Information Security Manager

About The Position

Requirements

• 5+ years of experience in information security, cybersecurity, or IT security operations.
• Experience working in Microsoft-centric environments (Microsoft 365, Azure, identity and access management).
• Experience managing or working with managed SOC/SIEM providers.
• Hands-on experience with endpoint protection, firewall management, and email security platforms.
• Strong knowledge of incident response, vulnerability management, and threat detection.
• Ability to communicate security risks and recommendations to both technical teams and executive leadership.

Nice To Haves

• Experience with Sophos firewalls and endpoint protection.
• Experience with Abnormal Security or similar advanced email security solutions.
• Experience supporting multi-site or healthcare-related organizations.
• Security certifications such as CISSP, CISM, Security+, or similar.

Responsibilities

• Serve as the primary internal point of contact for the organization’s 24x7 SOC and SIEM managed security services provider, ensuring proper monitoring, alert response, and escalation procedures.
• Lead incident response efforts including investigation, containment, remediation, and post-incident analysis.
• Build, maintain and improve the organization’s incident response plans and security playbooks.
• Research, recommend and / or implement new tools/services/software to help improve the security posture of the organization.
• Manage and maintain security controls across key technology platforms including: Microsoft 365 and Azure environments Identity and access management Endpoint protection and device security Network security and firewall infrastructure Email security platforms
• Administer and optimize security technologies including Sophos firewalls, Sophos endpoint protection, and Abnormal Security email protection.
• Partner with the IT infrastructure team to ensure security is embedded across all systems and deployments.
• Conduct vulnerability assessments and coordinate remediation activities.
• Develop, implement, and maintain security policies, procedures, and standards aligned with industry best practices (NIST, CIS, or ISO frameworks).
• Monitor emerging threats and implement preventative controls to protect organizational systems and data.
• Develop and lead a security awareness program, including phishing simulations and employee cybersecurity education.
• Promote a culture of cybersecurity awareness across corporate and clinical teams.
• Work with security vendors and service providers to ensure effective operation of security tools and services.
• Coordinate with internal IT teams and external partners to implement security controls and improvements.

Benefits

• medical
• dental
• vision coverage
• 401(k) with company match
• paid time off
• paid holidays
• additional wellness and development benefits