Speridian Technologies is seeking a Senior Cybersecurity Manager/Coach for our State of California client, the Department of Health Care Services, Behavioral Health. This person will be part of a long-term, fully budgeted, state-of-the-art, extremely vast IT modernization project working with a variety of cross-functional teams and stakeholders.
This is a remote role, however, there will be meetings in the Sacramento area several times a year. Candidates are expected to work business hours, Monday-Friday Pacific time zone(PST). All candidates must be based in and work from the US.
Join DHCS’s Behavioral Health Transformation: Where Purpose Meets Innovation
Location: Remote/Hybrid
Department: Department of Healthcare Services (DHCS)
Commitment: Full-Time Consultant (W2 employee of Speridian or 1099/IC for Speridian)
Why DHCS?
We work within government, for government, to deliver outcomes that matter to the citizens of California – but we don’t work like government. We are value-driven, agile in practice and philosophy, constantly innovating and improving our processes and tech stack, and committed to self-governing teams within a matrixed leadership structure.
We are passionate about solution delivery as a principle, entailing greater transparency and accountability for what is being delivered, decreasing risks faster, delivering organizational value sooner, and maximizing the flexibility and responsiveness of digital solutions to our customers' evolving business needs.
We serve the California Department of Health Care Services, which provides equitable access to quality health care for a third of Californians, leading to a healthy California for all. Right now, we are focused on transforming the delivery of behavioral health care delivery in California, including reducing suicide, drug overdoses, and the types of mental health and addiction crises that result in people living in tents on the streets where we live, too. We take this work very seriously, and we take team camaraderie and enjoying working with each other very seriously. We’re looking for innovators who are passionate about purposeful work and excited by the opportunity to drive lasting change through innovative solutions.
Our Core Values (Achieve Together, Be Curious, Elevate Yourself, and Deliver Value)- We achieve together by championing a team-oriented workplace built on mutual respect, collaboration, and open communication.
- We encourage individuals and teams to constantly be curious and seek a deeper understanding and fresh ideas that drive innovation and meaningful change
- We provide a supportive workplace where you can elevate yourself and achieve personal growth through continuous learning, focused effort, and perseverance
- We deliver value as part of every action we take to serve California’s citizens
We’re honest about the challenges—state government is bureaucratic, and we can't match most tech salaries.
But here’s what we can offer:
Purpose that matters
Teammates who care deeply
Work-life balance and remote work
We're not just changing systems—we're changing how government works
Overview/Description
Senior Cybersecurity Manager/Coach
Ready to defend California's digital healthcare frontier? Join the Department of Healthcare Services (DHCS) as a Senior Cybersecurity Manager, where you'll lead the security transformation protecting sensitive healthcare data for 14 million Californians against nation-state actors and sophisticated cyber threats.
As a Senior Cybersecurity Manager, you'll command a multidisciplinary security force spanning security engineering, SecOps, compliance, and penetration testing. This role transcends traditional security management – you'll architect zero-trust environments, orchestrate threat hunting operations, and build security programs that enable innovation rather than inhibit it. Your strategies will protect billions in healthcare transactions, ensure HIPAA compliance at massive scale, and establish DHCS as a model for government cybersecurity excellence.
DHCS offers the unique challenge of securing healthcare systems with nation-state level threats while maintaining the agility of a tech startup. You'll have comprehensive ownership across the security spectrum, from writing infrastructure-as-code for security controls to briefing executives on risk posture. You'll build a security organization that shifts from reactive compliance to proactive cyber resilience.
We're seeking a security leader who thrives in complexity – someone who can reverse-engineer malware while designing enterprise security architecture, who treats compliance as a baseline not a ceiling, and who believes that government agencies should set the standard for security excellence, not follow it.
