Cybersecurity Engineering Manager

About Montefiore

Montefiore is ranked among the top hospitals nationally and regionally by U.S. News & World Report. For more than 100 years we have been innovating new treatments, procedures, and approaches to patient care, producing stellar outcomes and raising the bar for academic medical centers in the region and around the world. Our work to improve health outcomes in underserved communities is unparalleled in the United States. Our workforce is among the most diverse in the US: Montefiore associates speak 60+ languages.

Job Summary

The Cybersecurity Engineering Manager leads a team of cybersecurity engineers responsible for designing in collaboration with Cybersecurity Architecture and IT teams, implementing, operating and maintaining technical security controls that protect clinical systems, patient data, and enterprise infrastructure across a large, complex healthcare environment. This role balances hands-on technical leadership, personnel development, and strategic cybersecurity engineering management, ensuring alignment with regulatory requirements (e.g., HIPAA, HITECH, NYSDOH), enterprise risk management goals, and NIST-based frameworks. The manager serves as a technical authority and mentor, overseeing operational effectiveness and resiliency, by partnering with IT, clinical, cloud, and compliance teams to embed security into enterprise platforms and workflows.

Responsibilities

• Manage day-to-day cybersecurity engineering operations.
• Oversee secure configuration and maintenance of endpoint, network, cloud, and email security tools.
• Develop and maintain security engineering standards and runbooks.
• Manage vendor relationships and contract performance.
• Lead outage response and customer communication during security tool failures that significantly impact business operations.
• Support audits, risk assessments, and regulatory inquiries.
• Ensure high availability and resilience of security controls.
• Continuously mature security engineering capabilities.
• In partnership with Attack Surface Management personnel, participate in verification and validation testing of security controls across cloud and on-premise environments.
• Ensure security engineering participation in enterprise change management processes.
• Define and improve security engineering metrics for resiliency, availability, and operational efficiency.
• Lead engineering efforts to support third-party risk reduction and secure vendor integrations.
• Ensure security tooling supports both legacy and emerging technologies.
• Drive automation and orchestration to reduce manual engineering effort.
• Champion secure-by-design principles across infrastructure and application teams.
• Ensure security solutions are stress-tested to validate performance under peak clinical load.

Required

• Bachelor’s degree or equivalent work experience.
• 4-6 years progressive cybersecurity engineering experience, with a focus on team development.
• 4-6 years of hands-on experience implementing and managing security technologies to protect against contemporary threats.
• 4-6 years of experience in leadership: Proven experience leading a team of cybersecurity engineering professionals and coordinating engineering efforts across a large healthcare organization.
• Proven experience in leading and managing a team of cybersecurity professionals in a 7 x 24 on-call operating model.
• Ability to motivate and inspire team members, foster a positive and productive work environment.
• Strong decision-making skills, with the ability to manage multiple tools and competing priorities simultaneously.
• Advanced knowledge of cybersecurity engineering principles.
• Strong understanding of cybersecurity threats, attack vectors, and mitigation strategies including Zero Trust and defense-in-depth strategies.
• Proficiency in using and managing contemporary on premise and cloud-based cybersecurity tools such as internet proxies, employee and vendor remote access technologies, endpoint agents for Endpoint Detection and Response (EDR) and internet client connectors, support of unique anti-phishing platforms and secure file transfer solutions.
• Strong analytical skills to assess issues with the use of these tools, determine root causes, open support tickets with vendors and implement effective solutions.
• Experience in handling outages and complications associated with these tools and to be the face of customer service when handling events that impact the business.
• Excellent communication skills, with the ability to articulate technical issues to both technical and non-technical stakeholders.
• Familiarity of healthcare regulatory requirements (HIPAA, HITECH, NYSDOH).
• Knowledge of email security and anti-phishing technologies.
• Ability to design and implement cloud-native security controls across IaaS, PaaS, and SaaS platforms.
• Familiarity with secure connectivity between on-premises and cloud environments.
• Familiarity with Agile methodologies and the use of tools like Confluence and Jira to advance the program.
• One of the following certifications required or obtained within 12 months of hire:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Cloud Security Professional (CCSP)
  • GIAC Security Essentials (GSEC)

#SF-DICE-MIT

Montefiore Health System, Inc. is an equal employment opportunity employer. Montefiore Health System, Inc. will recruit, hire, train, transfer, promote, layoff and discharge associates in all job classifications without regard to their race, color, religion, creed, national origin, alienage or citizenship status, age, gender, actual or presumed disability, history of disability, sexual orientation, gender identity, gender expression, genetic predisposition or carrier status, pregnancy, military status, marital status, or partnership status, or any other characteristic protected by law.