Associate Director of Cybersecurity, Physical Security, and AI Governance

Associate Director of Cybersecurity, Physical Security, and Artificial Intelligence (AI) Governance

ECG Management Consultants is seeking an Associate Director of Cybersecurity, Physical Security, and Artificial Intelligence (AI) Governance to join our team. With over 50 years of experience, ECG is a leading healthcare consulting firm dedicated to improving patient outcomes through innovative solutions. This role is strategic and governance-focused, responsible for shaping our long-term approach to security and responsible AI use.

About ECG

ECG is a national consulting firm redefining healthcare. We offer a wide range of services to providers, payers, and investors, focusing on practical, tailored solutions. We foster a collaborative, inclusive, and supportive work environment.

Your Opportunity with ECG

Reporting to the IT director, the Associate Director will define and advance the organization’s approach to cybersecurity, physical security, data governance, and responsible AI use. This strategic role involves establishing vision, policy, and risk evaluation, partnering with various departments to support execution.

Your Responsibilities May Include

Enterprise Security, Data, and AI Governance Strategy

• Define and maintain a multiyear enterprise strategy for cybersecurity, physical security, data analytics governance, and AI/automation risk.
• Ensure security, data, and AI considerations are integrated into IT architecture, cloud platforms, analytics initiatives, and application delivery.
• Advise IT leadership on risks, opportunities, and investments related to emerging technologies.
• Translate technical, physical, and AI risks into business impacts for executive decision-making.

AI and Data Governance

• Establish and maintain the organization’s AI governance framework, including acceptable AI use, data privacy, security, and ethical guardrails.
• Partner with data and analytics teams to define standards for data classification, protection, and platform security.
• Act as the escalation point for AI-related risks, misuse, or policy exceptions.
• Balance security needs with business objectives to ensure safe practices without hindering business goals.

Governance, Policy, and Risk Management

• Own enterprise governance for cybersecurity, physical security, data protection, and AI use within ECG.
• Develop and maintain policies, standards, and control objectives.
• Lead enterprise risk assessments across cyber, physical, data, and AI domains.
• Align governance practices with recognized frameworks such as NIST, ISO, and applicable privacy or AI standards.

Cross‑Functional Leadership and Collaboration

• Provide strategic oversight into cybersecurity, physical security, and data governance functions.
• Partner closely with IT infrastructure, applications, architecture, data and analytics, HR, legal, and compliance teams.
• Act as the security, data, and AI-governance authority in IT leadership forums.
• Promote a culture of responsible innovation that balances progress with trust and control.

Investment, Metrics, and Executive Reporting

• Advise IT leadership on security, analytics, and AI investment priorities.
• Define and track KPIs and KRIs for security posture, data governance maturity, and AI risk.
• Deliver executive-ready reports on trends, risks, and program effectiveness.

Incident Preparedness and Oversight

• Define enterprise-level strategies for cyber incidents, physical security events, data breaches, and AI misuse scenarios.
• Ensure leadership readiness for high-impact incidents.
• Lead post-incident strategic reviews focused on systemic improvement and governance maturity.

Collaboration with Legal and Compliance

• Partner with compliance teams to ensure AI and data governance align with regulatory, contractual, privacy, and ethical obligations.
• Co-develop policies addressing AI use, intellectual property, confidentiality, and third-party risk.
• Support coordinated responses to AI-related incidents, audits, or regulatory inquiries.

Qualifications

Required Qualifications

• Bachelor’s degree in information security, computer science, data management, or a related field (or equivalent experience).
• Typically, 7+ years of experience in cybersecurity, risk management, enterprise IT, data governance, or related leadership roles.
• Demonstrated experience leading enterprise-level security strategy and governance.
• Strong understanding of cybersecurity and physical security principles, data analytics platforms and data protection, and AI/generative AI risk, governance, and ethical considerations.
• Proven ability to communicate complex risk topics to executive audiences.

Preferred Qualifications

• Advanced degree (MBA, MS, or equivalent).
• Relevant certifications (CISSP, CISM, CRISC, CPP, CDGM, or AI-governance credentials).
• Experience supporting cloud-based, analytics-driven, and AI-enabled enterprise environments.
• Experience presenting to executive leadership or governance committees.
• Experience with Microsoft environments (Azure, Fabric).
• Experience with security products (Defender, Sentinel, Purview, Entra, Azure WAF, Brivo badging system).

Job Locations

Remote. Travel as needed (approximately 10%).

Schedule

Full time/exempt.

What You Can Expect Of Us

ECG offers an attractive compensation package, challenging work, and an entrepreneurial environment. Benefits include medical, dental, and vision coverage; a 401(k) matching program; unlimited PTO; and other wellness programs. The estimated base salary range is $150,000 – $175,000 annually, plus eligibility for annual incentive compensation.

Apply Now

Submit your resume via our career site at https://careers.ecgmc.com.

Key skills/competency

• Cybersecurity Strategy
• Physical Security Management
• AI Governance
• Data Governance
• Risk Management
• Policy Development
• Enterprise Security
• IT Leadership
• Executive Communication
• Compliance