Cybersecurity Operations Lead

The Cybersecurity Lead is responsible for driving the organization's cybersecurity strategy, leading investigations, and guiding the operational execution of critical security initiatives. This position serves as a primary point of contact for cross-functional security matters, balancing hands-on technical work with mentoring and influencing team members. The Cybersecurity Lead will collaborate with stakeholders across IT, engineering, compliance, and business operations to proactively identify, address, and prevent security risks—ensuring the confidentiality, integrity, and availability of organizational assets.

This role requires an individual with proven leadership experience, the ability to communicate complex technical concepts clearly, and the judgment to make timely, informed security decisions in high-pressure situations.

Key Responsibilities

Leadership & Strategic Influence

• Act as the primary point of contact for significant security incidents, investigations, and escalations.
• Drive cybersecurity initiatives from planning to execution, ensuring alignment with business objectives and regulatory requirements.
• Mentor and guide junior analysts, fostering a culture of continuous learning and operational excellence.
• Influence security strategy by proactively identifying gaps, recommending solutions, and championing best practices.
• Represent the Information Security team in cross-departmental meetings, communicating risks and recommendations to both technical and non-technical stakeholders.

Threat Detection & Response

• Lead the monitoring, analysis, and triage of security events from SIEM, EDR, IDS/IPS, firewalls, and other detection platforms.
• Oversee and direct root cause analyses for complex security incidents, ensuring timely containment, eradication, recovery, and lessons learned.
• Enhance the organization's threat detection and response capabilities through tool optimization, process improvement, and integration efforts.

Vulnerability & Risk Management

• Oversee vulnerability assessments, ensure accurate risk prioritization, and collaborate with stakeholders to address findings within defined SLAs.
• Partner with IT and application teams to embed security into project lifecycles, reducing exposure to known and emerging threats.

Identity & Access Governance

• Lead enforcement of identity and access management controls, including periodic access reviews, least-privilege enforcement, and privileged access oversight.
• Collaborate with HR, IT, and compliance teams to ensure identity governance processes meet operational and regulatory requirements.

Governance, Compliance & Awareness

• Ensure adherence to industry regulations (HIPAA, PCI-DSS, SOC 2, HITRUST) and security frameworks (NIST, CIS).
• Prepare and present security posture updates, audit findings, and remediation status to leadership.
• Lead the delivery of targeted security awareness training and phishing simulations, measuring effectiveness and engagement.

Qualifications Required:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or equivalent work experience.
• 5–8 years of progressive experience in information security, with at least 2 years in a lead or senior analyst capacity.
• Demonstrated leadership in incident response, vulnerability management, and security operations.
• Advanced knowledge of security platforms such as Splunk, CrowdStrike, SentinelOne, Azure Security Center, or equivalents.
• Deep understanding of network protocols, cloud infrastructure security (Azure preferred), and endpoint security.
• Proven ability to communicate clearly and concisely, avoiding unnecessary rambling.
• Strong active listening skills, ensuring understanding before responding.
• Willingness to ask clarifying questions when needed instead of making assumptions.
• Experience collaborating effectively with both technical and non-technical stakeholders.

Preferred:

• Relevant certifications: CISSP, CISM, CEH, GSEC, CySA+, or equivalent.
• Experience in healthcare, fintech, or other regulated industries.
• Direct involvement in SOC 2, HITRUST, or PCI-DSS audits.