Responsibilities & Outcomes
1. Security Strategy & Architecture- Drive enterprise security strategy across security engineering, SecOps, and compliance domains
- Design and oversee security architecture for cloud-native and hybrid environments
- Champion shift-left security practices including secure coding, threat modeling, and DevSecOps
- Make critical trade-off decisions balancing security controls, operational efficiency, and delivery timelines
Outcome: Organizations operate with robust security postures that enable business while managing risk
2. Business Ownership & Financial Accountability- Own security metrics and ROI for security investments across tools, people, and processes
- Develop cost-benefit analyses for security controls, tooling decisions, and compliance initiatives
- Manage team budget including security tools, penetration testing, audits, and infrastructure
- Translate security improvements into business value through reduced incidents and compliance costs
- Drive efficiency improvements in security operations while maintaining comprehensive protection
Outcome: Security decisions driven by risk-based approach with clear ROI and business alignment
3. People Management & Development- Manage, mentor, and develop a team of 10-20 security engineers across multiple disciplines
- Conduct regular 1:1s focused on career development and performance
- Execute performance management including promotions, improvement plans, and difficult conversations
- Build diverse, inclusive teams through thoughtful hiring and team composition
Outcome: High-performing teams with strong retention, clear growth paths, and engaged security professionals
4. Security Operations & Incident Response- Establish and maintain security operations capabilities and incident response procedures
- Lead incident response efforts for critical security events and coordinate cross-functional response
- Implement security monitoring, SIEM management, and threat intelligence programs
- Drive continuous improvement in mean time to detect (MTTD) and mean time to respond (MTTR)
Outcome: Rapid detection and response to security threats with minimal business impact
5. Compliance & Risk Management- Ensure adherence to HIPAA, StateRAMP, NIST, and other regulatory frameworks
- Manage security audit processes and remediation efforts across multiple compliance standards
- Develop and maintain security policies, standards, and procedures
- Conduct risk assessments and manage enterprise risk register
Outcome: Continuous compliance with all regulatory requirements and proactive risk management
6. Security Engineering & Testing- Oversee application security including SAST, DAST, and software composition analysis
- Manage penetration testing programs including scope, vendor management, and remediation
- Implement infrastructure security controls for cloud and on-premise environments
- Drive automation of security controls and integration into CI/CD pipelines
Outcome: Comprehensive security testing coverage with vulnerabilities identified and remediated early
7. Cross-functional Partnership- Partner with Engineering on secure development practices and security requirements
- Collaborate with Infrastructure teams on cloud security and zero-trust architecture
- Work with Legal and Compliance on regulatory requirements and audit responses
- Communicate security risks and metrics to executive stakeholders and board members
Outcome: Security embedded throughout the organization with strong stakeholder alignment
8. Talent Strategy & Team Building - Lead technical interviews and hiring decisions for security roles across multiple disciplines
- Develop team skills through training, certifications (CISSP, OSCP, AWS Security)
- Identify and cultivate future security leaders and architects
- Build team culture emphasizing proactive security and continuous improvement
Outcome: Strong talent pipeline with security professionals growing into senior and leadership roles
Requir
ed QualificationsProven- track record managing security teams of 15+ members across multiple disciplinesExperi
- ence owning P&L or budget responsibility for enterprise security programsDemons
- trated ability to connect security initiatives to business outcomes and risk reductionExperi
- ence building and operating security programs including SecOps, compliance, and engineeringStrong
- background in cloud security, DevSecOps, and modern security practicesExperi
- ence managing compliance for regulated environments (HIPAA, FedRAMP, SOC2)Track
- record of reducing security incidents and improving security posture metricsBachel
- or's degree in Computer Science, Information Security, or equivalent experienceSkills
:TechnicalCloud - Security: AWS/Azure/GCP security services, IAM, network securitySecuri
- ty Tools: SIEM (Splunk/Datadog), SAST/DAST (Snyk), EDR (CrowdStrike)Infras
- tructure Security: Zero-trust architecture, microsegmentation, Kubernetes securityCompli
- ance Frameworks: HIPAA, NIST CSF, StateRAMP, SOC2, ISO 27001Penetr
- ation Testing: OWASP, threat modeling, vulnerability managementLangua
- ges: Python, Bash, Terraform, understanding of multiple programming languagesBusine
ss & FinancialFinanc- ial Management: Security budget ownership, tool optimization, and ROI analysisRisk M
- anagement: Risk assessment, risk register management, and business impact analysisSecuri
- ty Metrics: MTTD, MTTR, vulnerability closure rates, compliance scoresValue
- Communication: Articulating security investments in business risk termsVendor
- Management: Managing MSSPs, penetration testing firms, and security toolsLeader
shipPeople- Management: Performance management, career development, and 24/7 team coordinationTeam B
- uilding: Hiring across security disciplines, onboarding, and culture developmentCommun
- ication: Board-level reporting, incident communication, and technical translationDecisi
- on Making: Risk-based security decisions and incident response leadershipStrate
- gic Thinking: Aligning security strategy with business objectivesChange
- Management: Leading security transformation and tool migrationsGenera
lProble- m-Solving: Complex security incident and architectural challenge resolutionCollab
- oration: Working effectively with Engineering, Legal, Compliance, and Executive teamsMentor
- ship: Developing security professionals across multiple specializationsProces
- s Improvement: Implementing security automation and operational efficiencyCrisis
- Management: Leading through security incidents and maintaining composure under pressureSperid
ian is an Equal Opportunity Employer
