HiringCafe
Posted 2d ago

Information Security Manager (Hybrid)

@ San Ysidro Health
View All Jobs
San Diego, California, United States
$64-$85/hrHybridFull Time
Responsibilities:Lead risk management, Oversee security program, Develop policies
Requirements Summary:5+ years IT security analyst; 3+ years leading an IT security program; 2+ years in healthcare with HIPAA-HITECH and PCI-DSS; 2+ years conducting audits; strong NIST CSF/AI RMF knowledge; ITIL; vendor and risk management; incident response leadership.
Technical Tools Mentioned:SIEM, IDS/IPS, DLP, Application Firewall, Email encryption, Vulnerability management, HIDS/HIPS, MDR/EDR/XDR, Active Directory, DHCP, DNS, Group Policy
Save
Mark Applied
Hide Job
Report & Hide
Job Description

Position Summary:

The Information Security Manager will serve as San Ysidro Health’s expert on Cybersecurity protection, detection, response, and recovery. This position will provide the vision and hands-on technical expertise required to ensure the Confidentiality, Integrity, and Availability of San Ysidro Health’s information and systems. This role oversees all security-related efforts including the security program, security risk management, vendor management, the Governance, Risk and Compliance (GRC) program and the Information Technology Business Continuity and Disaster Recover policy and procedure.

 

Essential Functions of the Job:

  • Working with the Information Technology and Application Teams to implement enterprise wide security planning to establish and maintain system controls by developing framework for controls and levels of access
  • Lead risk management activities to ensure risks are prioritized, updated and communicated in accordance with NIST RMF SP 800-37; Recommend and implement improvements to prevent, reduce or mitigate risks; maintain risk register
  • Working with Risk, Compliance and AI team, implement and monitor AI activities in accordance with NIST AI RMF 1.0
  • Create and update the necessary policies associated with HIPAA-HITECH and PCI DSS requirements; Develops techniques and procedures for conducting IS and cyber security risk assessments and compliance audits, the evaluation and testing of hardware, firmware, and software for possible impact on system security, and the investigation and resolution of security incidents
  • Leads the development of security awareness by providing orientation, educational programs, and on-going communication; Works with stakeholders at all levels of the organization to communicate the state of information security, inform of possible risks, and suggest ways to improve security; Work in conjunction with the compliance team on awareness training utilizing SYH’s education platform
  • Lead working sessions with other members of the Information Technology teams and key business stakeholders to implement safeguards and controls based on known risks, threats, and vulnerabilities
  • Lead efforts to monitor and audit systems, processes, and other controls in order to assess security and risk posture
  • Ensure the completion of operational activities associated to network monitoring and intrusion detection analysis to determine if there have been any attacks on the system; Work with the applicable parties to test mitigation plans
  • Evaluates, tests, recommends, develops, coordinates, monitors, and maintains information systems (IS) and cyber security policies, procedures, and systems, including access management for hardware, firmware, and software, and Business Continuity and Disaster Recovery preparedness, training, and testing
  • Lead incident response management activities; to include incident response drills, training activities, documentation; Develop and refine incident response policy, procedures and standards; Execute bi-annual table top exercises
  • Lead recurring internal IT Security audits and risk assessments in accordance with policies and procedures
  • Ensures that IT and cyber security architecture/designs, plans, controls, processes, standards, policies, and procedures are aligned with IT standards and overall IT and cyber security; Identifies security risks and exposures, determines the causes of security violations, and suggests procedures to halt future incidents and improve security; Facilitate the design and execution of vulnerability assessments, penetration tests
  • Work with external auditors during audits; Prepare documentation, files and information for audits; Work with auditors and internal team on outstanding tasks and findings identified during the audits
  • Work with other members of the IT Department to implement resolutions identified in risk assessments, penetration/vulnerability testing and audits
  • Mentor other IT Security, GRC staff on all facets of IT Security, IT Governance, IT Risk and IT Compliance
  • Responsible for the identification, tracking and management of enterprise risks; This includes performing risk assessments and measuring the success and effectiveness of mitigation efforts; Identifies, evaluates, tests, and implements appropriate security products, tools, and systems to establish and ensure a secure infrastructure
  • Articulates security policies, guidelines and standards to customers and developers; Able to apply theories, concepts, principles, and methodologies to difficult but conventional assignments
  • Works independently within an established framework

 

