ITS Security Program Manager

About The Position

Requirements

• Bachelor’s degree required, MBA or Graduate Degree highly preferred
• 5+ years of experience in an IT Security or Information Technology Services (ITS) environment, preferably within a healthcare or regulated industry.
• Strong working knowledge of information security principles, frameworks, regulations, and best practices, including HIPAA, SOC 2, PCI-DSS, and NIST.
• Broad understanding of IT systems, applications, infrastructure, and cloud technologies.
• Strong project and program management skills, with the ability to manage multiple initiatives simultaneously.

Responsibilities

• Oversee the development, implementation, administration, and continuous maturity of the enterprise Information Security Program in support of organizational and healthcare regulatory requirements.
• Lead and coordinate management-directed information security initiatives, including but not limited to HIPAA, SOC 2, PCI-DSS, phishing awareness, and security training programs.
• Serve as a primary liaison for security audits, risk assessments, and certifications, coordinating with internal stakeholders, external auditors, and regulatory bodies.
• Develop, maintain, and enforce Information Security policies, procedures, standards, and controls to ensure compliance with applicable laws, regulations, and industry frameworks.
• Identify, assess, and document Information Security risks and vulnerabilities, recommending mitigation strategies aligned with business objectives.
• Collaborate with IT, compliance, legal, and business teams to implement risk mitigation strategies and improve the organization’s security posture.
• Participate in and support the enterprise Security Risk Assessment process, including evaluating the effectiveness of existing controls and recommending enhancements.
• Evaluate the adequacy of controls and corrective actions; identify alternative safeguards when necessary to reduce residual risk.
• Prepare and present security program updates, metrics, and risk information to internal audiences at all organizational levels, including leadership.
• Assist with the development and maintenance of disaster recovery and business continuity policies and standards, ensuring alignment with organizational resilience goals.
• Research, evaluate, and recommend technologies and processes for the prevention, detection, containment, and remediation of data security incidents and breaches.
• Stay current on emerging threats, healthcare security trends, regulatory changes, and industry best practices, adjusting program strategies as needed.
• Provide guidance and consultation to users and teams regarding security requirements, procedures, and best practices.
• Assist in prioritizing security initiatives, managing workload, and providing PMO support when required.

Benefits

• CU Medicine provides generous leave, health plans and retirement contributions which take your total compensation beyond the number on your paycheck.
• Find information about our benefits here.