Director of Cybersecurity Assurance & Programs

Acentra Health exists to empower better health outcomes through technology, services, and clinical expertise. Our mission is to innovate health solutions that deliver maximum value and impact.

Lead the Way is our rallying cry at Acentra Health. Think of it as an open invitation to embrace the mission of the company; to actively engage in problem-solving; and to take ownership of your work every day. Acentra Health offers you unparalleled opportunities. In fact, you have all you need to take charge of your career and accelerate better outcomes - making this a great time to join our team of passionate individuals dedicated to being a vital partner for health solutions in the public sector.

Acentra Health is looking for a Director of Cybersecurity Assurance & Programs to join our growing team.

Job Summary:

Acentra Health seeks a Director of Cybersecurity Assurance and Programs to lead enterprise-wide cybersecurity assurance, governance, and compliance efforts across our healthcare operations. This role is critical to ensuring the integrity, confidentiality, and availability of systems that support our partnerships with state Medicaid programs, federal health agencies, and other public-sector entities. This leader will oversee cybersecurity audits, risk assessments, third-party assurance, and program governance to ensure compliance with federal and state regulations such as HIPAA, HITECH, CMS MARS-E, FISMA, and FedRAMP. The Director will also drive the maturity of our cybersecurity programs and act as a key partner to operational and technology teams across the enterprise.

Responsibilities:

Cybersecurity Assurance & Governance

• Develop, lead, and continuously improve cybersecurity assurance frameworks aligned with healthcare regulatory requirements and government security standards
• Oversee internal and external audits, risk assessments, and security control testing
• Monitor and report on the effectiveness of cybersecurity controls across cloud, application, and infrastructure environments, especially in regulated environments (e.g., systems supporting MMIS, MES, and Medicaid programs)

Regulatory Compliance & Risk Management

• Ensure enterprise compliance with HIPAA, HITECH, CMS MARS-E, NIST 800-53, FISMA, and state-specific security requirements
• Oversee responses to government agency security assessments and audits, including OIG, CMS, and state Medicaid agencies
• Manage vendor and third-party risk assessments for partners supporting healthcare contracts

Cybersecurity Program Leadership

• Lead cross-functional cybersecurity initiatives related to data protection, secure development practices, application security, and incident readiness
• Oversee security program performance, maturity assessments, metrics, and reporting
• Collaborate with legal, compliance, privacy, and contract management teams to ensure end-to-end alignment

Application Security

• Develop and implement a robust application security strategy that aligns with enterprise security goals, HIPAA, NIST, FedRAMP, and other cybersecurity framework (CSF) requirements
• Partner with the Engineering Excellence and Product teams to mature the security process into the software development lifecycle (SDLC), incorporating practices such as threat modeling, secure code reviews, and security checkpoints
• Provide oversight of application security tools, including Veracode, Fortify, and other static (SAST) and dynamic (DAST) analysis platforms to proactively identify and remediate vulnerabilities
• Oversee the application vulnerability management program, ensuring timely remediation and risk prioritization across internal and third-party-developed applications
• Oversee the ongoing assessments and penetration tests to validate application resilience and compliance with OWASP Top 10 and other CSF security controls
• Provide secure coding training and best practice guidance to engineering and development teams to promote a "secure-by-design" culture

Stakeholder Engagement & Executive Communication

• Serve as a cybersecurity assurance liaison to internal stakeholders, external clients, and government partners
• Represent the security program in federal and state contract discussions, client audits, and board-level reporting
• Translate complex cybersecurity risk and compliance issues into clear business decisions

Team & Capability Development

• Build and lead a high-performing cybersecurity assurance team with healthcare and government security standards expertise
• Promote a security-first culture across the organization through training, collaboration, and policy adoption

• Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or related field or equivalent work experience required
• 10+ years of experience in cybersecurity, with at least 5 years in a leadership or assurance/program oversight role within healthcare or government sectors
• Deep understanding of healthcare regulations (HIPAA, HITECH, CMS, MARS-E) and federal security frameworks (NIST 800-53, FedRAMP, FISMA)
• Familiarity with state and federal healthcare programs and contracting environments (e.g., Medicaid, MMIS, MES)
• Experience preparing for and supporting external audits (e.g., SOC 2, HITRUST, CMS)

Preferred Competencies:

• Certifications such as CISSP, CISM, CISA, CRISC, or HCISPP are highly preferred
• Strategic thinker with the ability to drive security initiatives in a complex, regulated environment
• Excellent verbal and written communication skills, with experience briefing executives and agency clients
• Strong leadership, program management, and stakeholder engagement capabilities
• Comfortable working across cross-functional teams in matrixed, mission-driven healthcare organizations

Why us?

We are a team of experienced and caring leaders, clinicians, pioneering technologists, and industry professionals who come together to redefine expectations for the healthcare industry. State and federal healthcare agencies, providers, and employers turn to us as their vital partner to ensure better healthcare and improve health outcomes.

We do this through our people.

You will have meaningful work that genuinely improves people's lives across the country. We are a company that cares about our employees, and we give you the tools and encouragement you need to achieve the finest work of your career.

Benefits

Benefits are a key component of your rewards package. Our benefits are designed to provide you with additional protection, security, and support for both your career and your life away from work. Our benefits include comprehensive health plans, paid time off, retirement savings, corporate wellness, educational assistance, corporate discounts, and more.

Thank You!

We know your time is valuable and we thank you for applying for this position. Due to the high volume of applicants, only those who are chosen to advance in our interview process will be contacted. We sincerely appreciate your interest in Acentra Health and invite you to apply to future openings that may be of interest. Best of luck in your search!

~ The Acentra Health Talent Acquisition Team

Visit us at Acentra.com/careers/

EEO AA M/F/Vet/Disability

Acentra Health is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran or any other status protected by applicable Federal, State or Local law.

Compensation

The pay for this position is listed below.

"Based on our compensation philosophy, an applicant's position placement in the pay range will depend on various considerations, such as years of applicable experience and skill level."

#LI-SF1