• Location: Libertyville, IL
• Type: Direct Hire
Remote
• Job #9428

A trusted leader in Medication Dispensing is looking for the Head of Cybersecurity to join and lead our small but growing Cybersecurity team.

You will report directly to the CTO and serve as the organizational leader for Cybersecurity, Data Protection, and Privacy. This role is responsible for defining and enforcing enterprise security and privacy strategy, translating regulatory and business requirements into effective controls, and ensuring the confidentiality, integrity, and availability of systems and Protected Health Information (PHI).  You will operate as both a strategic leader and hands-on contributor, building and maturing a security and privacy program aligned with healthcare, pharmaceutical, and regulatory requirements.

This is a hands-on role! Candidate must have extensive knowledge of security architecture and tools such as CrowdStrike, Rapid7 and Mimecast, (KnowB4 is a plus) and be able to work closely with the IS and IT teams to ensure the availability, confidentiality, and integrity of all systems and processes.

Impact:

• Through a deep understanding of our environment, culture, and technology stack, including on-prem, cloud (AWS), and hybrid platforms, as well as third parties, you will oversee company security event monitoring and incident response solutions and processes.
• Working across tooling and with our security and infrastructure partners, you will oversee our vulnerability management program, breaking down complex systems, ensuring appropriate action, tracking, and ownership to minimize our risk exposure.
• In coordination with IT leadership, Legal, and Business Leaders, you will drive BCP and DR planning and testing to ensure tech resiliency.
• As a critical thinker and a doer, you will not just identify security operations and resiliency program gaps but also assist in implementing them and influence adoption through dynamic steering, leading by example.
• You will drive evolution as a cyber leader, acting expeditiously in making decisions and recommendations, understanding the factors associated with risk-based decision-making in this complex, fast-growing environment.
• Lead enterprise cybersecurity and privacy governance, including policy creation, enforcement, and exception management.
• Own third-party security and privacy risk management, including vendor assessments and ongoing monitoring
• Ensure security controls align with FDA-regulated operations and data integrity requirements (e.g., labeling, traceability)
• Provide executive-level reporting on risk posture, incidents, and compliance status

You are motivated by:

• Delivering Security Solutions to a fast-moving and rapidly changing, entrepreneurial organization with constant and continuously evolving cyber threats.
• Developing and elevating security processes and policies for efficiency and easy adoption while delivering high-quality, scalable solutions that minimize our cyber risk.
• You will foster a message that cybersecurity enables the business and its objectives by educating and garnering awareness to a range of audiences, both technical and non-technical, while also actively listening to their needs, ensuring alignment with deliverables versus organizational objectives.
• Working in a highly collaborative environment as a courageous leader and developing talent to support the growth of the business.

Privacy & Data Governance

You will:

• Establish and govern enterprise data protection, privacy, and PHI handling policies
• Act as an internal subject matter expert on HIPAA Security and Privacy Rules
• Oversee Business Associate Agreements (BAAs) and third-party PHI usage
• Define and enforce:
  • Data classification
  • Data retention
  • Encryption standards
• Lead breach response in coordination with Legal and Compliance
• Ensure compliance with HIPAA, state privacy laws (CCPA/CPRA), and emerging regulations

Prerequisites:

• Experience working with best-in-class security tools across all Technology stacks, like CrowdStrike, Rapid7, and Mimecast, etc. KnowB4 a plus.
• Experience with cloud security and cloud-native environments.
• Technical Experience with Windows, SQL Server, VMWare, cloud infrastructure (AWS, SQL RDS, EC2, etc.).
• Experience implementing and managing programs based upon industry standards and frameworks such as SOC2 Type II, HITRUST, etc.
• Demonstrated experience with HIPAA Privacy & Security Rules and PHI governance.
• Experience negotiating or reviewing BAAs and data protection agreements.
• Experience in regulated healthcare/pharma environments, including FDA considerations (preferred).
• Experience leading enterprise security and privacy programs, not just security operations.
• Strong presentation skills and ability to translate complex security concepts to senior leadership and the business.
• Passion for your work and an interest in working across multiple business verticals.
• Bachelor’s in Cybersecurity, Computer Science, Electrical Engineering, etc.
• Information Security certifications a plus.
• Experience in the Pharmaceutical, Health Care, Insurance or Financial Services Industry strongly desired.