Description

　　PeaceHealth is seeking a Manager, Information Security for a Full Time, 1.00 FTE, Day position (remote). The general salary range for this job opening at PeaceHealth is $57.44 – $86.16. The actual hiring rate is dependent upon several factors, including but not limited to, the job/position responsibilities, location, terms of the applicable collective bargaining agreement, education, training, work experience, seniority, work performance, etc.

　　*Must reside in Oregon, Washington, Alaska or Texas*

　　Responsible for designing, implementing and overseeing Information Security program goals, strategy, methodologies, outcomes and activities across PeaceHealth in coordination with the Information Security leadership team. Responsible for providing day-to-day operational management of program activities, caregiver performance management, caregiver mentoring, and assignment of tasks that provide opportunity for caregiver growth and development of skills. Develops and manages the design, planning, facilitation, evaluation, and implementation of information security-related policies, procedures, standards, controls, and technologies. Manages cross-functional relationships and initiatives that require collaboration with peers, team members and caregivers/leaders from adjacent departments, such as Information Technology (IT), Compliance, Privacy, Legal, Communications and Operations. Responsible for the successful management of outcomes related to significant program areas and technology systems. Prepares and presents detailed and high-level reports to internal and external stakeholders at multiple levels (up to Vice President). Provides management and oversight of on-call after-hours support resources.

　　Position Details:

　　Leads the day-to-day operational management, coordination, and scheduling of information security team members. Provides leadership and direction regarding prioritization, outcomes, activities, tracking, communications, and documentation.

　　Responsible for the professional development of team members, including performance management, routine feedback, mentoring, goal setting, training plans and career advancement. Manages the sourcing, evaluation, and selection of information security team members.

　　Collaborates with information security leadership and other organizational leaders to design, develop, implement, track, and report on information security strategy, program goals, objectives, methodologies, outcomes and activities. Routinely interacts with caregivers and leaders (including senior management) to plan, deliver, and remediate information security objectives across the organization.

　　Researches and shares current industry trends, emerging threats, best practices, and cutting- edge techniques required to protect the organization. Leads the implementation of strategies and plans to address current and emerging threats and align with best practices.

　　Manages the design, engineering, implementation and operation of information security processes, policies, procedures, standards, systems and controls based on business and technical requirements.

　　Analyzes and correlates data from information security technology sources, such as endpoint protection, intrusion detection, security event monitors and secure proxies, to identify potential threats and defend PeaceHealth against threats.

　　Protects PeaceHealth’s information and information systems by analyzing public and private information sources to develop effective defensive techniques, policies, procedures and standards.

　　Leads information security, technology teams and business stakeholders to respond to and remediate identified vulnerabilities and gaps in security controls, policies, procedures, and standards. Effectively communicates technical issues and investigative findings to technical and non-technical audiences in written and verbal form. Manages and responds to security-related investigations and other information security requests across PeaceHealth.

　　Manages the design and implementation of security response automation, integrating various information and information security tools to create fast, intelligent responses to common and/or critical cyber incidents. Shares information and integration procedures across information security through the exchange of threat intelligence and cyber security vulnerability assessment data.

　　Manages information security assessment activities in collaboration with technical and non-technical teams across the organization. Proactively identifies and develops recommendations related to information security gaps and vulnerabilities in collaboration with stakeholders across the organization.

　　Serves as an advisor and subject matter expert on identified information security issues, projects, or any other PeaceHealth initiative that may have an information security implication. Manages and facilitates information security work groups, including project management, scheduling, coordination, follow up, status reports and report outs.

　　Leads the development of information security intellectual capital by making process or procedure improvements, enhancing team documentation, conducting informal team training sessions, and creating new team training documents. Develops and implements information security education and awareness policies, procedures, standards and controls in collaboration with stakeholders across the organization.

　　Manages the development of role-based access controls for users of applications and systems and the development of user access review processes. Provides support and assistance to caregivers across the organization related to information security related technology and programs.

　　Leads the development and implementation of reports and metrics (e.g., system/control metrics, status updates, risk assessment reports, remediation reports) to support information security measurement and reporting objectives.

