Senior Director, Cybersecurity Architecture

EyeCare Partners is the nation’s leading provider of clinically integrated eye care. Our national network of over 300 ophthalmologists and 700 optometrists provides a lifetime of care to our patients with a mission to enhance vision, advance eye care and improve lives. Based in St. Louis, Missouri, over 650 ECP-affiliated practice locations provide care in 18 states and 80 markets, providing services that span the eye care continuum. For more information, visit www.eyecare-partners.com.

The Senior Director, Cybersecurity Architecture, will be focused on designing security solutions and capabilities to enable the business to meet their strategic and financial goals. This role is responsible for ensuring EyeCare Partners enterprise architecture security requirements are met, aligning with regulatory standards and organizational goals and collaborating with stakeholders across the business. This role will work closely with the infrastructure, software development, architecture, engineering, and operations teams. This role will co-develop and define security strategies, guide architecture decisions, assess risks and assist with technology product selections and solutions. The ideal candidate will bring expertise in cybersecurity frameworks, cloud and hybrid environments, and a deep understanding of emerging technologies to drive secure innovation and resilient infrastructure through strong technical leadership.

• Lead the architectural design and contribute to the strategic direction and results within the IT security organization.
• Assist the CISO with developing and driving transformation within the Cybersecurity program/team and associated projects to provide a secure technology environment and enabling secure innovation across the business.
• Coordinate with Cybersecurity and Information Technology leaders to align cybersecurity efforts with compliance requirements and industry standards.
• Oversee the project architecture and solutions architecture functions of Cybersecurity to drive results towards organizational objectives.
• Mentor and Develop staff within the Cybersecurity and other IT groups.
• Collaborate with Digital and Information Technology teams to identify security requirements for Agile-based deployments and appropriately drive the escalation and completion of those requirements.
• Collaborate with Cloud and security technology teams to ensure that Cybersecurity protections as well as monitoring and alerting capabilities are deployed throughout all cloud environments.
• Establish appropriate cybersecurity technical controls coverage for projects and company-wide initiatives, which entails communication of project information to leadership level stakeholders and delegation of representation to senior members based upon areas of expertise.
• Act as a technical resource to department management and others within the company who are seeking more information about security.
• Perform other duties as assigned and conform with all company policies and procedures.
  
  

Education / Experience Requirements

• Bachelor's Degree in computer science, engineering, or related field (graduate degree preferred).
• Minimum 10 years of IT and/or compliance leadership experience, and 7 years of information security/cybersecurity experience.
• Significant experience working in information security in a multi-unit/multi-state services organization; healthcare industry preferred.
• A proven track record in developing information security policies and procedures, and successful execution.
• Extensive knowledge of business risk, risk assessment and risk-based decision making.
• Able to communicate security and risk-related concepts to both technical and non-technical audiences (in business terms).
• The ability to evangelize IT security to make it a critical part of business operations; build trust and respect for the security function.
• Excellent written and verbal communication, interpersonal and collaborative skills.
• Experienced with contract and vendor negotiations.
• Ability to effectively prioritize and execute tasks in high-pressure situations.
• Knowledge of security, risk and control frameworks and standards such as ITIL and NIST
• Security technology acumen and experience including but not limited to firewall, intrusion detection, DLP (Data Loss Prevention), cyber-attack tools and defenses, Active Directory, encryption, certificate authority, web filtering, anti-malware, anti-phishing, identity and access management and multi factor authentication.
• Expert knowledge of common operating systems (Windows and Linux), services, networking protocols, logging, attacker techniques, etc.
• Expert knowledge of secure access capabilities and solutions to streamline the end user experience when accessing internal and external applications (SSO, FIDO2, etc.).
• Expertise in IT, Security Operations, Managed Detection and Response services, Vulnerability Management, Incident Response, Threat Intelligence, DevOps, Application Security and Security Automation.
• Prior operational experience leveraging threat intelligence to detect and respond to adversaries is required.
• A good understanding of network topology, TCP/IP network configuration and components (firewalls, routers, etc.).
• Independent researcher and natural leader with ability to lead ongoing efforts to build/enhance capabilities and new features.
• Expertise in AWS and Azure cloud environments.
• Strong Security Incident Management and response skills are required.
• Able to work with and lead third party providers relating to Incident, Vulnerability and SecOps initiatives.
  
  

Reporting Structure

• This role will report directly to the Chief Information Security Officer (CISO).
• This role will be an individual contributor and will not have any direct reports.
  
  

If you need assistance with this application, please contact (636) 227-2600. Please do not contact the office directly – only resumes submitted through this website will be considered.

EyeCare Partners is an equal opportunity/affirmative action employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.