Cyber Security Manager, Threat Management (Remote)

Job Description

Community Health Systems is one of the nation's leading healthcare providers. Developing and operating healthcare delivery systems in 40 distinct markets across 15 states, CHS is committed to helping people get well and live healthier. CHS operates 71 acute-care hospitals and more than 1,000 other sites of care, including physician practices, urgent care centers, freestanding emergency departments, occupational medicine clinics, imaging centers, cancer centers and ambulatory surgery centers.

Summary:

As a member of the Cybersecurity leadership team, the Manager of Threat and Vulnerability Management leads a team of engineers that specialize in exposure management and threat intelligence. The Manager is responsible for leading, managing, and motivating a team of cybersecurity professionals to ensure the success of these programs. Activities include vulnerability scanning, definition and governance of secure configurations, threat intelligence, security-related asset management, and security monitoring utilizing a wide array of security controls and toolsets. The manager will drive strategy and projects that increase the overall growth and maturity of the threat and vulnerability management program. Additionally, this individual will regularly interface with Security Operations Center leadership as a key partner.

Essential Duties and Responsibilities:

• Develop and maintain a broad understanding of vulnerability management and threat intelligence as they apply to CHS's strategic imperatives.

• Provide leadership, management, and oversight for the vulnerability management program including asset discovery, asset vulnerability scanning, and application scanning, as well as patch classification and remediation validation.

• Provide leadership, management, and oversight for the threat intelligence program including reviewing threat intelligence communications and threat intelligence integration activities for automation and enrichment of the broader cybersecurity program.

• Function as a key partner to the Security Operations Center and contribute to the overall strategic success of the cyber defense team.

• Evaluate, develop, and report on metrics demonstrating the effectiveness of each program within this position's scope

• Utilize technical expertise to oversee the creation of compensating or mitigation risk management strategies to control risk exposure

• Continuously improve Threat and Vulnerability services through the identification and execution of process improvement efforts. Develop Threat and Vulnerability capabilities in alignment with the NIST Cybersecurity Framework.

• Make recommendations for the creation of cost-effective risk mitigation strategies to reduce the overall enterprise cybersecurity risk.

• Manage collaboration with peer organizations to ensure required technical capabilities are maintained, available, and aligned to current as well as future program requirements

• Review security technologies, tools, and services, and make recommendations to the broader security team for their use, based on security, financial, and operational metrics and place purchase requests for personnel and infrastructure to support each program of responsibility

• Liaise with Chief Cybersecurity Architect to share best practices and insights

• Develop and mature processes to guide team member development to achieve career goals by leading individual 1:1 meetings and creating, reviewing, and coaching to individual team member development plans.

Qualifications

• Required Education: High School Diploma

• Preferred Education: Bachelor's or Master's Degree in Cyber Security, Computer Science, Information Systems (or other related field), or equivalent work experience.

• Required Experience:

• Duration:

• 6+ years of IT or information security

• 4+ years of information security

• Activities:

• Designed and implemented technologies designed to reduce information security risk

• Provided value across a spectrum of information security activities, such as monitoring, vulnerability management, threat intelligence, security architecture and engineering, and operations

• Worked in process-driven structured environments, and participated in process optimization activities.

• Competencies:

• Advanced knowledge of security principles, issues, techniques and implementations across IT platforms.

• Proactive identification and solving of complex problems

• Strong understanding of systems development lifecycle to provide technical leadership for multifunctional projects or initiatives.

• Effective communication of technical concepts to a non-technical audience.

• Excellent written and verbal communication skills

• Required License/Registration/Certification: None

• Preferred License/Registration/Certification:

• SANS Certification

• GIAC Certification

• CISSP Certification

• Computer Skills Required: General office software, and reporting software as necessary to support the team.

Physical Demands:

In order to successfully perform this job, with or without a reasonable accommodation, the following are outlined below:

• The Employee is required to read, review, prepare and analyze written data and figures, using a PC or similar, and should possess visual acuity.

• The Employee may be required to occasionally climb, push, stand, walk, reach, grasp, kneel, stoop, and/or perform repetitive motions.

• The Employee is not substantially exposed to adverse environmental conditions and; therefore, job functions are typically performed under conditions such as those found within general office or administrative work.