IT Security Manager-FT-Information Services-Provo

RevereHealth-posted about 1 month ago
Full-time • Mid Level
Hybrid • Provo, UT
251-500 employees
Ambulatory Health Care Services
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

Revere Health is the largest independent physician-owned medical group in Utah and a leader in value-based care. We are committed to improving the health of the communities we serve while continuously growing and modernizing our organization. As the IT Security Manager, you will play a central role in protecting our patients, providers, and business by turning our security strategy into day-to-day execution. Working under the direction of the Director of IT & Security and in close collaboration with external vCISO/MSSP partners, you will operationalize our security program and help mature our capabilities across identity and access management (IAM), data protection, third-party risk, business continuity and disaster recovery (BC/DR), secure SDLC, incident response, and technical security controls. You will join a highly collaborative ITS team that is continuously striving to increase operational maturity and effectiveness. This role is ideal for a confident, self‑motivated professional with strong curiosity, learning agility, initiative, communication skills, and organizational discipline. You will also have the opportunity to mentor and develop the next generation of IT and security professionals at Revere Health.

  • Execute the Security Program
  • Translate security program plans into actionable projects and workstreams.
  • Develop realistic schedules, track milestones, risks, and deliverables.
  • Run regular working sessions and provide clear, concise status reporting.
  • Drive Risk Management and Support Compliance
  • Maintain the risk register in partnership with the Security Compliance function.
  • Coordinate risk treatments with system and business owners and ensure follow-through.
  • Support internal/external audits and respond to security questionnaires from partners and customers.
  • Operationalize Policies, Standards, and Procedures
  • Manage the rollout and adoption of security policies and standards.
  • Ensure practical procedures and runbooks are documented, communicated, and followed.
  • Identify gaps and propose pragmatic improvements to increase operational maturity.
  • Lead Identity and Access Management (IAM) Operations
  • Operationalize joiner/mover/leaver processes, RBAC, quarterly access reviews, and privileged access management.
  • Coordinate MFA/SSO integrations with IT Operations and application owners.
  • Continuously refine IAM processes to support secure, efficient access for clinicians and staff.
  • Advance Data Protection
  • Implement data classification and handling practices that protect PHI and sensitive information.
  • Enforce encryption and key management standards across in-scope systems.
  • Deploy and tune DLP baselines, working closely with business and technology stakeholders.
  • Coordinate Security Operations and Incident Response
  • Serve as the day-to-day liaison to MDR/MSSP partners for monitoring and incident response.
  • Maintain and refine IR playbooks, escalation paths, and contact lists.
  • Coordinate tabletop exercises and after-action reviews to strengthen readiness.
  • Lead Vulnerability and Patch Management Cadence
  • Own the vulnerability management rhythm-scanning, triage, prioritization, and reporting.
  • Partner with Infrastructure and Application teams to drive timely remediation and track SLA adherence.
  • Verify fixes and help teams understand the risk context behind remediation priorities.
  • Support Third-Party Risk Management
  • Partner with Compliance, Procurement, and Legal on vendor intake, tiering, and security due diligence.
  • Help define security requirements for third-party relationships and track remediation follow-up.
  • Ensure our partners' security practices align with Revere Health's expectations and obligations.
  • Coordinate BC/DR Exercises
  • Maintain the BC/DR test calendar and related playbooks for critical systems and processes.
  • Coordinate exercises with system owners, capture evidence, and track follow-up actions.
  • Contribute to the resilience of critical clinical and business services.
  • Enable Secure Software Development Lifecycle (SSDLC)
  • Introduce and track minimum security gates (e.g., SAST/DAST/dependency scanning).
  • Partner with development and application leads on remediation SLAs and secure design practices.
  • Help teams build security into solutions that support value-based care and organizational growth.
  • Promote Security Awareness and Develop Talent
  • Coordinate phishing simulations and role-based training in collaboration with Compliance and HR.
  • Define and report KPIs/KRIs to leadership that show progress and highlight focus areas.
  • Mentor and develop the IT Security Analyst and other team members, modeling curiosity, initiative, and professional growth.
  • 5-8+ years of experience in information security, IT risk, or closely related roles.
  • 2-4+ years leading security projects, operational workstreams, or coordination efforts.
  • Experience executing processes in several of the following areas:
  • Identity and access management (IAM)
  • Vulnerability management and patching
  • Incident response and security operations
  • Third-party risk management
  • Business continuity and disaster recovery (BC/DR)
  • Data protection (including PHI)
  • Secure SDLC practices
  • Understanding of the HIPAA Security Rule and PCI DSS; familiarity with frameworks such as NIST CSF or ISO 27001.
  • Strong project management skills, including -planning, dependency management, risk tracking, and active issue resolution.
  • Clear written and verbal communication skills, with the ability to work effectively across IT, clinical, and business stakeholders.
  • Bachelor's degree in Information Security, Information Systems, Computer Science, or a related field.
  • Professional certifications such as CISM, CISSP, CRISC, GCIH, PMP (or equivalent experience).
  • Experience with:
  • MDR/MSSP operating models and partner coordination
  • Healthcare environments or other regulated industries
  • Microsoft 365/Azure security capabilities
  • Cisco security solutions
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service