FTE: 1.0 Full Time/ 80 hours per pay
Exempt: Not Applicable
Day Shift: Hours per schedule
Weekend & Holiday Rotation: Per schedule
The Manager of IT Security is a hands-on technical position that also oversees the operations of a team of staff supporting a risk-based cyber security function. This will include managing and retaining skilled IT security personnel, continuous improvement for strengthening security posture, and contributing toward setting and overseeing security related policies.
This role requires coordination and collaboration across the IT Department, Risk, Facility Security, Biomed, Audit, and Regulatory functions. Contributes to the design and implementation of policies and procedures to ensure that healthcare industry information security standards are met.
Directly manages all activities involving the support of information systems security. Helps facilitate the selection, evaluation, and implementation of information system security infrastructure and assists in strategic and operational planning.
Assists with or directly manages key strategic projects as needed. This position is also a top-level technical resource for the organization's IT security application and technology stack and related services, and is responsible for the enterprise-wide monitoring and management of security system architecture.
Responsibilities include: analyzing and recommending capital and operational budget, long range planning and projects to meet IT security needs, hiring, mentoring and managing team members building and supporting IT security technologies, project management of team's technical tasks, assisting with long and short term strategic and operational planning for security, reviewing staff job performance and assignment of responsibilities, serving as liaison to customers and providing technical problem solving skills. Ensures appropriate resources are utilized in a prioritized and effective manner across project and operational support activities. Promotes teamwork and communication between staff, management, clinicians and stakeholders while maintaining high standards and customer satisfaction.
Work closely with staff, vendors and others to provide system security that meets the needs of the organization; assist in establishing policies, procedures and standards regarding IT security; ensure that critical business functions are protected from disruption due to system failure or unavailability; ensure that enterprise applications have appropriate protections in place; act as a top level technical consultant to others in various areas of expertise.
ESSENTIAL DUTIES AND RESPONSIBILITIES
(45%)* Manages IT security support staff, including development of short and long term goals. Reviews and updates goals and objectives periodically as needed. Performs all job review functions for direct reports.
(30%)* Works collaboratively with system, network, database administrators and application support personnel to support business applications and strategic security initiatives. Recommends and prepares configurations for additions and modifications to the IT security technology stack to meet the needs of applications and users consistent with established organizational standards and practices. Prepares and reports on IT security metrics and related projects status.
(25%)* Establishes, refines, and implements the standards, policies and procedures for installing, securing, designing, tuning, monitoring, and managing IT security platforms.
OTHER DUTIES AND RESPONSIBILITIES
Lead the development, implementation, communication and compliance monitoring of policies and procedures relating to IT Security in conformance with MidMichigan standards.
Partner with IT Analysts to develop and enforce application accessibility requirements, ensure application vulnerabilities are identified, and data remains secure.
Partner with network team to manage firewalls, network access and ensure a secure environment for network infrastructure.
Collaborate with Server team to ensure that all application delivery mechanisms, active directory, domain controllers, data centers and any hosting environments are secure, and access to systems and appliances is well regulated and consistently managed.
Identify emerging risks involving data access control technologies, information systems security issues, safeguards and techniques.
Perform security reviews and identify security gaps in security architecture. Provide recommendations for inclusion in the risk mitigation strategy.
Leads troubleshooting and problem solving efforts for a broad range of IT technical issues and involving a number of IT related disciplines. Consults with users, IT staff and others on system issues and capabilities and other areas within expertise.
Adheres to Change Management standards.
Participates in call rotation.
Other duties as assigned.
EDUCATION, EXPERIENCE, TRAINING AND SKILLS
A minimum of five (5) years of information security experience.
A minimum of three (3) years experience: managing information security in a regulated field (Healthcare, Energy, Government, etc.), supervising and providing technical guidance and coaching of a team of associates, guiding, mentoring or leading staff, writing and enforcing IT security policies and procedures, security incident management and/or breach mitigation, risk management, disaster recovery or business continuity planning..
Expert level/deep knowledge of and extensive experience with the following are required: information assurance (IA) principles and organizational requirements that are relevant to confidentiality, integrity, availability, authentication, and non-repudiation, IT security principles and methods (e.g. firewalls, Demilitarized Zones, encryption), access control, data loss prevention software.
Knowledge of: how data flows across the network (TCP/IP, OSI, etc.), secure configuration management techniques, HIPAA/HITECH, Payment Card Industry (PCI) data security standard, IT supply chain and third-party vendor security/risk management policies, requirements and procedures, operating systems such as Microsoft Windows, Linux, UNIX, MacOS X.
Must possess a high degree of initiative, mature judgement, and discretion.
Experience with Penetration testing preferred.
Prior audit experience preferred.
CCNA or Net+ certification preferred.
Physical/Mental Requirements and Working Conditions
PHYSICAL/MENTAL REQUIREMENTS AND TYPICAL WORKING CONDITIONS:
Exposure to stressful situations, including those involving public contact, as well as, trauma, grief and death.
Able to wear personal protective equipment that includes latex materials or appropriate substitute if required for your position.
Is able to move freely about facility with or without an assisted device and must be able to perform the functions of the job as outlined in the job description.
Overall vision and hearing is necessary with or without assisted device(s).
Frequently required to sit/stand/walk for long periods of time. May require frequent postural changes such as stooping, kneeling or crouching.
Some exposure to blood borne pathogens and other potentially infectious material. Must follow MidMichigan Health bloodborne pathogen and TB testing as required.
Ability to handle multiple tasks, get along with others, work independently, regular and predictable attendance and ability to stay awake.
Overall dexterity is required including handling, reaching, grasping, fingering and feeling. May require repetition of these movements on a regular to frequent basis.
Physical Demand Level: Light. Must be able to occasionally (0-33% of the workday) lift or carry 11-20 lbs., frequently (34-66% of the workday) 10 lbs. and or Walk/Stand/Push/Pull of Arm/Leg controls.
Leadership, project management, use of methodology, time management and organizational skills.
Demonstrated ability to work effectively and carefully under pressure, to meet project deadlines, to learn independently, to communicate effectively with a variety of people and to write well is required. Excellent troubleshooting and problem solving skills are required.
Interpersonal and presentation skills needed to communicate successfully both orally and in writing with individuals / groups and interact with people at all levels to communicate ideas and concepts in a clear and understandable manner.
Mid Michigan Health