Manager Information Security Architecture & Compliance - Full Time

About The Position

Requirements

• Education: High School Diploma, GED or equivalent.
• Experience: 3-5 years of Information security or compliance related activities.
• 2 years’ supervisory or management experience.
• License and/or Certification Required: CISSP, CISA, CRISC, CISM, CGRC, or equivalent.
• Knowledge: Information security principles, risk management, and mitigation strategies.
• Regulatory and industry compliance standards (HIPAA, HITECH, SOX, PCI/DSS).
• Governance, risk, and compliance (GRC) frameworks and internal control design.
• Leadership and mentoring skills, with the ability to guide and develop junior staff.
• Information security policies, procedures, and best practices.
• Skills: Strong verbal and written communication.
• Analytical thinking and problem-solving.
• Ability to prioritize and manage multiple tasks simultaneously.
• Process improvement, project management, and audit facilitation.
• Customer-focused and collaborative mindset.
• Abilities: Work independently and meet deadlines.
• Partner with cross-functional teams to drive compliance initiatives.
• Provide oversight, coaching, and feedback to team members in a supportive and constructive manner.

Nice To Haves

• Education: Bachelor’s degree in Computer Science, Information Security, or a related field.
• Experience: Experience with Epic system.
• Experience in a healthcare organization.

Responsibilities

• Security Architecture, Risk Management, and Compliance-50%: Partner with internal and external technical teams to design, document, and implement security architecture standards and configurations. Ensure alignment and adherence to established security architecture and control frameworks. Conduct security and compliance risk assessments across healthcare applications, systems, and business processes to identify gaps. Recommend and implement mitigation strategies to address identified risks and vulnerabilities. Monitor and evaluate the effectiveness of security controls to ensure ongoing compliance with regulatory and organizational requirements. Collaborate with IS, clinical, and business teams to strengthen security controls, risk management practices, and compliance processes. Identify and drive opportunities for process improvement, standardization, and automation across security and compliance functions.
• Policy, Standards, and Governance-15%: Develop, review, and maintain information security and compliance policies, standards, and procedures aligned with healthcare operations. Ensure alignment with applicable regulatory and industry standards (e.g., HIPAA, HITECH, SOX, PCI/DSS). Provide guidance to leadership and stakeholders on security governance and compliance expectations.
• Security Awareness, Incident Response, and Business Continuity-15%: Develop and deliver security awareness and training programs tailored to healthcare staff, including data privacy and cybersecurity best practices. Provide guidance on the secure handling of sensitive and protected health information. Assist in the investigation of security incidents, including documentation, root cause analysis, and corrective action recommendations. Participate in cybersecurity preparedness activities, disaster recovery planning, and business continuity exercises.
• Leadership and Team Development-10%: Provide day-to-day guidance and support to a small number of direct reports, including prioritization of work, coaching, and performance feedback. Mentor junior team members and contribute to their professional development in information security and compliance practices. Promote knowledge sharing and consistency in security and compliance approaches across the team. Support the Director of Information Security in fostering a collaborative, accountable, and high-performing team environment.
• Audit and Regulatory Support-10%: Serve as a liaison for internal and external audits, ensuring timely and accurate collection of required documentation. Support audit activities, including control validation, evidence gathering, and remediation tracking. Ensure organizational adherence to regulatory requirements and support responses to compliance inquiries and assessments.
• Performs Other Duties as Assigned.