Director, Security Engineering & Operations

Job Description:

• Build and lead a high performing Security Engineering and Operations team to address internal, external, and emerging Cloud infrastructure security risks throughout the organization.
• Develop and maintain security roadmaps, strategic plans, budgets, manage security controls and process gaps, provide architectural vision, and support the broader information security organization.
• The selection, acquisition, design, development and implementation of new tools, solutions, functionality, and frameworks that include people, process and technology components.
• Integrate DevSecOps capabilities, automation, and controls across all Cloud environments, ranging from true SaaS CI/CD applications to legacy hosted Cloud environments, including internal employee resources.
• Define, implement and execute incident response playbooks in conjunction with the Security Operations Center, and other L1 groups.
• Maintain key Security Information Event Manager tools, related processes, runbooks, automation, and response processes.
• Manage security and risk assessments, penetration testing, and architecture reviews to ensure the continuous security oversight of the NextGen Healthcare environment, platforms, and applications.
• Enhance continuous monitoring and detection capabilities from all key information and log sources across the environment.
• Develop and maintain the Vulnerability Management program to mitigate risks, feed data into the security exception process, and related metrics.
• Ensure applications, networks, systems and Cloud services are planned, designed, developed, implemented, and monitored in accordance with security controls related to SOC 2, ISO 27001, HITRUST requirements and the NextGen Information Security Policy.

Other Key Management Responsibilities:

• Hire, grow and retain team members to expand the team and its capabilities within the organization.
• Perform assessments of security tools, vendors, and solutions to support information security roadmap initiatives
• Act as an advocate for mentoring and technical career growth in the information security organization.
• Lead the architecture and engineering team in efficient, fast, and heightened performance of their duties.
• Working with vendors, often smaller companies and startups to fulfill and develop new information security capabilities.
• Act as a liaison with other internal NextGen teams or driving new capabilities, product investments, and research to fill coverage gaps.
• Regularly provide key performance and risk indicator metrics for management visibility into the status, health, and maturity of the Information Security Program at NextGen.
• Perform other duties that support the overall objective of the position.

Education Required:

Bachelor's degree.
Or, any combination of education and experience which would provide the required qualifications for the position.

Experience Required:

• 8+ year's progressive experience in an Information Security leadership related role, with an emphasis in one or more of the following areas: Security Architecture, Security Engineering, Incident Response, Information Defense Center (CDC) / Security Monitoring, Security Product Management.
• 7+ year's management experience leading high visibility/impact functions, including the management of senior technologists and architects.
• Extensive background in information security services and operations and the people, process, and technology components that make them successful.
• Significant experience in fulfilling business needs through the development of solutions through well-organized processes.
• Experience in client-facing discussions with new and existing customers to discuss security controls and implementations.
• Significant Service Management and or vendor management experience

Knowledge, Skills, Abilities:

Knowledge of:Strong understanding of information security controls and processes and the trajectory of evolution of these controls in the enterprise.

Skill in:Leadership, decision-making, strategic, problem-solving, debugging, design and technical expertise.

Ability to:Must be able to communicate at a technical and business level and be a bridge between the two. Ability to drive strategic direction

The company has reviewed this job description to ensure that essential functions and basic duties have been included. It is intended to provide guidelines for job expectations and the employee's ability to perform the position described. It is not intended to be construed as an exhaustive list of all functions, responsibilities, skills and abilities. Additional functions and requirements may be assigned by supervisors as deemed appropriate. This document does not represent a contract of employment, and the company reserves the right to change this job description and/or assign tasks for the employee to perform, as the company may deem appropriate.

NextGen Healthcare is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.