• Deploy HIPAA aligned best practice security architecture across Microsoft 365 environment and Meraki based WAN. • Define, implement, and maintain administrative, technical, and physical security controls appropriate for a PACE organization. • Own security design decisions and control selection, balancing risk, regulatory requirements, and operational realities. • Security monitoring and incident response: configure and monitor tools, logs, and alerts, analyze activity, and investigate potential security incidents. • Serve as primary security escalation point for internal teams and external partners. • Lead incident response planning, tabletop exercises, post-incident reviews, and remediation tracking. • Perform vulnerability management activities, based on internal and external scans, and coordinate remediation activities. • Maintain an enterprise security risk register, including risk scoring, mitigation plans, and executive-level reporting. • Support business continuity and disaster recovery security requirements in partnership with IT and Operations. • Lead Access and Identify management, developing best practice procedures, and enabling others to work within these processes. • Oversee privileged access, role-based access controls, joiner/mover/leaver processes, and periodic access reviews. • Ensure appropriate data protection controls for PHI, including encryption, logging, and monitoring. • Draft, maintain, and enforce security policies, standards, and procedures aligned to HIPAA, NIST, and partner requirement. • Design and operate recurring security oversight and audit processes, including evidence collection and remediation tracking. • Lead and coordinate internal and external security audits, assessments, and partner security reviews. • Establish and manage a third-party security and risk management program, including vendor risk assessments and ongoing monitoring. • Partner closely with IT, Compliance, Legal, Clinical, and Operations teams to embed security into daily workflows.