Manager - IS Information Security GRC

UHS•Tredyffrin Township, PA

About The Position

One of the nation’s largest and most respected providers of hospital and healthcare services, Universal Health Services, Inc. (NYSE: UHS) has built an impressive record of achievement and performance. Growing steadily since its inception into an esteemed Fortune 300 corporation, annual revenues were $15.8 billion in 2024. During the year, UHS was again recognized as one of the World’s Most Admired Companies by Fortune; and listed in Forbes ranking of America’s Largest Public Companies. Headquartered in King of Prussia, PA, UHS has approximately 99,000 employees and continues to grow through its subsidiaries. Operating acute care hospitals, behavioral health facilities, outpatient facilities and ambulatory care access points, an insurance offering, a physician network and various related services located all over the U.S. States, Washington, D.C., Puerto Rico and the United Kingdom. www.uhs.com The Information Services Department is seeking a dynamic and talented Manager – IS Information Security GRC. The Manager – IS Information Security GRC (Governance, Risk, & Compliance) manages the deployments and support of the Governance, Risk, and Compliance (GRC) program that supports the security of electronic information, systems, and processes across all Corporate, BH and Acute Hospitals. Leads and supervises GRC staff and resources to execute program activities and initiatives in alignment with the organization’s Information Security Management Systems, established policies, and regulatory requirements.

Requirements

5-8 years of progressive information security experience that includes 1-3 years management experience and / or 3 years of direct Information Security experience in a multi-facility Acute and BH Hospital environment. Healthcare industry experience preferred.
Bachelor’s degree required.
Strong technical analytical skills, project management certification and/or experience, process improvement related to workflow processes, training, development of educational material.
Proven knowledge and experience developing and implementing a cybersecurity risk management framework based on regulations such as HIPAA or SOX and best practices as defined in NIST, ISO, PCI, and other common cybersecurity frameworks.
Able to communicate clearly and respectfully with Executives, and all other personnel.
Strong process and technology analysis skills.
Ability to prioritize and balance multiple projects, priorities, or objectives.
Learns quickly, takes constructive feedback on performance, stays focused on the job with attention to detail and produces desired outcomes.
Travel Requirements: Up to 10% US.

Nice To Haves

Healthcare industry experience preferred.

Responsibilities

Provides management of the implementation and ongoing support of corporate owned information security applications and security controls.
Participates in leading security compliance (e.g., PCI compliance) initiatives to clearly identify control objectives and work with other teams to exceed audit objectives.
Exercises responsibility for supervision, performance evaluations and direction of team. Coordinates work assignments given in order to meet deadlines and ensure continued progress toward assignment completion.
Works with CISO to identify current and emerging threats to our systems and environment to prevent incidents where possible and actively manage them as necessary.
Works closely with CISO and other senior level personnel to further enhance and develop their leadership skills.
Continually evaluates the security posture of cloud environments against internal policy, regulatory requirements and industry best practices.