Information Security Manager (Hybrid)

About The Position

Requirements

• 5+ years’ experience as an IT Security Analyst
• 3+ years’ experience leading an IT Security program
• 2+ years in a healthcare environment, strong understanding of HIPAA-HITECH and PCI-DSS requirements
• 2+ years supporting or conducting audits within a regulated environment
• 2+ years conducting forensics to support various departments
• Experience working with vendors for SOC/MSSP and SRA services
• Strong understanding of NIST CSF and CSF-AI framework
• Experience building an enterprise-wide security program
• Strong understanding of Governance Risk and Compliance programs
• ITIL best practices
• High School Diploma or GED Equivalent
• Excellent oral and written communication skills, with focus in technical or instruction-oriented writing and in clearly communicating complicated concepts over the phone, in person and in writing
• Ability to convey ideas and information to others and receive feedback effectively
• Ability to communicate and interact successfully with a diverse community and develop and maintain positive professional relationships with colleagues and staff members
• Experience with auditing and monitoring tools including SIEM administration
• Experience with IDS/IPS and DLP solutions
• Application Firewall administration
• Internet access security and content filtering
• Knowledge of Email encryption systems
• Vulnerability management system administration
• HIDS/HIPS and MDR/EDR/XDR protection suites
• Experience utilizing tools to validate the extent of known attacks
• Experience working with networking technologies hardwire and wireless networks and protocols
• Multi-Factor Authentication, VPN and remote access methodology
• Experience handling, organizing, tracking, and reporting on user support incidents
• Experience working with Active Directory, DHCP, DNS, and Group Policy
• Understanding of Change Control Processes and Controls
• Laptop or Personal Computer
• Software required to perform within the Information Security role
• Prolonged, extensive, and considerable standing, sitting, walking, and/or lifting
• Manual dexterity and mobility
• Always reaching, stooping bending, kneeling, crouching
• Good organizational skills and ability to remain focused and concentrate with noise around
• Ability to handle multiple job task functions simultaneously
• Ability to work harmoniously with others as a team member
• Pre-employment requirements include I-9, physical, positive background and reference check results, complete application, new hire orientation, pre-employment PPDs. Compliance with all mandated vaccinations and all boosters is a term and condition of employment.

Nice To Haves

• B.S. in Computer Science, B.S. in Information Systems, Computer Science or related field

Responsibilities

• Working with the Information Technology and Application Teams to implement enterprise wide security planning to establish and maintain system controls by developing framework for controls and levels of access
• Lead risk management activities to ensure risks are prioritized, updated and communicated in accordance with NIST RMF SP 800-37; Recommend and implement improvements to prevent, reduce or mitigate risks; maintain risk register
• Working with Risk, Compliance and AI team, implement and monitor AI activities in accordance with NIST AI RMF 1.0
• Create and update the necessary policies associated with HIPAA-HITECH and PCI DSS requirements; Develops techniques and procedures for conducting IS and cyber security risk assessments and compliance audits, the evaluation and testing of hardware, firmware, and software for possible impact on system security, and the investigation and resolution of security incidents
• Leads the development of security awareness by providing orientation, educational programs, and on-going communication; Works with stakeholders at all levels of the organization to communicate the state of information security, inform of possible risks, and suggest ways to improve security; Work in conjunction with the compliance team on awareness training utilizing SYH’s education platform
• Lead working sessions with other members of the Information Technology teams and key business stakeholders to implement safeguards and controls based on known risks, threats, and vulnerabilities
• Lead efforts to monitor and audit systems, processes, and other controls in order to assess security and risk posture
• Ensure the completion of operational activities associated to network monitoring and intrusion detection analysis to determine if there have been any attacks on the system; Work with the applicable parties to test mitigation plans
• Evaluates, tests, recommends, develops, coordinates, monitors, and maintains information systems (IS) and cyber security policies, procedures, and systems, including access management for hardware, firmware, and software, and Business Continuity and Disaster Recovery preparedness, training, and testing
• Lead incident response management activities; to include incident response drills, training activities, documentation; Develop and refine incident response policy, procedures and standards; Execute bi-annual table top exercises
• Lead recurring internal IT Security audits and risk assessments in accordance with policies and procedures
• Ensures that IT and cyber security architecture/designs, plans, controls, processes, standards, policies, and procedures are aligned with IT standards and overall IT and cyber security; Identifies security risks and exposures, determines the causes of security violations, and suggests procedures to halt future incidents and improve security; Facilitate the design and execution of vulnerability assessments, penetration tests
• Work with external auditors during audits; Prepare documentation, files and information for audits; Work with auditors and internal team on outstanding tasks and findings identified during the audits
• Work with other members of the IT Department to implement resolutions identified in risk assessments, penetration/vulnerability testing and audits
• Mentor other IT Security, GRC staff on all facets of IT Security, IT Governance, IT Risk and IT Compliance
• Responsible for the identification, tracking and management of enterprise risks; This includes performing risk assessments and measuring the success and effectiveness of mitigation efforts; Identifies, evaluates, tests, and implements appropriate security products, tools, and systems to establish and ensure a secure infrastructure
• Articulates security policies, guidelines and standards to customers and developers; Able to apply theories, concepts, principles, and methodologies to difficult but conventional assignments
• Works independently within an established framework
• Stay up-to-date on the latest intelligence and methodologies related to information security in order to identify threats and manage risks; Updates job knowledge and awareness of IT Security developments by participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations; attending IT Security conferences; communicate the latest intelligence to key staff to minimize or prevent impact to SY Health
• Exemplifies and promotes the department’s four key success factors: Positivity, Ownership, Efficiency and Transparency, when working with both internal and external customers
• Performs other duties as assigned