Cybersecurity roadmap for a company that has no security

Hello,

I was hired not too long ago as a cybersecurity specialist. I really haven’t had a cyber job before- at least one where it was structured. I don’t know the ins and outs of corporate security needs.

I am working on implementing an asset manager, remote management for devices, new firewall rules, VPNs, a SIEM, documentation on business continuity, DLP, AUP, etc. I’m also working on ensuring compliance with HIPAA, securing emails, making network maps, etc.

What would you say I’m missing? There’s a lot of things I’d want to implement but I’m trying to create a roadmap for the year and being as I haven’t had real experience before I’m hoping someone can point me in the right direction. What’s important? What would you do?