Information Security Manager

About The Position

Requirements

• Bachelor’s degree in Computer Science with an emphasis on Information Security, or equivalent experience
• 7+ years of progressive experience in information security or cybersecurity roles, including hands-on implementation
• 3–5 years of experience owning or leading security programs, controls, or governance functions including hands‑on experience in implementing information security best practices, and experience with security monitoring, incident response, or vulnerability management.
• Practical experience in a Health Care organization, and expertise in industry regulatory and standards frameworks (HIPAA, NIST, etc)
• Experience in cloud based environments, specifically Microsoft 365.
• Experience in networking concepts, operating systems, and cloud environments
• Familiarity with regulatory and standards frameworks (HIPAA, NIST, etc.).
• Strong analytical and problem‑solving skills with attention to detail.
• Ability to lead through influence.
• Ability to communicate complex issues clearly to technical and non‑technical audiences.
• Ability to travel up to 2 weeks per quarter.

Nice To Haves

• Experience in a start up organization.
• Experience supporting audits, partner security assessments, or SOC/HIPAA readiness efforts.
• Experience in creating technology solutions based on business requirements
• Experience working remotely – this is a remote position.
• Professional certifications such as CISSP, CISM, CISA, or Security+ (preferred, not required)
• A strong connection to the mission of our business
• Experience working with technology managed service providers

Responsibilities

• Define, implement, and maintain administrative, technical, and physical security controls appropriate for a PACE organization
• Own security design decisions and control selection, balancing risk, regulatory requirements, and operational realities
• Security monitoring and incident response: configure and monitor tools, logs, and alerts, analyze activity, and investigate potential security incidents
• Serve as primary security escalation point for internal teams and external partners
• Lead incident response planning, tabletop exercises, post-incident reviews, and remediation tracking
• Perform vulnerability management activities, based on internal and external scans, and coordinate remediation activities
• Maintain an enterprise security risk register, including risk scoring, mitigation plans, and executive-level reporting
• Support business continuity and disaster recovery security requirements in partnership with IT and Operations
• Lead Access and Identify management, developing best practice procedures, and enabling others to work within these processes
• Oversee privileged access, role-based access controls, joiner/mover/leaver processes, and periodic access reviews
• Ensure appropriate data protection controls for PHI, including encryption, logging, and monitoring
• Draft, maintain, and enforce security policies, standards, and procedures aligned to HIPAA, NIST, and partner requirement
• Design and operate recurring security oversight and audit processes, including evidence collection and remediation tracking
• Lead and coordinate internal and external security audits, assessments, and partner security reviews
• Establish and manage a third-party security and risk management program, including vendor risk assessments and ongoing monitoring
• Partner closely with IT, Compliance, Legal, Clinical, and Operations teams to embed security into daily workflows.

Benefits

• medical/dental/vision insurance
• paid parental leave (birthing and non-birthing parents)
• short and long-term disability
• life insurance
• flexible spending accounts
• 401(k) savings
• paid time off
• company-paid holidays