Senior Cybersecurity Manager Job at Speridian Technologies in Sacramento

Speridian Technologies is seeking a SeniorCybersecurity Manager/Coach for our State of California client, the Department of Health Care Services, Behavioral Health. This person will be part of a long-term, fully budgeted, state-of-the-art, extremely vast IT modernization project working with a variety of cross-functional teams and stakeholders. This is a remote role, however, there will be meetings in the Sacramento area several times a year. Candidates are expected to work business hours, Monday-Friday Pacific time zone(PST). All candidates must be based in and work from the US. Join DHCS’s Behavioral Health Transformation: Where Purpose Meets Innovation Location: Remote/Hybrid Department: Department of Healthcare Services (DHCS) Commitment: Full-Time Consultant (W2 employee of Speridian or 1099/IC for Speridian) Why DHCS? We work within government, for government, to deliver outcomes that matter to the citizens of California – but we don’t work like government. We are value-driven, agile in practice and philosophy, constantly innovating and improving our processes and tech stack, and committed to self-governing teams within a matrixed leadership structure. We are passionate about solution delivery as a principle, entailing greater transparency and accountability for what is being delivered, decreasing risks faster, delivering organizational value sooner, and maximizing the flexibility and responsiveness of digital solutions to our customers' evolving business needs. We serve the California Department of Health Care Services, which provides equitable access to quality health care for a third of Californians, leading to a healthy California for all. Right now, we are focused on transforming the delivery of behavioral health care delivery in California, including reducing suicide, drug overdoses, and the types of mental health and addiction crises that result in people living in tents on the streets where we live, too. We take this work very seriously, and we take team camaraderie and enjoying working with each other very seriously. We’re looking for innovators who are passionate about purposeful work and excited by the opportunity to drive lasting change through innovative solutions. OurCoreValues (Achieve Together, Be Curious, Elevate Yourself, and Deliver Value) We achieve together by championing a team-oriented workplace built on mutual respect, collaboration, and open communication. We encourage individuals and teams to constantly be curious and seek a deeper understanding and fresh ideas that drive innovation and meaningful change We provide a supportive workplace where you can elevate yourself and achieve personal growth through continuous learning, focused effort, and perseverance We deliver value as part of every action we take to serve California’s citizens We’re honest about the challenges—state government is bureaucratic, and we can't match most tech salaries. But here’s what we can offer: Purpose that matters Teammates who care deeply Work-life balance and remote work We're not just changing systems—we're changing how government works Overview/Description Senior Cybersecurity Manager/Coach Ready to defend California's digital healthcare frontier? Join the Department of Healthcare Services ( DHCS ) as a Senior Cybersecurity Manager, where you'll lead the security transformation protecting sensitive healthcare data for 14 million Californians against nation-state actors and sophisticated cyber threats. As a Senior Cybersecurity Manager, you'll command a multidisciplinary security force spanning security engineering, SecOps, compliance, and penetration testing. This role transcends traditional security management – you'll architect zero-trust environments, orchestrate threat hunting operations, and build security programs that enable innovation rather than inhibit it. Your strategies will protect billions in healthcare transactions, ensure HIPAA compliance at massive scale, and establish DHCS as a model for government cybersecurity excellence. DHCS offers the unique challenge of securing healthcare systems with nation-state level threats while maintaining the agility of a tech startup. You'll have comprehensive ownership across the security spectrum, from writing infrastructure-as-code for security controls to briefing executives on risk posture. You'll build a security organization that shifts from reactive compliance to proactive cyber resilience. We're seeking a security leader who thrives in complexity – someone who can reverse-engineer malware while designing enterprise security architecture, who treats compliance as a baseline not a ceiling, and who believes that government agencies should set the standard for security excellence, not follow it. Responsibilities & Outcomes 1. Security Strategy & Architecture Drive enterprise security strategy across security engineering, SecOps, and compliance domains Design and oversee security architecture for cloud-native and hybrid environments Champion shift-left security practices including secure coding, threat modeling, and DevSecOps Make critical trade-off decisions balancing security controls, operational efficiency, and delivery timelines Outcome: Organizations operate with robust security postures that enable business while managing risk 2. Business Ownership & Financial Accountability Own security metrics and ROI for security investments across tools, people, and processes Develop cost-benefit analyses for security controls, tooling decisions, and compliance initiatives Manage team budget including security tools, penetration testing, audits, and