Over 10 years of experience in cybersecurity, information risk, or GRC roles., At least 5 years of healthcare consulting or provider environment experience., Expertise in HIPAA, HITECH, NIST CSF, HITRUST CSF, and healthcare regulations., Strong leadership and client-facing skills, with experience leading complex cybersecurity engagements..
Key responsibilities:
Lead and oversee client cybersecurity engagements to ensure quality and value.
Define and develop the vision and strategy for the cybersecurity practice.
Contribute to market positioning through thought leadership and industry representation.
Mentor team members and support business development efforts.
Report This Job
Help us maintain the quality of our job listings. If you find any issues with this job post, please let us know.
Select the reason you're reporting this job:
Global health and technology consulting. We connect people, data, and technology to create a healthier world. Let’s work together. Let’s connect healthcare.
Nordic helps healthcare organizations harness the power of technology to create healthier systems that lead to healthier businesses. Our global team of more than 3,300 professionals combines deep clinical experience, extensive technical knowledge, insightful strategic vision, and proven operational capability, to deliver transformational outcomes for providers and the people in their care. Nordic provides a broad range of consulting services, including strategic advisory, digital and cloud initiatives, implementation and support, and managed services. Our more than 700 clients trust us to help them identify and focus on the most important priorities, and consistently deliver business-changing impacts that make health systems, and the people they serve, healthier.
Nordic is a full-service consultancy firm focusing on health care and technology. We are looking for a collaborative, entrepreneurial leader who brings deep healthcare security expertise, a consulting mindset, and a passion for building high-impact teams. This is a strategic role responsible for helping to shape the direction of our cybersecurity service offerings, leading client delivery engagements, developing solutions when needed, and positioning the firm as a trusted leader in healthcare risk advisory services.
Key Areas
Client Delivery & Executive Oversight: Lead and oversee high-impact client engagements to ensure quality, consistency, and value delivery; serve as a trusted advisor to provider executives and health IT leadership teams.
Delivery Quality and Solution Ownership: Deliver high-quality consulting services to strategic clients, developing and implementing solution-based tools and solutions when needed.
Market Presence & Thought Leadership: Represent the firm in industry forums, contribute to thought leadership, and collaborate with business development teams to position the firm as a leader in healthcare cybersecurity and GRC.
Key Responsibilities
The Director, Cybersecurity Services, will have the following key responsibilities, which include but are not limited to:
Practice Leadership
Define and refine the vision, strategy, and roadmap for the Cybersecurity & GRC practice.
Expand core services, such as HIPAA security assessments, GRC services, policy development, third-party risk management, security program design, IAM, and other services as identified.
Collaborate across service lines to ensure an integrated advisory offering to our healthcare clients.
Engagement Delivery & Quality Oversight
Lead critical engagements, as a solo consultant, or as a team leader and ensure quality of deliverables and client satisfaction
Guide teams in applying risk-based frameworks (e.g., NIST, HITRUST, HIPAA) to client environments.
Provide input into solution development and delivery models.
Internal Development & Growth
Partner with business development and client account teams to pursue growth opportunities.
Contribute to proposals, presentations, and capability development across the firm.
Mentor and coach team members, identify staffing needs, and help build a high-performing bench of cybersecurity and GRC consultants in relation to sales pipeline growth.
Thought Leadership & Market Positioning
Facilitate research and identify relationships/partnerships that could be supportive of Nordic solutions
Stay current on emerging risks, healthcare regulations, and cybersecurity trends relevant to our clients.
Qualifications:
Required:
10+ years in cybersecurity, information risk, or GRC roles with at least 5 years in healthcare consulting or provider environments.
Expertise in HIPAA, HITECH, NIST CSF, HITRUST CSF, and healthcare regulatory frameworks.
Strong leadership, client-facing, and team development skills.
Experience leading complex cybersecurity consulting engagements
Demonstrated ability to scope, lead, and deliver security engagements for provider clients.
Preferred:
Previous experience leading or co-leading a service line or consulting practice.
Previous CISO-level experience/leadership in a hosptial organization
Certifications such as CISSP, CISM, CRISC, or HITRUST CCSFP.
Familiarity with firm operations, business development processes, and delivery methodology.
Additional Details
70% remote position
Travel up to 30% of the time, including to the Nordic home office in Madison, WI and client sites when needed.
Nordic is an equal opportunity employer. We are committed to creating an inclusive environment for all employees and applicants. We do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, genetic information, marital or veteran status, or any other protected status under applicable federal, state, or local laws. We encourage individuals of all backgrounds to apply, including women, minorities, individuals with disabilities, and veterans.
Required profile
Experience
Level of experience:Senior (5-10 years)
Spoken language(s):
English
Check out the description to know which languages are mandatory.