Information Security Manager

Nox Health•Alpharetta, GA

About The Position

The Information Security Manager is responsible for leading the organization’s cybersecurity program to protect systems, networks, data, and business operations from evolving threats. This role oversees security strategy execution, manages security operations, ensures regulatory compliance, and drives risk reduction initiatives across the enterprise. This role oversees security operations program and ensures the effective execution and continuous improvement of core cybersecurity functions. The ideal candidate is a hands-on technical leader who can translate security strategy into operational execution, mature security processes, and drive measurable risk reduction across the enterprise. This individual will lead security operations, support compliance initiatives (HIPAA, HITRUST, SOC 2, ISO 27001, and FedRAMP), manage risk, and partner cross-functionally to embed security into product development and cloud infrastructure.

Requirements

Bachelor’s degree in Information Security, Computer Science, Information Technology, or related field (or equivalent experience).
7+ years of progressive experience in cybersecurity.
3+ years of experience leading or managing security operations teams.
Hands-on experience with security operations tools such as SIEM, endpoint security, DLP, vulnerability scanning or continuous exposure management, and identity management systems.
Working experience with managing incident response activities
Experience in conducting risk assessments.
Strong understanding of security frameworks (NIST CSF, ISO 27001, CIS Controls).
Experience with cloud security (AWS, Azure, GCP).
Experience working in regulated environments (e.g., healthcare, financial services, SaaS, etc.).
Strong communication and stakeholder management skills.
Experience leading cross-functional security initiatives.
Experience leading audit and compliance initiatives (leading HITRUST and FedRAMP certifications is preferred).
Familiarity with DevSecOps practices.
Experience with GRC platforms.
Strong understanding of PHI protection and data privacy

Nice To Haves

Professional certifications such as CISSP, CISM, CRISC, GIAC, or equivalent (preferred).

Responsibilities

Lead day-to-day security operations and manage security team members, providing mentorship, performance management, and professional development.
Help develop, implement, and maintain information security strategy and roadmap aligned with business objectives and customer commitments.
Establish and track security KPIs and metrics; provide regular reporting to leadership.
Promote a strong security culture across the organization.
Serve as a trusted advisor to product, engineering, compliance, and customer success teams.
Oversee monitoring, detection, and response to security events and incidents.
Ensure proper management of security tools including SIEM, EDR, vulnerability management, DLP, IAM, and CSPM solutions.
Ensure secure configuration and hardening of devices, cloud infrastructure, and SaaS platforms.
Oversee Managed Detection and Response service.
Collaborate with DevOps and engineering teams to integrate security into CI/CD pipelines.
Support secure architecture reviews for new products and features.
Drive continuous improvement of operational security processes.
Monitor emerging threats and adjust defensive strategies accordingly.
Align risk management activities with regulatory and compliance requirements.
Conduct and oversee risk assessments across systems, applications, and vendors.
Maintain and track the enterprise risk register and remediation plans.
Ensure compliance with relevant regulatory and industry standards.
Maintain policies, standards, and procedures aligned with NIST CSF, ISO 27001, HITRUST, and FedRAMP frameworks.
Support internal and external audits to achieve certifications.
Lead the incident response program, including preparation, detection, analysis, containment, eradication, and recovery.
Support the development, maintenance, and testing of Incident Response Plan.
Oversee triage and investigation of security events and alerts.
Coordinate cross-functional teams during security incidents and internal incident exercises.
Act as escalation point and incident commander for major security incidents.
Conduct post-incident reviews and drive root cause analysis and corrective actions.
Maintain and test incident response playbooks, including breach notification procedures.
Monitor emerging healthcare and SaaS-specific threats.
Oversee vulnerability scanning, remediation tracking, and reporting across infrastructure and applications.
Prioritize remediation efforts based on business impact and risk.
Coordinate penetration testing and track remediation to closure.
Support the development, maintenance, and testing of Business Continuity and Disaster Recovery plans.
Ensure disaster recovery testing is conducted regularly and documented.
Ensure security considerations are embedded in resilience planning.
Ensure backup, recovery, and resilience capabilities meet defined RTO/RPO objectives.
Lead tabletop exercises and crisis management activities.
Partner with IT, devops, development, engineering, legal, compliance, and business teams to embed security into projects and operations.
Provide security guidance for new technologies, cloud deployments, and third-party integrations.
Evaluate and recommend security technologies and solutions.