Job Closed
This listing is no longer active.
American Specialty Health is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to sex, gender, race, color, religion, creed, national origin, citizenship, ancestry, physical or mental disability, legally-protected medical condition, marital status, age, sexual orientation, genetic information, military or veteran status, political affiliation, or any other basis protected by applicable local, federal or state law. If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access our career center as a result of your disability. To request an accommodation, contact our Human Resources Department at (800) 848-3555 x6702.
Manager-Information Security Risk & Compliance
Location
United States
Posted
23 days ago
Salary
$89.3K - $149K / year
Seniority
Lead
Job Description
Manager-Information Security Risk & Compliance
American Specialty Health Incorporated
Role Description American Specialty Health Incorporated (ASH) is seeking a Manager-Information Security Risk & Compliance to join our Information Security department. The purpose of this position is to perform and oversee assigned day-to-day information security compliance tasks. Salary Range: $89,300 to $149,000 Full-Time Annual Salary Range. Remote Worker Guidelines: This position will be trained remotely and must be able to work from home (WFH) in a designated work area with company-provided technology equipment. This WFH position requires you have a stable connection to your Internet Service Provider with the ability to participate by video in online meetings over a reliable and consistent network. The internet connection must have a consistent 50 down/10 up Mbps minimum internet speed. 100 down/20 up is recommended to support higher quality video meetings. Responsibilities - Performs Information Security Compliance tasks and projects. - Maintains and improves risk assessment processes, performs risk assessments, and updates the risk register. - Assists with maintaining compliance with industry regulations, policies, and procedures. - Makes recommendations to the manager for improvements to increase the effectiveness within Information Security. - Collaborates with the information security operations and compliance teams to streamline processes. - Represents the Information Security team by responding to exception and advisory requests. - Analyzes and tracks metrics for dashboards, key performance indicators (KPIs), and scorecard. - Reviews risk and escalates identified anomalies and concerns to the manager. - Prepares metrics and reporting for Executive leadership. - Assists with HITRUST requirements and evidence gathering. - Performs internal security audits. - Maintains risk register in the GRC system. - Oversees Information Security Risk and Compliance Program. - Oversees day-to-day tasks enforcing quality and on-time deliverables. - Assists staff with career development. - Acts as subject matter expert to provide guidance for decision making. - Attends industry seminars, conferences, and training classes to update knowledge and skills. - Performs other duties as assigned. - Complies with all policies and standards. Qualifications - Bachelor’s Degree in applicable field, such as Information Security, Information Technology, Computer Science, Business Administration, or equivalent experience required. If equivalent experience, High School Diploma required. - 5 years of directly related experience in IT, Information Security, or IT Audit required. - Experience working in a regulated environment, such as healthcare, preferred. - Strong understanding of information security, risk management, and audit. - Demonstrated knowledge of administrative, technical, and physical security controls. - Demonstrated knowledge of different risk assessment methodologies. - Knowledge of a security control framework; preferably HITRUST. - Strong ability to successfully collaborate with a cross-matrix IT and business team environment. - Experience conducting and managing internal and third-party IT control assessments. - Strong analytical and critical thinking skills. - Strong working knowledge of MS Outlook, Word, and Excel. - Demonstrated ability to provide, both written and oral, concise and understandable communications and deliverables, especially for a non-technical audience. - Ability to use good judgment and make risk-based decisions as an advisor to the business on information security. - Certified Information Systems Auditor (CISA) Upon Hire preferred. - CISSP Certified Information Systems Security Professional Upon Hire preferred. Core Competencies - Demonstrated ability to interact in a positive, respectful manner and establish and maintain cooperative working relationships. - Ability to display excellent customer service to meet the needs and expectations of both internal and external customers. - Excellent listening and interpersonal communication skills to identify critical core competencies based on success factors and organizational environment. - Ability to effectively organize, prioritize, multi-task and manage time. - Demonstrated accuracy and productivity in a changing environment with constant interruptions. - Demonstrated ability to analyze information, problems, issues, situations, and procedures to develop effective solutions. - Ability to exercise strict confidentiality in all matters. Mobility - Primarily sedentary, able to sit for long periods of time. Physical Requirements - Ability to see, speak, and hear other personnel and/or objects. - Ability to communicate both in verbal and written form. - Ability to travel within and around the facility or Work from Home (WFH) environment. - Capable of using a telephone, computer keyboard, and mouse. - Ability to lift up to 10 lbs. Environmental Conditions - Work-from-home (WFH) environment.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Build and mature a detection and response program • Detect and respond to security incidents and participate in an incident on-call rotation • Develop innovative ways to detect security incidents. • Design and build the security for the future of our infrastructure. • Partner with the infrastructure team, engineering team, compliance team and within security teams to maintain and further improve our cloud security posture. • Create solutions and processes to identify, resolve and mitigate security vulnerabilities and risks. • Research threats and attack vectors that impact WW applications and infrastructure. • Devise and bolster defense-in-depth through secure-by-default frameworks, architectures and processes. • Mentor and share security standards and processes with all parts of the organization.
