Director, Cybersecurity

The Massachusetts Medical Society (MMS) is the statewide professional association for physicians and medical students, supporting 25,000 members. We are dedicated to educating and advocating for the physicians of Massachusetts and patients locally and nationally. A leadership voice in health care, the MMS contributes physician and patient perspectives to influence health-related legislation at the state and federal levels, works in support of public health, provides expert advice on physician practice management, and addresses issues of physician well-being. Under the auspices of NEJM Group, the MMS extends our mission globally by advancing medical knowledge from research to patient care through the New England Journal of Medicine, NEJM Evidence, NEJM AI, NEJM Catalyst, NEJM Journal Watch, and through our accredited and comprehensive continuing medical education programs.

The world has changed and so has the way we work. The MMS has adopted a flexible work model that allows most employees to choose where they work - at home, onsite in our Waltham office, or a combination of the two - based on their preferences and our business needs. Because what matters is the work we do, not where we do it.

The Director, Cybersecurity is responsible for establishing and maintaining a resilient and proactive security posture and strategy, ensuring that information assets across internal and customer-facing business environments are safeguarded in the digital ecosystem in which we operate. As the enterprise-wide information security expert, lead the cybersecurity function across the organization to assess and mitigate risk and ensure consistent and high-quality information security management in support of the business goals. Proactively collaborate cross-functionally with various Enterprise Technology Business Solutions functions, editorial, and other key stakeholders to integrate security practices into all aspects of the business, ensuring alignment with industry standards and regulatory requirements.

1) Develop and refine the organization's information security strategy, roadmap, policies, and procedures, ensuring alignment with organizational goals and applicable laws and regulations.

2) Enhance the organization's security posture by developing a cybersecurity governance framework that ensures information assets, technology, applications, tools, systems, infrastructure, and processes are safeguarded across our global digital ecosystem.

3) Oversee the enterprise suite of security technologies and controls, including firewalls, intrusion detection/prevention systems, anti-malware solutions, data loss prevention (DLP), and vulnerability management platforms, both on-premises and in the cloud. Oversee the disaster recovery and business continuity program, ensuring plans are in place and tested per policy.

4) Lead the investigation and response to security incidents, data breaches, and policy violations. Implement effective containment and recovery strategies while adhering to regulatory requirements.

5) Oversee the cybersecurity awareness program. Establish metrics to measure the effectiveness of the security training program and recommend changes for improvement.

6) Present data to senior leadership on the organization's security posture, key risks, and mitigation efforts. Develop and maintain a real-time dashboard that reflects the current health of organizational security.

7) In collaboration with infrastructure and cloud architecture leadership, oversee vendor security risk assessments, penetration testing, and vulnerability scanning initiatives, proactively identifying and mitigating potential security vulnerabilities across our diverse systems and platforms.

8) Maintain a deep understanding of the latest security threats, trends, and emerging technologies and proactively recommend and implement appropriate security

enhancements.

9) Provide security expertise, knowledge, guidance, and mentorship across the organization.

10) Performs additional duties as assigned.

* Bachelor's degree in computer science, information technology or related field, or equivalent experience.

* 10+ years of experience in information security, with demonstrated success in establishing and leading information security strategy across both internal and customer-facing business environments, is required. 5+ years in a leadership role managing security teams is required.

* Experience leading security for an organization with a globally available digital product suite is required.

* Deep expertise in a wide range of security technologies, network architectures, operating systems, and cloud computing environments (e.g., AWS, Azure), with a strong understanding of security best practices for each.

* Knowledge and understanding of relevant legal and regulatory requirements.

* Excellent communication, interpersonal, and collaboration skills. Ability to

communicate cybersecurity and risk-related concepts to technical and nontechnical

audiences at various levels, ranging from board members to all employees.

* Ability to lead, motivate, and influence information security teams to achieve tactical and strategic goals, in both a direct and indirect reporting matrix.

* Certified Information Systems Security Professional (CISSP), Certified Information

Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk

and Information Systems Control (CRISC) or other similar credentials highly preferred.

* Knowledge of DevSecOps and secure software development practices.

Our generous benefits offerings include: 3 weeks of paid vacation, 6 personal days, 12 sick days, 13 paid holidays, medical and dental plans, 401(k) plans with company match, back-up childcare assistance, tuition assistance and more!

The MMS has earned praise as one of the Top Places to Work in Massachusetts by The Boston Globe for the past 15 years in a row! The Globe surveys employees regarding their opinions about company leadership, benefits, ethics, values and culture, and recognizes those companies who receive high marks from their employees.

The MMS is an Equal Opportunity Employer, committed to providing opportunities to veterans and people with disabilities and a work environment that is welcoming to all.