Head of Cyber Security - Infrastructure & Application Security (Healthcare)

Job description: Role Overview  The Cyber Security Leader is accountable for the overall security posture of hospital infrastructure, clinical applications, and digital platforms. This role sets the security strategy, governs architecture and operations, and ensures cyber risk is managed without compromising patient care, clinical workflows, or system availability.  This leader works across IT, clinical leadership, compliance, and executive stakeholders to translate cyber risk into business and patient-safety impact and to drive pragmatic, scalable security outcomes.    Key Responsibilities  Strategy & Leadership  Define and execute the hospital’s cyber security strategy across infrastructure, applications, and cloud  Establish security principles and standards aligned with clinical and operational realities  Act as the primary cyber security advisor to CIO, CISO, and clinical leadership  Build, lead, and mentor security architects, engineers, and operational teams  Infrastructure & Platform Security Ownership  Own security posture for:  Network, endpoint, server, and cloud environments  Identity and access management  Backup, disaster recovery, and ransomware resilience  Drive zero-trust adoption while accounting for legacy and clinical systems  Ensure medical devices and shared clinical workstations are governed under a risk-based model  Application & Digital Security Leadership  Govern security for clinical and enterprise applications, including EHR and third-party platforms  Establish secure development and deployment standards across internal and vendor-built systems  Oversee application risk assessments, threat modeling, and remediation prioritization  Ensure secure integrations, APIs, and data flows across the hospital ecosystem  Risk, Compliance & Resilience  Own cyber risk management aligned with healthcare regulations and frameworks (HIPAA, HITRUST, NIST)  Lead audit readiness, regulatory responses, and executive risk reporting  Drive ransomware preparedness, incident response, and recovery planning  Partner with legal, compliance, and privacy teams on breach response and regulatory obligations  Operational Excellence & Metrics  Define security KPIs and executive dashboards tied to risk reduction and business outcomes  Prioritize investments based on risk, patient safety, and operational impact  Oversee vulnerability management, patching strategy, and third-party risk programs  Ensure SOC capabilities align with hospital threat landscape  Stakeholder & Vendor Management  Influence clinical, IT, and business leaders without disrupting care delivery  Govern third-party and managed-service security providers  Participate in contract reviews, RFPs, and vendor security negotiations    Required Qualifications  12+ years of cyber security experience with progressive leadership responsibility  Proven experience leading cyber security in healthcare or similarly regulated environments  Strong background across infrastructure, application, and cloud security  Ability to communicate cyber risk in plain language to executives and clinicians  Experience managing budgets, teams, and security roadmaps    Preferred Qualifications  Direct experience supporting hospitals or large healthcare systems  Familiarity with EHR platforms and medical device security  Experience leading zero-trust or large-scale security transformations  Security leadership certifications (CISSP, CISM, CCSP)    What Success Looks Like  Cyber security is viewed as an enabler of safe patient care, not an obstacle  Reduced risk exposure from ransomware, legacy systems, and third-party vendors  Clear accountability and governance across infrastructure and application security  Strong trust with executive and clinical leadership  DisclaimerHCL is an equal opportunity employer, committed to providing equal employment opportunities to all applicants and employees regardless of race, religion, sex, color, age, national origin, pregnancy, sexual orientation, physical disability or genetic information, military or veteran status, or any other protected classification, in accordance with federal, state, and/or local law. Should any applicant have concerns about discrimination in the hiring process, they should provide a detailed report of those concerns to secure@hcltech.com for investigation.Compensation and BenefitsA candidate’s pay within the range will depend on their skills, experience, education, and other factors permitted by law. This role may also be eligible for performance-based bonuses subject to company policies. In addition, this role is eligible for the following benefits subject to company policies: medical, dental, vision, pharmacy, life, accidental death & dismemberment, and disability insurance; employee assistance program; 401(k) retirement plan; 10 days of paid time off per year (some positions are eligible for need-based leave with no designated number of leave days per year); and 10 paid holidays per year