Information Security Manager

Job Summary

• Demonstrates expert knowledge and understanding of Information security principles, general IT controls (e.g., business continuity and change management), U.S. regulatory standards (HIPAA Security Rules and HITECH, SOC, PCI) or any new or amended laws, regulatory standards and requirements.
• Demonstrates expertise in network security issues, firewall concepts, network security architecture.
• Hands-on knowledge of information security technologies such as anti-malware controls, data-loss prevention (DLP), intrusion detection/prevention (IDS/IPS), security information and event management (SIEM), etc.
• Expertise in managing cybersecurity risks and related response teams, such as Computer Incident Response Teams.
• Expertise in specific security issues around Windows, Linux, cloud platforms, and risk and vulnerability management.
• Excellent written communication skills, with a focus on communicating the business impact of technically complex issues.

Job Responsibilities

General Management

1. Manage a diverse team of professional resources providing InfoSec and compliance support for PracticeMax business and 3rd-party systems.
2. Manage operational initiatives and projects.
3. Develop and maintain relationships with Compliance personnel.
4. Produce/deliver management level presentations to leadership team, IT personnel, business units and other senior/executive leadership.
5. Perform related duties as needed.

Risk Management, Audit & Compliance

1. Work closely with and support the Compliance and IT leadership to maintain the Information Security Management Program for the organization.Manage compliance to HIPAA and SOC requirements including supporting internal and external audit activities and support vendor data risk assessments.
2. Develop and maintain information security policies, standards, and procedures and manage the maintenance of revisions and updates.
3. Monitor the effectiveness of the InfoSec and regulatory compliance services provided.

Threat & Vulnerability

1. Manage security activities, including metric reporting.
2. Manage the team that supports the organization's cybersecurity approach in incident identification, risk assessment, response prioritization, and action planning.
3. Deploy and manage a suite of technology tools (e.g., DLP, SIEM, EPP, EDR, IDS/IPS) and support threat and vulnerability management procedures and processes.
4. Manage recurring penetration and vulnerability testing and related regulatory requirements for compliance against industry standards and any other emerging standards or threats to the network.
5. Partner with the Compliance Manager, Director of IT and other personnel to support compliance with HIPAA and SOC requirements.
6. Manage monitoring processes and procedures for log analysis and Security Incident and Event Monitoring.
7. Champion the implementation of related security controls to mitigate risk to the organization and facilitate the achievement of business goals and objectives.

Education and Experience

• Bachelor's degree in Computer Science, Information Systems, or related field required
• Information Security Certifications (CISSP, CISM, HCISPP, CGEIT, etc.) strongly preferred.
• 12-15 years of experience with a broad range of exposure to InfoSec aspects, including security controls, standards, general business planning, systems analysis, system development, maintenance, and application development
• 6+ years of experience with information security, regulatory compliance and risk management concepts
• 4+ years' experience with managing team(s) and project(s).
• Minimal 1 year managing a SOC environment
• Demonstrates comprehensive knowledge and understanding of Information security principles, general and IT controls (e.g., access controls, risk management, change management), related security policies and procedures.
• Exhibits knowledge of industry regulatory standards and accreditation requirements or control frameworks (HIPAA, NIST, ISO 27000 series)
• Knowledge of Microsoft Active Directory, Linux, and Clinical Applications a plus
• Understanding of networking and communication protocols including WANs, LANs, Internet, VPN, protocols such as TCP/IP and their impact on information security.

Current Openings for Information Security Manager Jobs at PMAX Global