Head of Cyber Security - Infrastructure & Application Security (Healthcare)

HCL Technologies Limited

Role Overview
The Cyber Security Leader is accountable for the overall security posture of hospital infrastructure, clinical applications, and digital platforms. This role sets the security strategy, governs architecture and operations, and ensures cyber risk is managed without compromising patient care, clinical workflows, or system availability.
This leader works across IT, clinical leadership, compliance, and executive stakeholders to translate cyber risk into business and patient-safety impact and to drive pragmatic, scalable security outcomes.

Key Responsibilities
Strategy & Leadership
* Define and execute the hospital s cyber security strategy across infrastructure, applications, and cloud
* Establish security principles and standards aligned with clinical and operational realities
* Act as the primary cyber security advisor to CIO, CISO, and clinical leadership
* Build, lead, and mentor security architects, engineers, and operational teams

Infrastructure & Platform Security Ownership
* Own security posture for:
* Network, endpoint, server, and cloud environments
* Identity and access management
* Backup, disaster recovery, and ransomware resilience

* Drive zero-trust adoption while accounting for legacy and clinical systems
* Ensure medical devices and shared clinical workstations are governed under a risk-based model
Application & Digital Security Leadership
* Govern security for clinical and enterprise applications, including EHR and third-party platforms
* Establish secure development and deployment standards across internal and vendor-built systems
* Oversee application risk assessments, threat modeling, and remediation prioritization
* Ensure secure integrations, APIs, and data flows across the hospital ecosystem

Risk, Compliance & Resilience
* Own cyber risk management aligned with healthcare regulations and frameworks (HIPAA, HITRUST, NIST)
* Lead audit readiness, regulatory responses, and executive risk reporting
* Drive ransomware preparedness, incident response, and recovery planning
* Partner with legal, compliance, and privacy teams on breach response and regulatory obligations

Operational Excellence & Metrics
* Define security KPIs and executive dashboards tied to risk reduction and business outcomes
* Prioritize investments based on risk, patient safety, and operational impact
* Oversee vulnerability management, patching strategy, and third-party risk programs
* Ensure SOC capabilities align with hospital threat landscape

Stakeholder & Vendor Management
* Influence clinical, IT, and business leaders without disrupting care delivery
* Govern third-party and managed-service security providers
* Participate in contract reviews, RFPs, and vendor security negotiations


Required Qualifications
* 12+ years of cyber security experience with progressive leadership responsibility
* Proven experience leading cyber security in healthcare or similarly regulated environments
* Strong background across infrastructure, application, and cloud security
* Ability to communicate cyber risk in plain language to executives and clinicians
* Experience managing budgets, teams, and security roadmaps


Preferred Qualifications
* Direct experience supporting hospitals or large healthcare systems
* Familiarity with EHR platforms and medical device security
* Experience leading zero-trust or large-scale security transformations
* Security leadership certifications (CISSP, CISM, CCSP)


What Success Looks Like
* Cyber security is viewed as an enabler of safe patient care, not an obstacle
* Reduced risk exposure from ransomware, legacy systems, and third-party vendors
* Clear accountability and governance across infrastructure and application security
* Strong trust with executive and clinical leadership

Disclaimer
HCL is an equal opportunity employer, committed to providing equal employment opportunities to all applicants and employees regardless of race, religion, sex, color, age, national origin, pregnancy, sexual orientation, physical disability or genetic information, military or veteran status, or any other protected classification, in accordance with federal, state, and/or local law. Should any applicant have concerns about discrimination in the hiring process, they should provide a detailed report of those concerns to for investigation.

Compensation and Benefits
A candidate s pay within the range will depend on their skills, experience, education, and other factors permitted by law. This role may also be eligible for performance-based bonuses subject to company policies. In addition, this role is eligible for the following benefits subject to company policies: medical, dental, vision, pharmacy, life, accidental death & dismemberment, and disability insurance; employee assistance program; 401(k) retirement plan; 10 days of paid time off per year (some positions are eligible for need-based leave with no designated number of leave days per year); and 10 paid holidays per year