Manager Information Security and Risk Management - Vulnerability Management

About The Position

Requirements

• CANDIDATE MUST BE US Citizen (due to contractual/access requirements)
• Bachelor’s Degree in Information Security, Information Systems, Information Assurance, Computer Science or related field
• 6 years of relevant experience substitution for a Bachelor's Degree
• 7 - 10 years in Information Security and/or Information Risk Management and/or Information Technology
• 7 - 10 years in developing, communicating and presenting Information Security and Risk Management concepts to varying audiences
• 1 - 3 years in mentoring others in a leadership role
• 1 - 3 years in Staff Management
• 1 - 3 years in developing and executing strategic plans to realize business objectives
• Knowledge of regulatory requirements such as Health Insurance Portability and Accountability Act (HIPPA), Payment Card Industry Data Security Standards (PCI DSS), and FIPS-140
• Strong teamwork and interpersonal skills
• Experience in leading process improvement initiatives
• Ability to motivate high performance, multi-discipline teams
• Demonstrated competency in project execution
• Demonstrated abilities in relationship management

Nice To Haves

• Master’s Degree in Computer Science, Information Security or related field
• Advanced education or formal training in cybersecurity risk management, secure systems engineering, or enterprise risk management
• 10 - 15 years in Information Security and/or Information Risk Management and/or Information Technology
• Experience managing an information security function using the HITRUST Common Security Framework (HITRUST CSF), or the NIST 800-83 cyber security framework
• Experience supporting SSAE 16 or SOC 2 Security Trust Principle audits
• Experience establishing budgets and meeting fiduciary goals
• Security industry organization participation/leadership (HITRUST, ISACA, InfraGard, ISC2, ISSA, etc.)
• Experience designing and implementing an enterprise Vulnerability Management program from the ground up, including governance models, operating procedures, and metrics
• Experience establishing risk‑based vulnerability prioritization and remediation workflows across infrastructure, cloud, and application environments
• Experience partnering with engineering, infrastructure, and application teams to drive remediation accountability at scale
• Experience defining vulnerability program KPIs, executive‑level reporting, and board‑ready risk metrics
• Experience operating vulnerability management programs within regulated environments (healthcare, financial services, or similarly regulated industries)
• Experience leading or maturing vulnerability management capabilities where processes, tooling, or roles were initially undefined or immature
• Certified Information Systems Security Professional (CISSP) OR Certified Information Security Manager (CISM) OR Certified in Risk and Information Systems Controls (CRISC) OR Information Technology Infrastructure Library (ITIL)

Responsibilities

• Perform management responsibilities including, but not limited to: involved in hiring and termination decisions; coaching and development; rewards and recognition; performance management and staff productivity.
• Plan, organize, staff, direct and control the day-to-day operations of the department; develop and implement policies and programs as necessary; may have budgetary responsibility and authority.
• Provide oversight of all aspects of project management to ensure continuous improvement of processes: negotiate and collaborate with leadership and staff to develop security solutions and options; develop and adhere to internal standards and strategies; ensure adherence to approved methodologies; coordinate resources, time, contingency plans and risk management.
• Provide leadership to the department: lead and champion organizational change; encourage participation in activities that support relationship development; champion information security innovation; encourage and enforce proper training in regards to security issues.
• Ensure compliance to Corporate and Information Security policies, standards and procedures.
• Communicate effectively with all levels of the organization: facilitate meetings; plan, design and provide presentations; represent HM Health Solutions with outside entities; prepare divisional procedures, policies, reports and correspondence; spread awareness of new and existing security threats; provide oversight regarding metrics, funding, budgets and resources.
• Other duties as assigned or requested.