Job description

IS Security Program Manager needed immediately!

Job Summary

The IS Security Manager is responsible for ensuring that Client’s information security posture is complete and robust in service to our members. This position partners with business leaders across the enterprise to oversee and mature Client’s information systems security policies and processes. The role is also responsible for assessing and monitoring internal IS teams and external technology partners for security risk and compliance.

Essential Responsibilities

Information Security Program:

• Responsible for the design, implementation and oversight of an effective Information Systems Security Program aligned with recognized industry best practices.
• Partner with Health Share leaders to ensure information system security objectives are met.
• Propose improvements and updates to Client’s security policy in alignment with security best practices and any applicable regulations, such as HIPAA/HITRUST and NIST SP 800-53.
• Propose improvements and updates to Client’s security policy in alignment with security best practices and any applicable regulations, such as HIPAA/HITRUST and NIST SP 800-53.
• Establish the Information Security Roadmap and reporting on its progress to IS department leaders and Client’s executives.
• Provide ongoing oversight of the Information Security Incident Response Plan; coordinate training for participating teams.
• Perform formal assessments of security controls against cybersecurity best practices to identify gaps, generate reports on assessment findings and participate in the development and support of required corrective action plans.
• Lead the design and execution of periodic testing of the IS Disaster Recovery Plan.
• Facilitate information security governance meetings with Client’s leadership and executives; compile management reports, summary analyses and detailed presentations to describe security risk, controls and maturity assessments.
• Ensure information security awareness training content is current and comprehensive and all Health Share staff successfully complete the required annual training.
• Provide IS security subject matter expertise to IS and business teams throughout the organization.
• Establish and maintain relationships with suitable information security vendors and partners.

Information Security Operations:

• Assess current and future information security risk; lead remediation efforts.
• Lead the audit of applications and system configurations routinely to ensure proper information security is in place.
• Identify and report on any systems vulnerabilities; partner with IS teams to implement appropriate countermeasures.
• Establish and lead a vulnerability management program, prioritize remediation efforts and work with other teams to document and track program effectiveness.
• Assess and ensure Client’s applications, systems and services are in alignment with Client’s IS security and risk management policies.
• Investigate reported security incidents, lead remediation efforts and provide reporting as needed.
• Ensure compliance with internal auditing, HIPAA, and other federal regulations.
• Develop or participate in business planning, budgeting, performance targets, and policy development.
• Define and report on appropriate metrics.
• Continuously assess endpoint security control coverage, escalating gaps to appropriate teams for corrective action required.

IS Delegation, Vendor Oversight and Audits:

• Responsible for the design, implementation and oversight of an effective Information Systems Delegation Oversight Program aligned with IDS/ICN contract and recognized industry best practices
• Responsible for the design, implementation and oversight of an effective Vendor Security Oversight Program aligned with contract and recognized industry best practices
• Respond to audits and lead efforts to remediate adverse results.
• Monitor partners and third parties for compliance with Health Share security policies, contracts and government regulations.
• Test security controls and validate that the controls are designed appropriately and are effective.
• Effectively and efficiently document findings and develop actionable, clear recommendations.
• Evaluate the security operations of managed service providers and oversee risk management.

Organizational Responsibilities

• Perform work in alignment with the organization’s mission, vision, and values.
• Support the organization’s commitment to equity, diversity, and inclusion by fostering a culture of open mindedness, cultural awareness, compassion, and respect for all individuals.
• Strive to meet annual business goals in support the organization’s strategic goals.
• Adhere to the organization’s policies, procedures, and other relevant compliance needs.
• Perform other duties as needed.

Knowledge, Skills and Abilities Required

Knowledge:

• Understanding of information security best practices and design
• Understanding of ITIL
• Strong understanding and ability to apply managerial concepts and techniques such as project/change management, idea creation and cross-team effectiveness
• Understanding of and ability to adhere to governance and process
• Strong knowledge of cross team collaboration

Education and/or Experience

Required:

• Minimum 6 years’ experience in information security systems, solutions or related services. Experience must include most of the following:
• Leading complex systems projects and associated change management requirements
• Managing vendors and contracts
• Influencing others
• Developing policy and strategy roadmaps with business partners
• Aligning work efforts and solutions accordingly
• Developing and implementing information or cyber security programs
• Working in multiple information security domains (e.g., governance risk and compliance, attack surface management, identify and access management, network security, data protection, disaster recovery, security operations, incident response, threat modeling, etc.)
• Managing Intrusion Detection and Prevention systems such as Alien Vault and Defender ATP
• Data Loss Prevention and Data Classifications

"Careers and companies flourish when staff, clients, and candidates truly believe in the mission, know the role they play, and humbly reflect, evaluate, and act for the best interest of the communities served"

Job Type: Full-time

Pay: $117,000.00 - $125,000.00 per year

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Flexible schedule
• Health insurance
• Life insurance
• Paid time off
• Relocation assistance
• Retirement plan
• Vision insurance

Compensation package:

• Yearly pay

Schedule:

• Monday to Friday

Experience:

• information security systems, solutions or related: 6 years (Preferred)
• o Managing vendors and contracts: 3 years (Preferred)
• multiple information security domains: 6 years (Preferred)

Work Location: Hybrid remote in Portland, OR 97204

offroadmanagementgroup.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, offroadmanagementgroup.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, offroadmanagementgroup.com is the ideal place to find your next job.