• As a Security Engineer at Offchain Labs, you will play a key role in defining and improving our cloud security posture and collaborate across teams to ensure that our operations are secure, compliant, and aligned with regulatory and industry best practices - such as SOC2. • Leverage your extensive experience in Cloud Security to design, implement, and improve secure cloud-native architectures and CI/CD pipelines. • Apply deep expertise in cloud infrastructure security to proactively identify risks, enforce best practices, and harden systems across the entire technology stack. • Automate security controls and educate developers for future-proofing against vulnerabilities. • Play an active part in designing and evolving the company’s overall information security governance and compliance program through: policies, standards, procedures, awareness. • Work closely with engineering, infrastructure, and product teams to make sure controls fit both business objectives and technical realities.
• Assess the current cloud and infrastructure security posture across AWS environments, Kubernetes platforms, and supporting services • Identify critical gaps and define a prioritized roadmap for improving security maturity across identity, runtime, network, and platform layers • Define and implement enterprise security controls across IAM governance, workload/runtime posture, and DNS security • Embed security guardrails, standards, and policies into the Platform Engineering and Cloud Center of Excellence (CoE) frameworks from the beginning of the transformation • Partner with platform teams to design secure-by-default self-service infrastructure patterns, templates, and workflows • Establish identity and access governance models including account strategy, role design, least-privilege policies, and federated access • Design and implement security standards for Kubernetes and containerized workloads, including supply chain security, workload isolation, and runtime protection • Define DNS and network security practices, including private networking, segmentation, service discovery, and threat protection • Collaborate with DevSecOps teams to integrate automated security testing, policy enforcement, and compliance checks into CI/CD pipelines • Support the creation of security observability, monitoring, incident response, and threat detection capabilities across the platform • Provide security leadership and mentoring to engineering teams to promote security ownership and best practices • Support organizational change management and stakeholder alignment to ensure security adoption across teams • Continuously evolve the security framework as the platform and operating model mature
• Assess the current cloud and infrastructure security posture across AWS environments, Kubernetes platforms, and supporting services • Identify critical gaps and define a prioritized roadmap for improving security maturity across identity, runtime, network, and platform layers • Define and implement enterprise security controls across IAM governance, workload/runtime posture, and DNS security • Embed security guardrails, standards, and policies into the Platform Engineering and Cloud Center of Excellence (CoE) frameworks from the beginning of the transformation • Partner with platform teams to design secure-by-default self-service infrastructure patterns, templates, and workflows • Establish identity and access governance models including account strategy, role design, least-privilege policies, and federated access • Design and implement security standards for Kubernetes and containerized workloads, including supply chain security, workload isolation, and runtime protection • Define DNS and network security practices, including private networking, segmentation, service discovery, and threat protection • Collaborate with DevSecOps teams to integrate automated security testing, policy enforcement, and compliance checks into CI/CD pipelines • Support the creation of security observability, monitoring, incident response, and threat detection capabilities across the platform • Provide security leadership and mentoring to engineering teams to promote security ownership and best practices • Support organizational change management and stakeholder alignment to ensure security adoption across teams • Continuously evolve the security framework as the platform and operating model mature
