Skip to main content

Sys Director IT Cybersecurity

CommonSpirit Health Englewood, Colorado

The posted compensation range of $62.51 - $90.64 /hour is a reasonable estimate that extends from the lowest to the highest pay CommonSpirit in good faith believes it might pay for this particular job, based on the circumstances at the time of posting. CommonSpirit may ultimately pay more or less than the posted range as permitted by law.

Requisition ID 2024-355347 Employment Type Full Time Department Information Technology Hours/Pay Period 80 Shift Day Weekly Schedule standard Remote Yes Category Information Technology

CommonSpirit Health was formed by the alignment of Catholic Health Initiatives (CHI) and Dignity Health. With more than 700 care sites across the U.S. from clinics and hospitals to home-based care and virtual care services CommonSpirit is accessible to nearly one out of every four U.S. residents. Our world needs compassion like never before. Our communities need caring and our families need protection. With our combined resources CommonSpirit is committed to building healthy communities advocating for those who are poor and vulnerable and innovating how and where healing can happen both inside our hospitals and out in the community.

CommonSpirit Health is the second largest not-for-profit health care provider in the United States.  With 142 hospitals and over 700 care sites across 21 states, CommonSpirit cares for millions of patients each year and employs over 150K people.  As a mission-driven health system, CommonSpirit is committed to building healthier communities, advocating for the poor and disenfranchised, and innovating how and where healing can happen—both inside our hospitals and out in the community

Job Summary / Purpose

The Director, Attack Surface Management will enable CommonSpirit’s mission by directing development and ongoing maturity of cybersecurity product and control designs for the entire organization.  The Director will continually evaluate current state cybersecurity controls against desired clinical and business outcomes, risk, standards, and best practices in order to document and evangelize strategies, plans, models, processes and patterns that mature cybersecurity controls and further the organization’s capabilities to achieve its mission.  

The Director will report to the Vice President of Cybersecurity Vigilance & Defense and will lead and inspire a dedicated group of cyber professionals.  She or he will build and maintain programs that develop employees with technical and soft-skills, enabling them for growth.  The Director is responsible for setting Attack Surface Management priorities, taking into consideration ideas, input, and feedback from employees and stakeholders.  Reporting to the Director will be a team of individual contributors who focus on Attack Surface Management.

The Director, Attack Surface Management will develop and report on measurements that show outcomes across the categories of organizational health, financial management, security risk reduction and staff engagement.  

The Director will work with peers and colleagues from all areas of IT and the organization.


al Key Job Responsibilities

  • Develop and evangelize enterprise strategies, plans, and solutions that address clinical and business needs, reduce cybersecurity risk, and increase operational effectiveness.
  • Partner with organizational leaders to develop and maintain reference architectures, plans, models, maps, standards, and patterns that inform and drive the organization toward future state objectives.
  • Serve as a member of, and primary Cybersecurity stakeholder on, the IT Strategy Working Group to foster and promote an Attack Surface Management that drives reduction of technology risk and increases operational excellence and user satisfaction.
  • Advise and work with clinical, business, and IT stakeholders on enterprise security direction, strategy and design.

The job summary and responsibilities listed above are designed to indicate the general nature of the work performed within this job. They are not designed to contain or be interpreted as a comprehensive inventory of all job responsibilities required of employees assigned to this job. Employees may be required to perform other duties as assigned.

  • Bachelor’s and Master’s degrees in related field preferred
  • Equivalent job experience accepted
  • Security relevant certifications preferred but not required, such as:
    • CISM
    • CISA
    • CISSP
  • 10+ years of demonstrable cybersecurity experience in healthcare relevant to evaluating solutions against business needs and cyber-risk reduction.
  • 5+ years of leadership experience in IT.
  • Demonstrated experience in a current or previous large-scale enterprise architecture leadership role or equivalent experience
  • Demonstrated ability to oversee, direct, and/or contribute to multiple simultaneous large-scale enterprise initiatives.
  • Demonstrated ability to lead the development of long-range IT plans and strategies.  Knowledge of industry standard practices and IT function.
  • Strong personnel management skills and ability to manage teams in a virtual environment.

While you’re busy impacting the healthcare industry, we’ll take care of you with benefits that may include health/dental/vision, FSA, matching retirement plans, paid time off, tuition assistance, adoption assistance, and more!

Unless directed by a Collective Bargaining Agreement, applications for this position will be considered on a rolling basis. CommonSpirit Health cannot anticipate the date by which a successful candidate may be identified.

Map this location

Get an idea of what your daily routine can be like.

Click Here >

Join our Talent Community so you can stay connected and be alerted to future opportunities.

Sign Up

No recently viewed jobs

You have no saved Jobs

Equal Opportunity

CommonSpirit Health™ is an Equal Opportunity/Affirmative Action employer committed to a diverse and inclusive workforce. All qualified applicants will be considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, parental status, ancestry, veteran status, genetic information, or any other characteristic protected by law. For more information about your EEO rights as an applicant, please click here.

CommonSpirit Health™ will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c). External hires must pass a post-offer, pre-employment background check/drug screen. Qualified applicants with an arrest and/or conviction will be considered for employment in a manner consistent with federal and state laws, as well as applicable local ordinances, ban the box laws, including but not limited to the San Francisco and Los Angeles Fair Chance Ordinances. If you need a reasonable accommodation for any part of the employment process, please contact us by telephone at (415) 438-5575 and let us know the nature of your request. We will only respond to messages left that involve a request for a reasonable accommodation in the application process. We will accommodate the needs of any qualified candidate who requests a reasonable accommodation under the Americans with Disabilities Act (ADA). CommonSpirit Health™ participates in E-Verify.