Director of Security

•Full-time

About the Job

Position Summary:

Centurion is seeking an experienced, strategic, and execution-oriented Director of Security to lead and mature our enterprise security program across a complex, multi-state healthcare environment. This leader will be responsible for cybersecurity operations, risk management, security engineering, incident response, governance, and security strategy in support of a growing and evolving organization.

The Director of Security will serve as a key leader within the IT organization, working closely with infrastructure, applications, service delivery, compliance, operations, and executive leadership to protect Centurion’s systems, data, and business operations. This role requires a leader who can balance strategy with execution, build strong internal and external partnerships, hold teams accountable, and drive measurable security outcomes.

This is not a theoretical security role. We are looking for a practical, high-impact leader who understands how to build and operationalize security in a healthcare environment where reliability, responsiveness, and sound judgment matter.

Key Responsibilities:

Security Strategy & Leadership:

Lead the development, execution, and ongoing maturity of Centurion’s enterprise cybersecurity strategy, roadmap, and operating model.
Align security initiatives with business priorities, regulatory requirements, operational realities, and the broader IT strategy.
Serve as the senior leader responsible for day-to-day security direction, decision-making, and program accountability.
Advise the CIO and executive leadership on security posture, emerging threats, material risks, and investment priorities.
Build a culture of accountability, responsiveness, and continuous improvement across the security function.
Lead the security vendor management lifecycle, assist in shaping strategy, governance, performance accountability, and long-term partnerships.

Security Operations & Incident Response:

Lead security operations across monitoring, detection, investigation, containment, response, and recovery activities.
Oversee relationships and operating effectiveness with managed security partners and service providers, ensuring strong performance, clear escalation, and meaningful outcomes.
Ensure effective use of security monitoring and SIEM platforms, including Google Chronicle and related detection and response capabilities.
Establish and maintain clear incident response procedures, escalation paths, communication protocols, and after-action review processes.
Drive improvements in threat detection, alert triage, response speed, and operational resilience.

Security Engineering & Architecture:

Partner with infrastructure and enterprise technology teams to design and implement secure, scalable, and supportable security controls.
Lead security engineering efforts across endpoint protection, identity and access management, network security, email security, vulnerability management, cloud security, logging, and data protection.
Ensure security solutions are integrated thoughtfully into the enterprise environment without creating unnecessary operational burden or complexity.
Support modernization efforts by embedding security into cloud strategy, Microsoft ecosystem initiatives, enterprise applications, and future digital platforms.

Risk, Governance & Compliance:

Establish a pragmatic and business-relevant approach to cyber risk management, control assessment, and remediation tracking.
Partner with internal stakeholders to support HIPAA, healthcare security requirements, contractual obligations, audits, and policy compliance.
Maintain and evolve security policies, standards, procedures, and governance processes to reflect the needs of a modern healthcare enterprise.
Present clear, actionable reporting on risk, incidents, vulnerabilities, and program maturity to executive leadership.
Demonstrated expertise enabling and operationalizing NIST frameworks, including 800-171 and 800-53, with hands on experience supporting FedRAMP & GovRAMP compliance
Lead vulnerability management and remediation governance, ensuring risks are identified, prioritized, tracked, and resolved in partnership with system owners.

Identity, Access & Data Protection:

Oversee strategy and operational controls related to identity governance, privileged access, authentication, and role-based access.
Ensure appropriate safeguards are in place to protect sensitive business and healthcare information across systems, users, devices, and third parties.
Partner with application and operational leaders to strengthen data security practices while maintaining business usability.

Team Development & Cross-Functional Leadership:

Build, lead, and mentor a high-performing security team with clear expectations, strong ownership, and a service-oriented mindset.
Develop internal talent and create scale through effective processes, prioritization, and smart use of partners and platforms.
Collaborate effectively with leaders across infrastructure, field operations, enterprise applications, service desk, compliance, legal, HR, and business operations.
Act as a trusted escalation point for complex security matters and critical business decisions.

Qualifications:

Required:

Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field; equivalent experience will also be considered.
10+ years of progressive experience in information security, cybersecurity, or related IT leadership roles.
5+ years of experience leading security teams or major security functions in a complex enterprise environment.
Demonstrated success leading security operations, incident response, risk management, and security engineering programs.
Experience working with MSSPs, security tooling vendors, and enterprise security platforms.
Experience with SIEM technologies and security monitoring programs; experience with Google Chronicle strongly preferred.
Strong understanding of identity and access management, vulnerability management, endpoint security, cloud security, network security, and governance practices.
Experience in healthcare, highly regulated industries, or distributed multi-site environments strongly preferred.
Strong executive communication skills with the ability to translate technical risk into business language.
Proven ability to lead through influence, drive accountability, and deliver results in fast-moving environments.
Relevant certifications such as CISSP, CISM, GIAC, CCSP, Microsoft SC-100.

Preferred:

Experience in correctional healthcare, payer/provider healthcare, or other complex care-delivery environments.
Familiarity with Microsoft security ecosystem, cloud security controls, and enterprise modernization initiatives.
Experience building or maturing a security program undergoing transformation, modernization, or operational scale-up.

Leadership Profile:

The successful candidate will be:

Strategic but hands-on — able to set direction while also driving execution.
Practical and business-minded — focused on reducing risk in ways that support the mission, not slow it down.
Accountable and decisive — willing to make sound decisions, own outcomes, and elevate issues quickly when needed.
A builder of teams — committed to developing talent, raising standards, and creating clarity.
Collaborative and credible — able to partner across IT and business functions while earning trust through consistency and delivery.
Operationally disciplined — capable of creating structure, metrics, and repeatable processes in a growing environment.

What Success Looks Like in This Role:

A stronger, more mature, and more accountable enterprise security program.
Improved visibility, monitoring, and response across the environment.
Clearer ownership and faster remediation of risks and vulnerabilities.
Strong partnership with IT and business leaders, with security viewed as an enabler rather than an obstacle.
Effective management of security vendors and partners with measurable performance.
Security strategy and operations that scale with Centurion’s growth, modernization, and digital evolution

Apply