"Alerted.org

Community Health Systems is one of the nation's leading healthcare providers. Developing and operating healthcare delivery systems in 35 distinct markets across 14 states, CHS is committed to helping people get well and live healthier. CHS operates 70 affiliated hospitals with more than 10,000 beds and approximately 1,000 other sites of care, including physician practices, urgent care centers, freestanding emergency departments, imaging centers, cancer centers, and ambulatory surgery centers.

As a member of the Cybersecurity organization, the Cyber Security Director, Infrastructure Protection leads the strategy, implementation and continuous improvement of critical cybersecurity programs, ensuring the successful delivery and operations of infrastructure security controls and processes across the CHS Enterprise. The Director is responsible for leading, managing, and developing a team of cybersecurity managers and professionals driving the success of critical initiatives and programs. This role collaborates with Cyber Architecture, IT and other stakeholders to assess risks, define strategies, and deliver business and functional requirements and applicable use-cases of focus areas in order to implement and govern processes and controls that reduce risk and exposure to the organization. The Director will foster strong partnerships with business leaders to ensure that strategies and frameworks align with organizational goals, programs, and projects. By providing insights into emerging threats and technologies, the Director promotes innovation and enhances the overall security posture of the organization.

The Infrastructure Protection department within the Cybersecurity Risk Management (CSRM) organization ensures successful delivery and operations of critical security controls across the CSH Enterprise related to Network Protection, Endpoint Protection and Cloud Security. The Director, Infrastructure Protection leads all facets of the program. The role has responsibility for the overall strategic direction of the program, including the people, processes and technologies involved. The role includes oversight of planning, build, implementation, and operation of the underlying technology platforms and processes across the infrastructure spectrum, including: Network Firewalls, Web Filtering, Network Segmentation, Network Access Control, Anti-Malware Protection, Endpoint Detection and Response, Host Firewall, Application Allow Listing, Mobile Device Security, Medical Device Security, Endpoint Device Encryption, Cloud Security Posture Management, Workload Protections, and Cloud Security Governance.

The Director, Infrastructure Protection reports directly to the VP, Chief Information Security Officer and is a member of the Senior Cybers Security Leadership Team.

Essential Duties and Responsibilities

+ Leadership & Oversight

+ Lead the planning, development, and strategic implementation of multiple cybersecurity programs across the organization.

+ Oversee and guide a team of managers and engineers, ensuring leadership in mentorship, performance management, and fostering a high-performance culture.

+ Collaborate with cross-functional leaders, ensuring cybersecurity strategies align with business objectives and regulatory requirements at a broader level.

+ Risk Management & Program Development

+ Direct organization-wide risk assessments, overseeing the identification and management of cybersecurity risks across all systems and data environments.

+ Present risk mitigation strategies to senior leadership, including measurable metrics that demonstrate program effectiveness and security posture improvements.

+ Lead initiatives to optimize cybersecurity processes, driving organization-wide improvements in efficiency and effectiveness.

+ Collaboration & Strategic Alignment

+ Serve as a key advisor across the organization, aligning security programs with operational needs and strategic business goals.

+ Develop and manage cross-departmental relationships to ensure cybersecurity capabilities evolve to meet both current and future business requirements.

+ Partner closely with enterprise-wide teams to deliver critical cybersecurity initiatives, ensuring on-time and high-quality delivery.

+ Communication & Compliance:

+ Communicate complex cybersecurity concepts and strategies to executives, external partners, and non-technical teams.

+ Ensure comprehensive compliance with all regulatory, legal, and internal security standards, keeping cybersecurity policies up to date with industry best practices.

+ Deliver regular performance reports to senior leadership, highlighting key metrics, risks, and improvements.

+ Project & Vendor Management

+ Lead high-impact cybersecurity projects, coordinating multiple teams and stakeholders to meet organizational goals.

+ Manage vendor relationships, negotiating and ensuring third-party solutions meet strategic cybersecurity objectives.

+ Must be willing to travel occasionally and be able to respond to security issues in an on-call escalation role.

+ Performs other duties as assigned.

Education:

+ Bachelor’s Degree in Cyber Security, Computer Science, Information Systems (or other related field) or equivalent work experience Required

+ Master’s Degree in Cyber Security, Computer Science, Information Systems (or other related field) Preferred

Required Experience:

+ 10+ years Required Cybersecurity, Technology or other related experience

+ 5-7+ years Preferred Cybersecurity experience

+ 5-7+ years Required Leadership experience

+ Technical Expertise & Problem Solving

+ Advanced understanding of security frameworks (SOX, HIPAA, HITRUST, NIST) and complex technologies.

+ Proven ability to develop and implement solutions that address complex security challenges and mitigate organizational risks.

+ Strong problem-solving skills, with a focus on proactive risk mitigation and system optimization.

+ Leadership

+ Manages multiple cybersecurity teams, providing leadership, mentorship, and driving performance across the department.

+ Oversees the strategic planning and execution of major security projects, ensuring alignment with organizational goals.

+ Develops and executes comprehensive risk management programs, presenting recommendations to senior leadership.

+ Communication & Collaboration

+ Communicates complex security issues and strategies to both technical and non-technical stakeholders, including senior management.

+ Builds strong relationships with IT, business units, and external partners to ensure cybersecurity solutions align with business operations.

+ Manages vendor relationships, negotiating terms and ensuring third-party solutions meet security and operational needs.

+ Business Acumen & Strategic Thinking

+ Develops and drives long-term cybersecurity initiatives, aligning security programs with the organization’s broader strategic goals.

+ Provides strategic guidance on emerging threats, industry regulations, and best practices, influencing overall security posture.

+ Time Management & Adaptability

+ Effectively prioritizes and manages multiple large-scale projects in a high-demand environment.

+ Focuses on continuous improvement, adapting processes and systems to meet evolving security challenges.

Preferred Experience:

+ Three to five years of Security Project execution experience preferred, including project and program management experience

+ Experience with leading Network, Endpoint, Cloud Security vendor solutions, including cloud SaaS solutions

+ Experience in Security Architecture

+ Excellent oral and written communication skills including ability to present technical information in business centric language for executives and business partners.

+ Preferred License/Registration/Certification:

+ Industry certifications such as: Security+, GSEC, SSCP, CISM, CISSP, GIAC, OSCP, ITIL Certifications or others

\#li-RK1

Equal Employment Opportunity

This organization does not discriminate in any way to deprive any person of employment opportunities or otherwise adversely affect the status of any employee because of race, color, religion, sex, sexual orientation, genetic information, gender identity, national origin, age, disability, citizenship, veteran status, or military or uniformed services, in accordance with all applicable governmental laws and regulations. In addition, the facility complies with all applicable federal, state and local laws governing nondiscrimination in employment. This applies to all terms and conditions of employment including, but not limited to: hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. If you are an applicant with a mental or physical disability who needs a reasonable accommodation for any part of the application or hiring process, contact the director of Human Resources at the facility to which you are seeking employment; Simply go to http://www.chs.net/serving-communities/locations/ to obtain the main telephone number of the facility and ask for Human Resources.