Information Security Manager

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, or a related discipline required; Master’s preferred.
• Minimum 5–8 years of experience in information security or risk management roles.
• Strong knowledge of HIPAA Security Rule, NIST CSF, CIS Controls, and ISO 27001 frameworks.
• Experience with governance, risk, and compliance (GRC) tools and risk tracking systems.
• Demonstrated ability to manage incident response and vulnerability management programs.
• Excellent analytical, communication, and stakeholder engagement skills.
• Professional certifications such as CISSP, CISM, or CRISC preferred.

Responsibilities

• Design, implement, and manage the enterprise-wide cybersecurity framework.
• Develop, maintain, and enforce information security policies, standards, and procedures aligned with regulatory and industry best practices.
• Map and manage controls across HIPAA, NIST CSF, CIS Controls, and related frameworks.
• Oversee governance platforms to track risks, evidence, and control ownership.
• Lead third-party risk management activities, including security assessments, contract reviews, and lifecycle oversight.
• Support Data Loss Prevention (DLP), vulnerability management, and incident response processes to detect and mitigate threats.
• Coordinate internal and external audit activities, ensuring timely remediation of findings.
• Deliver security awareness training and mentorship to junior team members.
• Participate in executive and governance committees to represent the information security function and provide strategic guidance.

Benefits

• Select Family Medical, Dental, and Vision Insurance
• Paid Time Off and Paid Sick Time
• 401(k)
• Referral Program