Director, Cybersecurity - Cyber Defense Operations
Job Description
The Director of Cyber Defense Operations leads Sutter Health’s enterprise cybersecurity defense capabilities, responsible for protecting critical clinical, operational, and digital assets against evolving cyber threats. This role provides strategic and operational leadership across core defensive functions including Security Operations Center (SOC), Incident Response (IR), Threat Intelligence, Detection Engineering, Security Automation, and Adversary Simulation.
Education
Equivalent experience will be accepted in lieu of the required degree or diploma. Bachelor's: Business, Cybersecurity, Computer Science, Information Technology/Security, Risk Management, or related field or equivalent education/experience.
Typical Experience
- 12 years recent relevant experience.
- Leadership experience overseeing Cyber Defense Operations functions including SOC, Incident Response, Threat Intelligence, Detection Engineering, and Incident Response in a large enterprise environment.
- Hands-on experience with SIEM, SOAR, EDR/XDR, threat hunting, automation, and security monitoring technologies.
- Pioneering ability to build and inspire high-performing cybersecurity teams through mentorship, Capture the Flag (CTF) events, attack demonstrations, tabletop exercises, and continuous technical development.
- Strong communication and executive presence with experience delivering cybersecurity metrics, threat intelligence reporting, operational dashboards, and risk updates to technical and business stakeholders.
- Experience defending healthcare environments and protecting critical systems, PHI, and clinical operations against modern cybersecurity threats including ransomware and advanced adversary activity.
Skills & Knowledge
- Solid expertise in formal/structured information security risk assessment methodology, including understanding the implementation challenges and advantages across all levels of hardware platforms and software applications.
- In-depth knowledge of information security technologies, infrastructures, methodologies, frameworks, techniques, security incident and event monitoring (SIEM) solutions (e.g., Splunk Enterprise Security, IBM QRadar, HP ArcSight, etc.), compliance reporting, and the development and implementation of these concepts to manage risk within a clinical environment.
- Extensive knowledge and understanding of current and emerging digital security trends, risks, threats, countermeasures, vulnerabilities, and mitigations ranging across the technologies required for securing applications, data centers, networks, and third-party access to data, applications, and resources.
- Broad working knowledge of health care operations and their related data/software/hardware requirements including, but not limited to, hospitals, clinics, medical offices, and their information technology needs.
- Detailed knowledge of state and federal information security, cyber security, compliance and privacy-related regulatory requirements, including a comprehensive understanding of National Institute of Standards and Technology (NIST), Federal Information Processing Standards (FIPS), and other recognized industry security standards and best practices.
- Comprehensive understanding of information confidentiality and integrity requirements especially as it relates to patient information in a healthcare environment (electronic health/medical records (EHR/EMR), Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH), etc.).
- Superior business acumen and exceptional leadership skills to provide innovative solutions to complex problems and leveraging appropriate internal/external resources to meet corporate objectives.
- Expertise in building cross-functional team, fostering consensus, resolving conflicts, and managing risk, in addition to being an effective decision maker and expert delegator.
- Organizational skills with an understanding of team building and organizational dynamics, including creative problem identification and resolution, conceptualization, and contingency thinking skills.
- Advanced project management skills, including the ability to manage multidisciplinary teams that successfully define, develop, and deliver various information security solutions.
- Attention to detail with exceptional analytical skills in problem identification, analysis, and innovative resolution.
- Verbal and written communication, interpersonal, and presentation skills with the ability to present regulatory requirements, directives, ideas, and concepts effectively to a diverse audience.
- Advanced level of computer and application competency including Excel, Power Point, Word, and Project and relational database management systems.
- Adapt to changing or challenging initiatives while developing new ideas and approaches aimed at improving results.
- Foster an environment of collaboration at all levels of the organization, including engaging and influencing individuals or groups with various opinions and levels of knowledge, building consensus, and then enlisting cooperation without direct control/authority.
Management
Management reserves the right to revise the job description or require that other tasks be performed when the circumstances of the job change (for example, emergencies, staff changes, workload, or technical development).
Principal Accountabilities
This role provides strategic and operational leadership across core defensive functions including Security Operations Center (SOC), Incident Response (IR), Threat Intelligence, Detection Engineering, Security Automation, and Adversary Simulation.
Requirements
This leader drives alignment across cybersecurity, IT, clinical engineering, legal, and business teams to ensure resilience against cyber events that could impact patient care and operations. This role also owns the maturity and performance of the cyber defense program, establishing roadmaps, operational metrics, and executive reporting that demonstrate control effectiveness, detection coverage, and overall security posture improvement.
Responsibilities
The Director partners closely with Security Engineering, Data Protection, and GRC leaders to ensure a fully integrated, threat-informed defense strategy aligned to enterprise risk priorities.
Qualifications
This role requires solid expertise in formal/structured information security risk assessment methodology, including understanding the implementation challenges and advantages across all levels of hardware platforms and software applications.
Benefits
Yes
Unions
No
Status
Exempt
Weekly Hours
40
Status
Regular
Pay Range
$260,312.00 to $416,520.00 / annual salary
Compensation
The compensation range may vary based on the geographic location where the position is filled. Total compensation considers multiple factors, including, but not limited to a candidate’s experience, education, skills, licensure, certifications, departmental equity, training, and organizational needs.
Total Compensation
Base pay is only one component of Sutter Health’s comprehensive total rewards program. Eligible positions also include a comprehensive benefits package.