Job Closed
This listing is no longer active.
Information Security Manager
Location
United States
Posted
121 days ago
Salary
$133K - $157K / year
Seniority
Lead
No structured requirement data.
Job Description
Information Security Manager
Health
This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description We are looking for a qualified, hands-on Information Security Manager to design, implement, and operate the information security program for our growing healthcare organization operating under the PACE model. This role blends strategic security leadership with practical execution. The ideal candidate can translate high regulatory and partner security standards into right-sized, pragmatic controls, while building sustainable governance, oversight, and audit processes. - Deploy HIPAA aligned best practice security architecture across our Microsoft 365 environment and Meraki based WAN. - Define, implement, and maintain administrative, technical, and physical security controls appropriate for a PACE organization. - Own security design decisions and control selection, balancing risk, regulatory requirements, and operational realities. - Security monitoring and incident response: configure and monitor tools, logs, and alerts, analyze activity, and investigate potential security incidents. - Serve as primary security escalation point for internal teams and external partners. - Lead incident response planning, tabletop exercises, post-incident reviews, and remediation tracking. - Perform vulnerability management activities, based on internal and external scans, and coordinate remediation activities. - Maintain an enterprise security risk register, including risk scoring, mitigation plans, and executive-level reporting. - Support business continuity and disaster recovery security requirements in partnership with IT and Operations. - Lead Access and Identity management, developing best practice procedures, and enabling others to work within these processes. - Oversee privileged access, role-based access controls, joiner/mover/leaver processes, and periodic access reviews. - Ensure appropriate data protection controls for PHI, including encryption, logging, and monitoring. - Draft, maintain, and enforce security policies, standards, and procedures aligned to HIPAA, NIST, and partner requirements. - Design and operate recurring security oversight and audit processes, including evidence collection and remediation tracking. - Lead and coordinate internal and external security audits, assessments, and partner security reviews. - Establish and manage a third-party security and risk management program, including vendor risk assessments and ongoing monitoring. - Partner closely with IT, Compliance, Legal, Clinical, and Operations teams to embed security into daily workflows. Qualifications - Bachelor’s degree in Computer Science with an emphasis on Information Security, or equivalent experience. - 7+ years of progressive experience in information security or cybersecurity roles, including hands-on implementation. - 3–5 years of experience owning or leading security programs, controls, or governance functions. - Hands-on experience in implementing information security best practices, and experience with security monitoring, incident response, or vulnerability management. - Practical experience in a Health Care organization, and expertise in industry regulatory and standards frameworks (HIPAA, NIST, etc). - Experience in cloud-based environments, specifically Microsoft 365. - Experience in networking concepts, operating systems, and cloud environments. - Familiarity with regulatory and standards frameworks (HIPAA, NIST, etc.). - Strong analytical and problem-solving skills with attention to detail. - Ability to lead through influence. - Ability to communicate complex issues clearly to technical and non-technical audiences. - Ability to travel up to 2 weeks per quarter. Requirements - Experience in a start-up organization. - Experience supporting audits, partner security assessments, or SOC/HIPAA readiness efforts. - Experience in creating technology solutions based on business requirements. - Experience working remotely – this is a remote position. - Professional certifications such as CISSP, CISM, CISA, or Security+ (preferred, not required). - A strong connection to the mission of our business. - Experience working with technology managed service providers. Benefits - This role is eligible for medical/dental/vision insurance. - Paid parental leave (birthing and non-birthing parents). - Short and long-term disability. - Life insurance. - Flexible spending accounts. - 401(k) savings. - Paid time off. - Company-paid holidays. - The expected salary range for this position is $133,000 - $157,000.
Job Requirements
- Bachelor’s degree in Computer Science with an emphasis on Information Security, or equivalent experience.
- 7+ years of progressive experience in information security or cybersecurity roles, including hands-on implementation.
- 3–5 years of experience owning or leading security programs, controls, or governance functions.
- Hands-on experience in implementing information security best practices, and experience with security monitoring, incident response, or vulnerability management.
- Practical experience in a Health Care organization, and expertise in industry regulatory and standards frameworks (HIPAA, NIST, etc).
- Experience in cloud-based environments, specifically Microsoft 365.
- Experience in networking concepts, operating systems, and cloud environments.
- Familiarity with regulatory and standards frameworks (HIPAA, NIST, etc.).
- Strong analytical and problem-solving skills with attention to detail.
- Ability to lead through influence.
- Ability to communicate complex issues clearly to technical and non-technical audiences.
- Ability to travel up to 2 weeks per quarter.
- Experience in a start-up organization.
- Experience supporting audits, partner security assessments, or SOC/HIPAA readiness efforts.
- Experience in creating technology solutions based on business requirements.
- Experience working remotely – this is a remote position.
- Professional certifications such as CISSP, CISM, CISA, or Security+ (preferred, not required).
- A strong connection to the mission of our business.
- Experience working with technology managed service providers.
Benefits
- This role is eligible for medical/dental/vision insurance.
- Paid parental leave (birthing and non-birthing parents).
- Short and long-term disability.
- Life insurance.
- Flexible spending accounts.
- 401(k) savings.
