Manager, Information Security
Employer Direct Healthcare
Dallas , TX 75201
Posted 2 weeks ago
This Job is not relevant Tell us why
In this role, you will be responsible for managing the information security program to ensure information assets and technologies are adequately protected. You with an allocated staff, and outsourcing partners will work to identify, develop, implement, and maintain processes and technologies across the company to ensure security risks are within acceptable levels as expected by the CIO, CEO and the Executive Management Team (EMT).
Reporting to CIO, this role
Responsibilities and Duties
- Is critical to ensuring the security program is effective at identifying, detecting, responding, and recovering from a cybersecurity event.
- Represents Information Security to the rest of the company; and ensures that the security program evolves to keep pace with the threat environment.
- Is the interface between the CIOs strategic activities and the cybersecurity technology-focused need in the IT organization.
- Will translate the IT-risk requirements and constraints of the business into specifications for implementation and develop metrics for ongoing performance measurement and reporting.
- Will coordinate technical activities to implement and manage security infrastructure, and to provide regular status and service-level reports to the CIO.
- Will prioritize work efforts balancing operational tasks with strategic security efforts.
- Will balance capacity for security needs across multiple IT teams
- Will coordinate portions of Vendor relationship management
- Should be capable of managing technical staff as they work to accomplish development goals.
- Should possess documentation and presentation skills, analytical and critical thinking skills, and the ability to identify needs and take initiative.
- Develop a security vision and program along with security projects that address identified risks and business security requirements.
- Develop and manage Information Security standards and procedures that are consistent with generally accepted Information Security practices and professional security standards.
- Lead and coordinate operational components of threat and cyber-attack management, including detection, response, and reporting.
- Lead the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans, and communicate information about residual risk.
- Manage the process of gathering, analyzing, and assessing the current and future threat landscape, including realistic overview of risks and threats in the company environment.
- Research, evaluate, design, test, recommend, or plan the implementation of new or updated information security hardware or software and its impact
- Provide technical and managerial expertise for the administration of security tools.
- Monitor compliance and propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
- Define metrics and reporting strategies that effectively communicate successes and progress of the security program.
- Manage outsourced vendors that provide information security functions
- Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are following policies and audit requirements.
- Design, coordinate and oversee security testing procedures to verify the security of systems, networks, and applications, and manage the remediation of identified risks.
- Work with various stakeholders (IT, Legal, Finance, Operations etc.) to identify information asset owners to classify data and systems as part of a control framework implementation.
- Assist resource owners and IT staff in understanding and responding to security failures, production issues, incidents, and change management needs.
- Facilitate security communication, awareness, and training for company audiences
- Potentially manage a staff of information security professionals, hire and train new staff, conduct performance reviews, and provide leadership and coaching
- Work on special projects as requested and performs other duties as assigned
- A bachelors degree in information systems or equivalent work experience.
- 10+ years of IT experience, with 3+ years in an information security role
- Relevant certifications such as Certified Information Systems Security Professional (CISSP) or GIAC GSEC (Global Information Assurance Certification) is highly preferred
- Healthcare / HIPAA / HITRUST experience is highly preferred
- Experience with common information security management frameworks, such as ISO-27001, NIST cybersecurity framework and other leading-edge security frameworks.
- Experience in application technology security testing (white box, black box, and code review).
- Experience in technology security testing (vulnerability scanning and penetration testing).
- Familiarity with the principles of cryptography and cryptanalysis.
- Strong understanding of the business impact of security tools, technologies, and policies.
- Strong leadership abilities to drive information security culture throughout the firm
- Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT teams, business personnel and executives.
- Excellent understanding of security concepts, protocols, best practices, and strategies.
- Experience working with legal, audit and compliance staff.
- Experience developing and maintaining policies, procedures, standards, and guidelines.
- Proficiency in performing risk, business impact, control, and vulnerability assessments, and in defining treatment strategies.
- Strong analytical skills to analyze requirements and relate them to appropriate security controls.
- Medical Insurance
- Dental Insurance
- Vision Insurance
- Short & Long Term Disability
- Life Insurance
- 401k with company match
- Paid Time Off
- Paid Parental Leave
This role is onsite