Director of Cybersecurity Operations
: Job Details :

It's fun to work in a company where people truly BELIEVE in what they're doing! We're committed to bringing passion and customer focus to the business. Public Partnerships LLC supports individuals with disabilities or chronic illnesses and aging adults, to remain in their homes and communities and self direct their own long-term home care. Our role as the nation's largest and most experienced Financial Management Service provider is to assist those eligible Medicaid recipients to choose and pay for their own support workers and services within their state-approved personalized budget. We are appointed by states and managed healthcare organizations to better serve more of their residents and members requiring long-term care and ensure the efficient use of taxpayer funded services. Our culture attracts and rewards people who are results-oriented and strive to exceed customer expectations. We desire motivated candidates who are excited to join our fast-paced, entrepreneurial environment, and who want to make a difference in helping transform the lives of the consumers we serve. (learn more at www.pplfirst.com). The Director of Cybersecurity Operations is responsible for overseeing all operational aspects of the organization's information security program. This includes day-to-day threat detection and response, vulnerability management, security monitoring, tool optimization, and incident handling. The Director ensures that cybersecurity operations align with business objectives and regulatory compliance mandates, including HIPAA, SOC 2, and NIST 800-53. This role leads the Security Operations Center (SOC), manages key technologies (e.g., SIEM, EDR, DLP), oversees managed security service providers (MSSPs), and works closely with IT, DevOps, and compliance teams to drive a robust operational security posture. Key Responsibilities: Strategic Leadership

• Develop and lead the organization's cybersecurity operations strategy and roadmap.
• Align security operations with enterprise programs and business objectives.
• Lead governance and compliance initiatives to ensure regulatory and legal compliance.
• Serve as the operational lead for all real-time and continuous security functions.

Security Operations

• Oversee day-to-day cybersecurity operations, including threat monitoring, alert triage, incident detection, and response.
• Manage internal and/or external Security Operations Center (SOC) resources, ensuring 24/7 monitoring and rapid escalation processes.
• Direct the use and optimization of SIEM platforms, including use case development, correlation rules, and alert tuning.
• Define and monitor key metrics such as MTTD (mean time to detect), MTTR (mean time to respond), and incident volume trends.
• Coordinate digital forensics and root cause analysis following security incidents.
• Develop and maintain operational playbooks for threat scenarios and incident types.

Vulnerability & Patch Management

• Lead enterprise vulnerability scanning, analysis, and prioritization using risk-based methodologies.
• Oversee patch management in coordination with IT/Engineering, ensuring critical vulnerabilities are addressed within SLA windows.
• Track remediation efforts and report on residual risks.

Security Tooling & Engineering

• Oversee configuration, tuning, and maintenance of core security technologies including EDR, DLP, firewalls, IDS/IPS, NAC, WAF, and email security tools.
• Ensure logs are collected, retained, and monitored from all critical systems to support incident response and audit readiness.
• Evaluate and implement automation and orchestration capabilities (SOAR) where appropriate.

Threat Intelligence & Detection Engineering

• Incorporate threat intelligence feeds into detection platforms to stay ahead of emerging threats.
• Continuously improve detection logic based on threat landscape, attack simulations, and purple team exercises.

Incident Response

• Lead the incident response team during cybersecurity events.
• Investigate security breaches and coordinate with legal, communications, and executive teams as needed.
• Design, test, and improve incident response plans and tabletop exercises across business units.
• Develop HIPAA-specific breach response workflows including regulatory reporting and notification.

Policy & Compliance

• Develop and maintain security policies, standards, and procedures.
• Ensure compliance with frameworks such as NIST, ISO 27001, SOC 2, PCI-DSS, HIPAA, or GDPR as applicable.
• Lead HIPAA Security Rule compliance, including implementation of safeguards, workforce training, and audit preparation.
• Map operational controls to NIST 800-53 Rev. 5 and support secure development practices per NIST SSDF.

Vendor & Tool Management

• Evaluate, select, and manage security technologies and third-party services.
• Monitor effectiveness of tools such as SIEM, EDR, DLP, and firewalls.
• Oversee MSSPs providing SOC, threat detection, or managed EDR services-ensuring SLA adherence, incident handoffs, and performance reviews.

Executive Reporting

• Provide regular updates to the CISO on security posture, incidents, and improvement plans.
• Serve as the subject matter expert for all cybersecurity-related topics.
• Deliver risk dashboards and operational scorecards for compliance frameworks such as HIPAA, SOC 2, and NIST 800-53.

Qualifications

• Bachelor's or Master's degree in Cybersecurity, Computer Science, Information Technology, or a related field.
• 10+ years of progressive experience in information security or IT, including 5+ years in a leadership role.
• Professional certifications such as CISSP, CISM, CISA, or CRISC are strongly preferred.
• Deep understanding of cybersecurity frameworks and compliance requirements.
• Proven experience managing enterprise security operations including SOC, vulnerability management, and SIEM platforms.
• Strong knowledge of HIPAA Security Rule, NIST 800-53, and SOC 2 control alignment.
• Strong leadership, project management, and communication skills.

Preferred Experience

• Experience in regulated industries (finance, healthcare, defense, etc.).
• Hands-on experience with tools like SIEM, EDR, FW, CSPM, etc.
• Familiarity with cloud platforms (Azure, AWS, GCP) and securing hybrid environments.
• Experience building or scaling SOC capabilities, whether in-house or through MSSPs.
• Familiarity with NIST SSDF and application security principles in CI/CD pipelines.

The above is intended to describe the general contents and requirements of work being performed by people assigned to this classification. It is not intended to be construed as an exhaustive statement of all duties, responsibilities, or skills of personnel so classified PPL is an Equal Opportunity Employer dedicated to celebrating diversity and intentionally creating a culture of inclusion. We believe that we work best when our employees feel empowered and accepted, and that starts by honoring each of our unique life experiences. At PPL, all aspects of employment regarding recruitment, hiring, training, promotion, compensation, benefits, transfers, layoffs, return from layoff, company-sponsored training, education, and social and recreational programs are based on merit, business needs, job requirements, and individual qualifications. We do not discriminate on the basis of race, color, religion or belief, national, social, or ethnic origin, sex, gender identity and/or expression, age, physical, mental, or sensory disability, sexual orientation, marital, civil union, or domestic partnership status, past or present military service, citizenship status, family medical history or genetic information, family or parental status, or any other status protected under federal, state, or local law. PPL will not tolerate discrimination or harassment based on any of these characteristics. If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!