　　Provides management, coordination and oversight for on-call after-hours support resources. Serves as on-call escalation point for on-call resources, including evenings, weekends, and holidays.

　　Performs other duties as assigned.

　　What you bring:

　　Bachelor's Degree in Computer Science, Healthcare Information Technology, or related field OR equivalent knowledge and skills obtained through a combination of education, training and experience required.

　　Minimum of 10 years experience in IT, information security, cyber risk management, compliance or a related field required.

　　Minimum of 6 years experience in information security required.

　　Minimum of 3 years leadership experience managing technical teams required.

　　Minimum of 5 years security engineering experience.

　　Healthcare experience preferred.

　　Minimum of two relevant information security-related certifications, including: CISSP, CISA, HCISPP, CCSP, CRISC, CISM, CGIH, GCFA, GNFA, GPEN, GSEC, CEH or Epic Security Coordinator preferred.

　　Skills Required:

　　Ability to lead and manage the work of other caregivers across multiple information security program areas.

　　Excellent project management, written and oral communications skills.

　　Ability to create and present information in various forms such as textual, graphical and statistical.

　　Ability to collect and analyze data to guide decision making while under potentially intense pressure to address security incidents.

　　Ability to work collaboratively with and lead a broad range of constituencies and respond to their needs and collaborate effectively towards solutions.

　　Ability to effectively communicate technical and non-technical topics to caregivers and leaders across the organization.

　　Ability to lead matters of high sensitivity and confidentiality with both professionalism and discretion.

　　Hands-on experience implementing and operating three or more common information security tools, such as endpoint protection, intrusion detection, security event monitors, secure proxies, firewalls, encryption, single sign-on, multi-factor authentication, etc.

　　Hands-on experience implementing and operating three or more common information security methodologies, such as incident response, risk management, data protection, identity and access management, role-based access control, etc.

　　Ability to identify and correlate cyber threats and vulnerabilities.

　　Strong understanding of adversarial tactics and techniques.

　　Hands-on experience with cybersecurity, ethics and privacy principles, along with related regulatory requirements and industry frameworks (e.g., NIST CSF).

　　Strong understanding of government and other regulatory requirements for medical billing and benefit verification as they pertain to access and user management.

　　Knowledge of Microsoft Azure cloud and security services.

　　Working Conditions

　　Lifting

　　Consistently operates computer and other office equipment.

　　Exerting up to 10 pounds of force occasionally and/or negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects.

　　Sedentary work.

　　Environmental Conditions

　　Predominantly operates in an office environment.Mental/Visual

　　Ability to communicate and exchange accurate information.

　　The worker is required to have close visual acuity to perform an activity such as: preparing and analyzing data and figures; transcribing; viewing a computer terminal; extensive reading.

　　PeaceHealth is committed to the overall wellbeing of our caregivers: physical, emotional, financial, social, and spiritual. We offer caregivers a competitive and comprehensive total rewards package. Some of the many benefits included in this package are full medical/dental/vision coverage; 403b retirement plan employer base and matching contributions; paid time off; employer-paid life and disability insurance with additional buyup coverage options; tuition and continuing education reimbursement; wellness benefits, and expanded EAP and mental health program.

　　See how PeaceHealth is committed to Inclusivity, Respect for Diversity and Cultural Humility (https://www.thecaregiver.org/wp-content/uploads/2017/05/PeaceHealth-Statement-of-Commitment-to-Diversity-and-Inclusion-vFINAL.pdf) .

　　For full consideration of your skills and abilities, please attach a current resume with your application. EEO Affirmative Action Employer/Vets/Disabled in accordance with applicable local, state or federal laws.

　　PeaceHealth requires a completed Primary Vaccine Series (e.g., 2 dose monovalent Pfizer, Moderna or Novavax series or 1 dose J&J vaccine series) or be Up to Date (receiving the most recent Pfizer/Moderna bivalent vaccine/booster) for COVID-19 vaccination prior to their start date. PeaceHealth has a medical and religious exemption request process for those that are unable to receive the COVID-19 primary vaccine series due to medical/religious reasons. For caregivers that will be working in Oregon there is a personal vaccine exemption form that may be requested.

　　REQNUMBER: 75831