Director, Cyber Defense & Threat Management (US)

For more than 20 years, PointClickCare has been the backbone of senior care. We’ve amassed the richest senior care dataset making our market density untouchable and our connections to the healthcare ecosystem exponentially more powerful than those of any other platform. 
With Collective Medical & Audacious Inquiry, we’ve become the most expansive, full-continuum care collaboration network, offering care teams immediate, point-of-care access to deep, real-time insights at every stage of a patient’s journey.
For more information on PointClickCare, please connect with us on Glassdoor and LinkedIn.
As part of a Security Team supporting a market leading Software as a Service (SaaS) offering, the Director, Cyber Defense & Threat Management at PointClickCare will provide strong technical leadership and support for implementing, developing, and maintaining security solutions to safeguard cloud environments and corporate technology environments. The Director will act as a senior trusted security advisor and partner to corporate technology, product engineering, and cloud infrastructure teams, leveraging strong technical security acumen and proven ability to achieve consensus in a highly complex, fast-moving technology environment.  This is a newly envisioned position and will be responsible for developing a new integrated cyber fusion practice including the disciplines of Cyber Threat Intelligence, Attack Surface Reduction and Vulnerability Management, and serve as Incident Commander. 
Reporting to the Vice President, Information Security (Chief Information Security Officer), the Director will own our defensive cyber operations, including management of in-house staff, contractors and 24x7x365 MSSP managed service providers partners. The position is responsible for continuously enhancing tooling/monitoring/staff and outsourced relationships to monitor for and prevent security events, conduct threat intelligence/hunting activities, coordinate and lead responses to security incidents, and manage cyber security investigations.
The ideal candidate will be well versed in procedural/technical cyber security and responsible for providing strategic oversight and hands on technical guidance to the above functions and team members.   The Director will serve as Incident Commander and effectively manage multiple incidents, communicate with a cross functional set of stakeholders, and support lessons learned including establishing requirements around continuous strengthening of controls around detection and response.

As a Strategist, you will:

• Proactively plan for cyber operations and defensive/assurance needs, including next generation security tools and automated detection, prevention and response.
• Remain up to date with current attack methods and characteristics to identify threats and advise on prevention, mitigation and remediation.
• Provide recommendation, input and as needed develop maintain, and publish best practice information security policies, standards and guidelines.

As an Effective Leader, you will:

• Establish a new integrated cyber fusion practice including the disciplines of Cyber Threat Intelligence, Attack Surface Reduction and Vulnerability Management
• Transform the team from reactive, to proactive and predictive threat hunting, recommending mitigations and countermeasures
• Act as a hands-on leader, set vision and direction for the Cyber Defense and Threat Management (CDTM) teams as they strive to achieve technical excellence, operational rigor, while consistently aligned with PointClickCare strategic business goals
• Effectively guide the team and coordinate with other departments during challenging times such as incident troubleshooting, mitigation, containment and response to security incidents and recovery
• Collaborate with Corporate Technology Services, Legal, Hosting, Product Engineering Service Reliability Engineering (SRE) teams to drive continued operational maturity across our cyber security processes, platforms and tools overall information security and risk posture.
• Play a lead role in identifying and reporting on areas of cyber risk resulting in situational awareness, oversight, and risk-informed recommendations to improve the security posture of PointClickCare

As an Operations Expert, you will:

• Manage, monitor and operate infrastructure and network information security tools
• Triage security events, coordinate incidents with Incident Management Team, Corporate Technology Services, Legal, Hosting (SaaS Operations) and Product Engineering/SRE teams and support the Incident Management process
• Drive best in class operations through the development and enforcement of Operational KPI’s/KRIs  
• Work closely with stakeholders to ensure security tools perform reliably and service degradations are minimized
• Work as part of a 24x7x365 team delivering real time proactive monitoring and maintenance of supported security tools and associated rules and signatures
• Oversee internal customer service request completion to ensure timeliness and quality, including acting as an escalation point for all security requests and incidents
• Ensure consistent development of knowledge base articles for standard support issues
• Develop, author, and deliver process improvements for the SOC in order to maintain operational readiness for incident response
• Manage vendor relationships and contracts to control costs and drive service excellence

Basic Qualifications:

• Significant experience running a cyber defense program, managing a team and tooling, and delivering best in class protection and incident response
• Strong interpersonal skills including mentoring, coaching, collaborating, and team building
• Strong analytical, planning, and organizational skills with an ability to manage competing demands;
• Strong knowledge and understanding of business needs with the ability to establish/maintain high level of customer trust and confidence;
• Proven experience leading cyber security teams in the areas of security engineering and/or cyber security operations, preferably in large-scale, complex technology environments
• Proven experience working in the field of information security, technology, preferably managing a Security Operations Center
• Excellent written and verbal communication skills. This role requires the ability to articulate complex technical concepts in clear, concise, actionable manner through both written products and verbal communications
• Experience in security operations/engineering experience in cloud environments, particularly on the Azure public cloud platform
• Experience with cybersecurity technologies including Data Loss Prevention (DLP), network operations, architecture, security, firewall, endpoint protection, security monitoring (SIEM), key and secrets management, incident response and cyber exercises;
• Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers
• Execution oriented and a self-motivator
• Ability to manage multiple projects while maintaining superior results
• Ability to work cross-functionally, individually, and to lead work among a team

Preferred Qualifications:

• Experience with forensic techniques and toolsets; most major host operating systems and file system types; analysis of many different types of security logs; command line interfaces and scripting tools (powershell, grep, awk, sed, etc.); programming languages (python, perl, etc.); and/or data interchange formats (e.g. JSON)
• Expert understanding of TCP/IP, networking concepts, and services such as DNS, SMTP, HTTP, HTTPS
• A Bachelor’s degree in Computer Science or military experience
• Experience with security technologies such as AV/EDR, IDS/IPS, NGFW, UTM, FIM, SIEM, WAF, DLP solutions
• A high level of familiarity with malicious code threats as well as common attack and penetration techniques used by adversaries
• Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate
• Passion and expertise in cybersecurity, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions
• Experience in health care information security and familiarity with HIPAA/HITRUST
• At least 1 professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or willingness to obtain within first year of employment if other qualifications are suitable
• Familiarity with NIST Cybersecurity Framework controls, NIST 800-53, ISO 27000-1

#LI-Remote#LI-JP1
It is the policy of PointClickCare to ensure equal employment opportunity without discrimination or harassment on the basis of race, religion, national origin, status, age, sex, sexual orientation, gender identity or expression, marital or domestic/civil partnership status, disability, veteran status, genetic information, or any other basis protected by law. PointClickCare welcomes and encourages applications from people with disabilities. Accommodations are available upon request for candidates taking part in all aspects of the selection process. Please contact recruitment@pointclickcare.com should you require any accommodations.
When you apply for a position, your information is processed and stored with Lever, in accordance with Lever’s Privacy Policy. We use this information to evaluate your candidacy for the posted position. We also store this information, and may use it in relation to future positions to which you apply, or which we believe may be relevant to you given your background. When we have no ongoing legitimate business need to process your information, we will either delete or anonymize it.  If you have any questions about how PointClickCare uses or processes your information, or if you would like to ask to access, correct, or delete your information, please contact PointClickCare’s human resources team: recruitment@pointclickcare.com 
PointClickCare is committed to Information Security. By applying to this position, if hired, you commit to following our information security policies and procedures and making every effort to secure confidential and/or sensitive information.