Manager, Information Security

Job Summary:
The Manager of Information Security position reports to the Executive Director, Technology and is responsible for ensuring a stable, secure computing environment, promoting high levels of end user satisfaction, by providing the leadership necessary to manage and coordinate the Information Security program. This position is a hands-on position, providing the information security services including policy management, compliance with HIPAA and other regulatory requirements, risk management and auditing, security incident management, identity and access management, asset management, change management, and administration and operations of information security tools and services. This position is also responsible for researching, interacting, coordinating and recommending present and future information security solutions with competent vendors who provide information security products and services. All duties to be performed in a manner that promotes a team concept and is consistent with the culture and mission of the Health System.

Qualifications:
Bachelor's degree in computer science, Information Technology or other technical field preferred. Information Security professional certification; e.g., CISSO, CISM, CHP, CGEIT, CSCS, CISSP/HCISSP, ISSAP or other equivalent certification is preferred. 5-7 years of progressive leadership responsibility and directly related work experience with minimum 4 years' experience with information security or cyber security field. Strong knowledge of compliance areas and security frameworks, to include HIPAA, MA 201 CMR 17, NIST, HITRUST CSF, COBIT, SOC 2, ISO 27002, FISMA 800-53/MARS-E. Hands-on experience with day-to-day operational support of various security tools and controls; e.g. access controls, endpoint protection, anti-virus/malware, data loss prevention, e-mail security, encryption, patching, vulnerability, web application gateways, perimeter firewalls and security log management and monitoring tools. Extensive knowledge of networking, systems, application development, database administration, and/or data center operations and technologies (protocols, design concepts, access control), design and engineering.
Extensive knowledge of information security technologies (design, encryption, data protection, privilege access, identity and access management, intrusion detection, forensics, incident management, risk management and auditing). Experience with securing virtual environments and cloud-based solutions. Experience with risk analysis and the implementation of vulnerability management programs and related tools and systems. Experience with developing and providing an information security awareness and training program. Experience with developing and maintaining information security policies and standards.