infrastructure Translate security improvements into business value through reduced incidents and compliance costs Drive efficiency improvements in security operations while maintaining comprehensive protection Outcome: Security decisions driven by risk-based approach with clear ROI and business alignment 3. People Management & Development Manage, mentor, and develop a team of 10-20 security engineers across multiple disciplines Conduct regular 1:1s focused on career development and performance Execute performance management including promotions, improvement plans, and difficult conversations Build diverse, inclusive teams through thoughtful hiring and team composition Outcome: High-performing teams with strong retention, clear growth paths, and engaged security professionals 4. Security Operations & Incident Response Establish and maintain security operations capabilities and incident response procedures Lead incident response efforts for critical security events and coordinate cross-functional response Implement security monitoring, SIEM management, and threat intelligence programs Drive continuous improvement in mean time to detect (MTTD) and mean time to respond (MTTR) Outcome: Rapid detection and response to security threats with minimal business impact 5. Compliance & Risk Management Ensure adherence to HIPAA, StateRAMP, NIST, and other regulatory frameworks Manage security audit processes and remediation efforts across multiple compliance standards Develop and maintain security policies, standards, and procedures Conduct risk assessments and manage enterprise risk register Outcome: Continuous compliance with all regulatory requirements and proactive risk management 6. Security Engineering & Testing Oversee application security including SAST, DAST, and software composition analysis Manage penetration testing programs including scope, vendor management, and remediation Implement infrastructure security controls for cloud and on-premise environments Drive automation of security controls and integration into CI/CD pipelines Outcome: Comprehensive security testing coverage with vulnerabilities identified and remediated early 7. Cross-functional Partnership Partner with Engineering on secure development practices and security requirements Collaborate with Infrastructure teams on cloud security and zero-trust architecture Work with Legal and Compliance on regulatory requirements and audit responses Communicate security risks and metrics to executive stakeholders and board members Outcome: Security embedded throughout the organization with strong stakeholder alignment 8. Talent Strategy & Team Building Lead technical interviews and hiring decisions for security roles across multiple disciplines Develop team skills through training, certifications (CISSP, OSCP, AWS Security) Identify and cultivate future security leaders and architects Build team culture emphasizing proactive security and continuous improvement Outcome: Strong talent pipeline with security professionals growing into senior and leadership roles Required Qualifications Proven track record managing security teams of 15+ members across multiple disciplines Experience owning P&L or budget responsibility for enterprise security programs Demonstrated ability to connect security initiatives to business outcomes and risk reduction Experience building and operating security programs including SecOps, compliance, and engineering Strong background in cloud security, DevSecOps, and modern security practices Experience managing compliance for regulated environments (HIPAA, FedRAMP, SOC2) Track record of reducing security incidents and improving security posture metrics Bachelor's degree in Computer Science, Information Security, or equivalent experience Skills: Technical Cloud Security: AWS/Azure/GCP security services, IAM, network security Security Tools: SIEM (Splunk/Datadog), SAST/DAST (Snyk), EDR (CrowdStrike) Infrastructure Security: Zero-trust architecture, microsegmentation, Kubernetes security Compliance Frameworks: HIPAA, NIST CSF, StateRAMP, SOC2, ISO 27001 Penetration Testing: OWASP, threat modeling, vulnerability management Languages: Python, Bash, Terraform, understanding of multiple programming languages Business & Financial Financial Management: Security budget ownership, tool optimization, and ROI analysis Risk Management: Risk assessment, risk register management, and business impact analysis Security Metrics: MTTD, MTTR, vulnerability closure rates, compliance scores Value Communication: Articulating security investments in business risk terms Vendor Management: Managing MSSPs, penetration testing firms, and security tools Leadership People Management: Performance management, career development, and 24/7 team coordination Team Building: Hiring across security disciplines, onboarding, and culture development Communication: Board-level reporting, incident communication, and technical translation Decision Making: Risk-based security decisions and incident response leadership Strategic Thinking: Aligning security strategy with business objectives Change Management: Leading security transformation and tool migrations General Problem-Solving: Complex security incident and architectural challenge resolution Collaboration: Working effectively with Engineering, Legal, Compliance, and Executive teams Mentorship: Developing security professionals across multiple specializations Process Improvement: Implementing security automation and operational efficiency Crisis Management: Leading through security incidents and maintaining composure under pressure Speridian is an Equal Opportunity Employer #J-18808-Ljbffr