPAA, Sarbanes-Oxley (SOC 2), FDA regulations, and Payment Card Industry (PCI) standards.

Hours/Location:

• M-F; Days
• This hybrid role requires an onsite presence 3-4 days per week to support team collaboration, cross-functional engagement, and day-to-day operational effectiveness.

Responsibilities:

• Leads and is accountable for management and staff; ensuring the appropriate direction is provided to management and leaders within this group to plan for, develop, maintain, and manage their workforce all while fostering an inclusive team environment and being a champion for new ways of working.
• Lead and mentor teams towards the creation and accomplishment of goals that align with HealthPartners strategic initiatives with an eye toward continual improvement.
• Oversee, approves, and is accountable for the group's operating and capital budgets and their effective management; developing financial plans for the areas' functions and initiatives.
• Partners with HealthPartners and IT Senior Leaders to develop strategies ensuring the integrity, cybersecurity and privacy of HealthPartners systems and data.
• Oversee the development and implementation of cybersecurity policies, standards, guidelines, and procedures to ensure ongoing maintenance of cybersecurity controls.
• Directs the development and maturity growth of the IT Cybersecurity Infrastructure; advancing the shift to agile processes and methodologies while also driving increased automation.
• Partners with HealthPartners IT, Corporate Compliance, Risk Management, and Internal Audit to develop and implement control initiatives that are directly related to the cybersecurity infrastructure or processes and policies.
• Ensures effective cybersecurity breach investigation and resolution processes.
• Directs the organization's cybersecurity posture; ensuring regulatory and customer demands are met within the cybersecurity infrastructure.
• Identifies goals, objectives, and metrics consistent with HealthPartners' strategic plan.
• Promotes cybersecurity awareness and consciousness.
• Collaborates towards the development of IT's strategic planning of enterprise systems architecture and system standards; ensuring that architectural plans and standards are aligned with the cybersecurity requirements.
• Identity Access Management
• SIEM management and reporting
• Data loss prevention
• Network security, firewalls, and segmentation.
• Manages vendor relationships; negotiating terms and ensuring the contractual agreement and services meet HealthPartners' needs.