Director of Security

Position Summary:

Centurion is seeking an experienced, strategic, and execution-oriented Director of Security to lead and mature our enterprise security program across a complex, multi-state healthcare environment. This leader will be responsible for cybersecurity operations, risk management, security engineering, incident response, governance, and security strategy in support of a growing and evolving organization.

The Director of Security will serve as a key leader within the IT organization, working closely with infrastructure, applications, service delivery, compliance, operations, and executive leadership to protect Centurion’s systems, data, and business operations. This role requires a leader who can balance strategy with execution, build strong internal and external partnerships, hold teams accountable, and drive measurable security outcomes.

This is not a theoretical security role. We are looking for a practical, high-impact leader who understands how to build and operationalize security in a healthcare environment where reliability, responsiveness, and sound judgment matter.

Key Responsibilities:

Security Strategy & Leadership:

• Lead the development, execution, and ongoing maturity of Centurion’s enterprise cybersecurity strategy, roadmap, and operating model.
• Align security initiatives with business priorities, regulatory requirements, operational realities, and the broader IT strategy.
• Serve as the senior leader responsible for day-to-day security direction, decision-making, and program accountability.
• Advise the CIO and executive leadership on security posture, emerging threats, material risks, and investment priorities.
• Build a culture of accountability, responsiveness, and continuous improvement across the security function.
• Lead the security vendor management lifecycle, assist in shaping strategy, governance, performance accountability, and long-term partnerships.

Security Operations & Incident Response:

• Lead security operations across monitoring, detection, investigation, containment, response, and recovery activities.
• Oversee relationships and operating effectiveness with managed security partners and service providers, ensuring strong performance, clear escalation, and meaningful outcomes.
• Ensure effective use of security monitoring and SIEM platforms, including Google Chronicle and related detection and response capabilities.
• Establish and maintain clear incident response procedures, escalation paths, communication protocols, and after-action review processes.
• Drive improvements in threat detection, alert triage, response speed, and operational resilience.

Security Engineering & Architecture:

• Partner with infrastructure and enterprise technology teams to design and implement secure, scalable, and supportable security controls.
• Lead security engineering efforts across endpoint protection, identity and access management, network security, email security, vulnerability management, cloud security, logging, and data protection.
• Ensure security solutions are integrated thoughtfully into the enterprise environment without creating unnecessary operational burden or complexity.
• Support modernization efforts by embedding security into cloud strategy, Microsoft ecosystem initiatives, enterprise applications, and future digital platforms.

Risk, Governance & Compliance:

• Establish a pragmatic and business-relevant approach to cyber risk management, control assessment, and remediation tracking.
• Partner with internal stakeholders to support HIPAA, healthcare security requirements, contractual obligations, audits, and policy compliance.
• Maintain and evolve security policies, standards, procedures, and governance processes to reflect the needs of a modern healthcare enterprise.
• Present clear, actionable reporting on risk, incidents, vulnerabilities, and program maturity to executive leadership.
• Demonstrated expertise enabling and operationalizing NIST frameworks, including 800-171 and 800-53, with hands on experience supporting FedRAMP & GovRAMP compliance
• Lead vulnerability management and remediation governance, ensuring risks are identified, prioritized, tracked, and resolved in partnership with system owners.

Identity, Access & Data Protection:

• Oversee strategy and operational controls related to identity governance, privileged access, authentication, and role-based access.
• Ensure appropriate safeguards are in place to protect sensitive business and healthcare information across systems, users, devices, and third parties.
• Partner with application and operational leaders to strengthen data security practices while maintaining business usability.

Team Development & Cross-Functional Leadership:

• Build, lead, and mentor a high-performing security team with clear expectations, strong ownership, and a service-oriented mindset.
• Develop internal talent and create scale through effective processes, prioritization, and smart use of partners and platforms.
• Collaborate effectively with leaders across infrastructure, field operations, enterprise applications, service desk, compliance, legal, HR, and business operations.
• Act as a trusted escalation point for complex security matters and critical business decisions.

Qualifications:

Required:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field; equivalent experience will also be considered.
• 10+ years of progressive experience in information security, cybersecurity, or related IT leadership roles.
• 5+ years of experience leading security teams or major security functions in a complex enterprise environment.
• Demonstrated success leading security operations, incident response, risk management, and security engineering programs.
• Experience working with MSSPs, security tooling vendors, and enterprise security platforms.
• Experience with SIEM technologies and security monitoring programs; experience with Google Chronicle strongly preferred.
• Strong understanding of identity and access management, vulnerability management, endpoint security, cloud security, network security, and governance practices.
• Experience in healthcare, highly regulated industries, or distributed multi-site environments strongly preferred.
• Strong executive communication skills with the ability to translate technical risk into business language.
• Proven ability to lead through influence, drive accountability, and deliver results in fast-moving environments.
• Relevant certifications such as CISSP, CISM, GIAC, CCSP, Microsoft SC-100.

Preferred:

• Experience in correctional healthcare, payer/provider healthcare, or other complex care-delivery environments.
• Familiarity with Microsoft security ecosystem, cloud security controls, and enterprise modernization initiatives.
• Experience building or maturing a security program undergoing transformation, modernization, or operational scale-up.

Leadership Profile:

The successful candidate will be:

• Strategic but hands-on — able to set direction while also driving execution.
• Practical and business-minded — focused on reducing risk in ways that support the mission, not slow it down.
• Accountable and decisive — willing to make sound decisions, own outcomes, and elevate issues quickly when needed.
• A builder of teams — committed to developing talent, raising standards, and creating clarity.
• Collaborative and credible — able to partner across IT and business functions while earning trust through consistency and delivery.
• Operationally disciplined — capable of creating structure, metrics, and repeatable processes in a growing environment.

What Success Looks Like in This Role:

• A stronger, more mature, and more accountable enterprise security program.
• Improved visibility, monitoring, and response across the environment.
• Clearer ownership and faster remediation of risks and vulnerabilities.
• Strong partnership with IT and business leaders, with security viewed as an enabler rather than an obstacle.
• Effective management of security vendors and partners with measurable performance.
• Security strategy and operations that scale with Centurion’s growth, modernization, and digital evolution