Manager, IT Security (REMOTE)
Healthstat, Inc

Job Info

---

Essential Duties & Responsibilities:

• Security Strategy
• Leads development and management of the organization's overall security strategy, roadmap, and related deliverables in partnership with key stakeholders.
• Security Governance
• Establishes and leads the organization's security governance processes including ongoing risk assessment, risk management planning, security improvement implementation, executive communication, and ongoing risk management activities.
• Security Solution Design and Development
• Teams with key stakeholders to development, implement, monitor, and continuously improve needed security policies, procedures, training, technologies, audit processes and reporting.
• Security Research, Analysis, Problem Solving and Decision Making
• Stays abreast of emerging security threats, trends, technologies, and vendor solutions.
• Supports stakeholders as a security subject matter specialist to address the security implications of organizational projects, products, services, and process improvement activities.
• Security Integration
• Leads the organization's security integration planning and execution activities.
• Establishes, manages, and reports on policies, procedures, tools and operational processes that ensure the security and protection of company technology, data and other information assets.
• Security Compliance, Management and Reporting
• Leads initial and ongoing efforts aimed at ensuring compliance with HIPAA, HITRUST, SOC, PCI and related federal and state legal and compliance and ongoing reporting requirements.
• Security Project Planning, Execution and Support
• Frames security initiatives' and projects' desired outcomes, scope, timeline, risks, and resources in a way that supports effective project execution.
• Leads execution of security pilot, implementation, upgrades, policy/process improvements and training as needed.
• Security Operations
• Manages and supports ongoing security monitoring, audits, risk management and related reporting
• Manages and supports the installation, maintenance, usage and ongoing support of all security technologies (e.g. SIEM, network access control, MFA, etc.)
• Security Support
• Delivers support as needed to project teams, workgroups, and stakeholder groups to ensure alignment of their activities with the organization's security policies and best practice adoption.
• Contributes to the continuous improvement of how the organization assesses, manages, and continuously addresses security threats and related legal and compliance requirements.
• Contributes to business development and RFP activities as needed.
• Collaborates with, aligns and supports security and compliance activities with the organization's Privacy and Compliance officer(s).
• Security Team Development
• Directs day to day security operations and activities of IT Specialist - Security.
• Mentors and supports more junior members of the Security Team as needed.
• Promotes and supports continuous learning.
• Ensures achievement of personal and team ongoing security training and certification requirements.

Desired Attributes:

• Forward-thinking; initiating and proactive
• Creative and strategic
• Track record of strong leadership behaviors; with an operational mindset
• Commitment to Everside Health's Core Values: Patients First, Courage, Ingenuity, Fun, and Community

• Being an enthusiastic team player with a strong drive to create a positive work environment

• Demonstrated ability to work effectively at both detail and big-picture levels and to obtain results
• Able to balance and prioritize across multiple organizational needs and opportunities

Minimum Qualifications:

• Bachelors, associates or equivalent professional experience and certifications
• Relevant security certifications (e.g. A+, CISPP, CISM, HITRUST)
• 4 years of technology and security experience in the healthcare industry
• Highly collaborative, customer focused, and effective change leader
• Proven ability to effectively problem solve as part of a team
• Proven ability to effectively translate ideas into actions and demonstrable results
• Proven ability to translate, communicate and build understanding of complex technical topics for non-technical stakeholders in a meaningful way
• Strong project planning and management skills
• Understanding of HIPAA, HITRUST, SOC, PCI and other applicable security and compliance practices, standards, laws, and regulations.

This job has expired.