Additional Duties and Responsibilities:

  • Stay up-to-date on the latest intelligence and methodologies related to information security in order to identify threats and manage risks; Updates job knowledge and awareness of IT Security developments by participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations; attending IT Security conferences; communicate the latest intelligence to key staff to minimize or prevent impact to SY Health
  • Exemplifies and promotes the department’s four key success factors: Positivity, Ownership, Efficiency and Transparency, when working with both internal and external customers
  • Performs other duties as assigned

 

Job Requirements


Experience Required:

  • 5+ years’ experience as an IT Security Analyst
  • 3+ years’ experience leading an IT Security program
  • 2+ years in a healthcare environment, strong understanding of HIPAA-HITECH and PCI-DSS requirements
  • 2+ years supporting or conducting audits within a regulated environment
  • 2+ years conducting forensics to support various departments
  • Experience working with vendors for SOC/MSSP and SRA services
  • Strong understanding of NIST CSF and CSF-AI framework
  • Experience building an enterprise-wide security program
  • Strong understanding of Governance Risk and Compliance programs
  • ITIL best practices

 

Education Required:

  • High School Diploma or GED Equivalent

 

Education Preferred:

  • B.S. in Computer Science, B.S. in Information Systems, Computer Science or related field

 

Verbal and Written Skills Required to Perform the Job:

  • Excellent oral and written communication skills, with focus in technical or instruction-oriented writing and in clearly communicating complicated concepts over the phone, in person and in writing
  • Ability to convey ideas and information to others and receive feedback effectively
  • Ability to communicate and interact successfully with a diverse community and develop and maintain positive professional relationships with colleagues and staff members

 

Technical Knowledge and Skills Required to Perform the Job:

  • Experience with auditing and monitoring tools including SIEM administration
  • Experience with IDS/IPS and DLP solutions
  • Application Firewall administration
  • Internet access security and content filtering
  • Knowledge of Email encryption systems
  • Vulnerability management system administration
  • HIDS/HIPS and MDR/EDR/XDR protection suites
  • Experience utilizing tools to validate the extent of known attacks
  • Experience working with networking technologies hardwire and wireless networks and protocols
  • Multi-Factor Authentication, VPN and remote access methodology
  • Experience handling, organizing, tracking, and reporting on user support incidents
  • Experience working with Active Directory, DHCP, DNS, and Group Policy
  • Understanding of Change Control Processes and Controls

 

Equipment Used:

  • Laptop or Personal Computer
  • Software required to perform within the Information Security role

 

Working Conditions and Physical Requirements:

  • Prolonged, extensive, and considerable standing, sitting, walking, and/or lifting
  • Manual dexterity and mobility
  • Always reaching, stooping bending, kneeling, crouching
  • Good organizational skills and ability to remain focused and concentrate with noise around
  • Ability to handle multiple job task functions simultaneously
  • Ability to work harmoniously with others as a team member
  • May be required to work evenings and/or weekends

 

Universal Requirements:

Pre-employment requirements include I-9, physical, positive background and reference check results, complete application, new hire orientation, pre-employment PPDs. Compliance with all mandated vaccinations and all boosters is a term and condition of employment.

 

About Us San Ysidro Health is a Federally Qualified Health Care organization committed to providing high quality, compassionate, accessible and affordable healthcare services for the entire family. The organization was founded by seven women in search of medical services for their families and community. Almost 50 years later, San Ysidro Health now provides innovative care to over 108,000 patients through a vast and integrated network of 47 program sites across the county. San Ysidro Health could not serve our patients without the dedication of our passionate and hardworking employees. Apply today and become a part of our mission-driven team! San Ysidro Health has a long-standing commitment to equal employment opportunity for all applicants for employment.  Employment decisions including, but not limited to, those such as employee selection, performance evaluation, administration of benefits, working conditions, employee programs, transfers, position changes, training, disciplinary action, compensation, and separations are made without regard to race, color, religion (including religious dress and grooming), creed, national origin, nationality, citizenship status, domestic partnership status, ancestry, gender, affectional or sexual orientation, gender identity or expression, marital status, civil union status, family status, age, mental or physical disability (including AIDS or HIV-related status), atypical heredity cellular or blood trait of an individual, genetic information or refusal to submit to a genetic test or make available the results of a genetic test, military status, veteran status, or any other characteristic protected by applicable federal, state, or local laws.