Manager of Information Security
Illinois Bone and Joint Institute LLC•Park Ridge, IL
•Hybrid
About The Position
The Manager of Information Security is responsible for building, operating, and maturing the organization’s information security program across a distributed, hybrid environment supporting ~2,700 users and 100 locations. This is a hands-on leadership role with ownership of security operations, governance, risk, and compliance. The role is accountable for protecting the organization’s systems, data, and users while enabling business operations in a practical, risk-based way. The organization is actively maturing its security posture following a prior ransomware incident, making this a high-impact opportunity to establish sustainable security practices, strengthen resilience, and build trust across the business. The Manager of Information Security reports to the CIO, who retains executive security oversight, and works closely with the Director of Infrastructure and Director of Service Operations to deliver secure, reliable IT services.
Requirements
- Bachelor’s degree preferred but not required
- Relevant industry certifications preferred, such as: CISSP, CISM, CISA, CDPSE.
- 5–8+ years of experience in information security, with increasing responsibility
- Hands-on experience across multiple domains, including: Security operations and incident response, IAM and access control models, Endpoint security and detection/response tools, SIEM or log management platforms, Vulnerability management and penetration testing coordination
- Experience operating in hybrid (cloud + on-prem) environments
- Proven ability to build or mature security programs
- Experience in regulated environments, particularly healthcare
- Familiarity with HIPAA, PCI, JCAHO, and AAAHC compliance frameworks
- Experience working with MDR/SOC providers
- Exposure to Microsoft and Google Workspace ecosystems
- Preference for familiarity with Crowdstrike ecosystem
- Hands-on and accountable, able to operate both strategically and tactically
- Strong judgment in balancing security, usability, and business needs
- Calm and decisive during security incidents
- Effective collaborator across Infrastructure and Service Operations
- Builder mindset with the ability to mature programs over time
- Stand or sit for extended periods of time
Responsibilities
- Own and operate the organization’s information security program
- Develop and maintain security policies, standards, and procedures in partnership with the CIO
- Establish and track key security metrics, risk indicators, and program maturity
- Maintain and manage the enterprise risk register
- Partner with compliance team (Legal) on compliance efforts for HIPAA, PCI, JCAHO, and AAAHC
- Coordinate audits, assessments, and remediation activities
- Ensure security controls are documented, implemented, and auditable
- Manage third-party/vendor security risk as needed
- Coordinate and manage third-party penetration testing and security assessments (internal and external)
- Establish and maintain a vulnerability management program, incorporating findings from penetration tests, scanners, and external reviews
- Drive remediation efforts in partnership with Infrastructure and Service Operations, ensuring findings are prioritized, tracked, and resolved
- Own the security incident response program, including playbooks, processes, and coordination
- Act as the tactical lead during security incidents, partnering with the CIO as executive lead
- Coordinate with Service Operations, Infrastructure, NOC, and MDR providers during incidents
- Drive post-incident reviews and continuous improvement
- Oversee vulnerability intake, triage, and prioritization across all security findings
- Own and manage security platforms, including: Endpoint Detection & Response (CrowdStrike), Managed Detection & Response (MDR) relationship, SIEM and logging platforms
- Oversee alerting, detection tuning, and response workflows
- Ensure effective collaboration between internal teams, MDR, and NOC/MSP
- Lead IAM strategy and operations, including: Identity lifecycle management, Role-based access and least privilege models, Privileged Access Management (PAM/PIM)
- Manage and mentor IAM engineering resources
- Partner with Service Operations
- Partner with Infrastructure leadership and the CIO to define and govern BC/DR strategy
- Ensure security considerations are embedded in recovery planning
- Support testing, validation, and continuous improvement of recovery capabilities
- Work closely with the Director of Infrastructure to ensure secure architecture and system design
- Partner with Service Operations to align security with operational processes and user support
- Serve as a key security advisor to IT and business stakeholders
- Develop and lead security awareness and training programs
- Promote a culture of security aligned with business needs and user experience
- Balance risk reduction with operational practicality
- Manage relationships with security vendors, including MDR providers and penetration testing firms
- Ensure third-party services meet security expectations and contractual obligations
- Provide input into security budgeting and investment planning
- Maintain a clean and safe work environment
- Other duties as assigned
Benefits
- medical
- dental
- vision
- life and AD&D insurance
- long and short term disability
- 401k program with company match
- profit sharing
- wellness program
- health savings accounts
- flexible savings accounts
- ID protection plan
- accident, critical illness and hospital benefits
- paid holidays
- paid time off
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Manager