- Paid time off.
- Company-paid holidays.
- The expected salary range for this position is $133,000 - $157,000.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Maintain SIEM solutions (Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) in cloud environments (AWS, Azure, GCP) to support FedRAMP continuous monitoring requirements • Maintain and support SIEM platforms (Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) in AWS, Azure, and GCP environments to support continuous monitoring and compliance requirements • Manage and maintain log collection infrastructure including forwarders, collectors, and ingestion pipelines across hybrid environments • Support SIEM performance tuning, storage management, retention settings, and licensing optimization under established operational guidelines • Implement and maintain log retention and audit configurations aligned with FedRAMP and other compliance framework requirements • Develop, tune, and maintain detection rules, correlation searches, and alerting logic to identify security events • Create and maintain custom parsers and field extractions for complex or proprietary log sources • Reduce false positives through ongoing rule tuning, baseline analysis, and detection improvement efforts • Participate in peer reviews of detection rules and SIEM configuration changes • Monitor SIEM alerts and investigate security events to support incident response and threat hunting activities • Contribute to development and maintenance of detection and response playbooks and operational procedures • Support troubleshooting of SIEM ingestion, parsing, and performance issues • Work with infrastructure and application teams to onboard new log sources and improve security visibility • Collect and organize SIEM control evidence and artifacts for audits and 3PAO assessment activities • Ensure SIEM configurations support required controls such as audit review, log integrity, and time synchronization • Create and maintain SIEM architecture, detection, and operational documentation and runbooks • Provide technical support during client reviews and operational meetings as assigned • Share knowledge and provide guidance to junior team members • Contribute to process improvement and automation initiatives within SIEM and detection workflows
Principal Security Engineer – Vulnerability Management
Stitch FixChanging the way people find what they love.
• Collaborate to develop innovative security solutions, leveraging the right tools while contributing to design and architecture across multiple systems • Work closely with the team to develop effective solutions, leveraging the right tools while contributing to design and architecture across multiple systems • Be the first to step in, tackle challenges head-on, and do what it takes to protect and secure our organization • Ensure that technology solutions address real business challenges
Principal Security Engineer, Data Security
UpstartOur mission is to enable effortless credit based on true risk.
• Lead the design and execution of Upstart’s data security program, from early foundations through mature, scalable systems • Architect and build software solutions (APIs, services, and internal tools) that enable effective data protection and governance • Partner closely with Engineering, Analytics, Product, Legal, Risk, HR, and other stakeholders to secure sensitive data across diverse domains • Establish clear goals, success metrics, and accountability for data security initiatives • Drive adoption of least-privilege access models and modern data protection patterns across the organization • Mentor engineers and security practitioners, fostering strong technical standards and a culture of ownership • Continuously improve systems by learning from real-world signals such as false positives, operational feedback, and evolving threats
Senior Product Manager – Test Security, Platform Defense
The College BoardClearing a path for all students to own their future
• Lead Test Security & Platform Defense Product Strategy (30%) • Own the end-to-end product strategy and roadmap for test security and platform defense across the digital assessment platform. • Define priorities based on assessment risk, threat intelligence, program needs, and platform constraints, ensuring a unified approach across current and future programs. • Synthesize inputs from Test Security, Platform Threat Intelligence, field observations, and engineering into clear problem statements, prioritization options, and actionable roadmap proposals. • Proactively identify new problem spaces and solution opportunities, challenging assumptions and advancing innovative approaches to assessment protection. • Maintain a forward-looking roadmap that evolves as threats, business needs, and technology change. • Establish a shared strategic narrative that aligns security, platform, and program leaders around goals, sequencing, and outcomes. • Coordinate Cross-Domain Execution (40%) • Translate product strategy into actionable initiatives implemented across multiple product domains and engineering teams. • Partner with product management leaders to integrate test security and platform defense solutions into domain roadmaps, align sequencing and dependencies across initiatives, and establish consistent security patterns, standards, and platform capabilities. • Engage program VPs as business owners to ensure solutions protect assessment integrity while supporting program-specific requirements and operational realities. • Surface prioritization conflicts and decision points, presenting structured options, risks, and delivery implications to Test Security and Technology, Program, and Product leadership. • Define shared success metrics so progress is measured holistically across teams, not in isolation. • Own and Deliver Critical Security Capabilities (15%) • When appropriate, directly own delivery for specific test security or platform defense capabilities, acting as a hands-on PM/PO for deeply technical engineering teams (e.g., secure client or related components). • Translate complex technical and security requirements into clear backlog priorities, delivery plans, and acceptance criteria. • Stay close to delivery to ensure strategy is grounded in execution realities and technical constraints. • Communicate Risk, Tradeoffs, and Impact (15%) • Communicate clearly and responsibly with senior leadership on security posture, emerging risks, progress against strategy, and key tradeoffs. • Translate highly technical, sensitive, or confidential information into appropriate-level messaging tailored to the audience, maintaining discretion at all times. • Build shared understanding and confidence across product, security, and program leadership through clear narratives, recommendations, and decision framing. • Serve as a trusted voice on test security and platform defense, particularly in moments of ambiguity, risk, or emerging threat response.
