Information Security Manager

Location

United States

Posted

9 days ago

Salary

0

Seniority

Lead

Job Description

Information Security Manager

Recovery Centers of America

Role Description The IT Security Program Manager is responsible for executing and managing the day-to-day operations of Recovery Centers of America’s cybersecurity program. This role will coordinate and perform audits, oversee third-party risk management, manage RCA’s security awareness and phishing programs, drive policy governance, and ensure the timely resolution of open risk items and vulnerabilities. - Manage the daily operations of RCA’s cybersecurity program under the guidance of the CISO. - Coordinate and track the completion of internal and external security audits, including HIPAA, SOC 2, and NIST-based assessments. - Maintain and monitor the Information Security Risk Register, ensuring timely resolution of identified issues and mitigation of critical findings. - Lead tabletop exercises and incident response simulations to test and improve RCA’s preparedness and business continuity planning. - Collaborate with RCA leadership and department heads to ensure that security policies and controls are understood and effectively implemented across all business units. - Manage the third-party risk assessment program, ensuring that all vendors with access to PHI or critical systems undergo security evaluation and periodic reassessment. - Review BAAs, security questionnaires, and compliance attestations; ensure corrective action for identified gaps. - Partner with Procurement and Legal to integrate security requirements into new and existing vendor contracts. - Work with the CISO to review, update, and publish information security policies, standards, and procedures in accordance with HIPAA, HITECH, and NIST frameworks. - Develop dashboards and recurring reports to track security metrics, compliance posture, and program maturity for presentation to the CISO and executive leadership. - Monitor and interpret changes to regulatory requirements, ensuring timely updates to RCA’s compliance program. - Administer and optimize RCA’s KnowBe4 Security Awareness and Phishing Training Program. - Track user engagement and training completion rates, and provide metrics and recommendations to leadership. - Develop creative awareness campaigns to strengthen RCA’s security culture. - Identify and track critical infrastructure vulnerabilities, working with IT and Infrastructure teams to ensure remediation and continuous monitoring. - Oversee MDM security, ensuring appropriate device controls, encryption, and enforcement of mobile security policies. - Support the CISO in analyzing threat intelligence, vulnerability trends, and endpoint security performance (e.g., CrowdStrike, firewall alerts). - Ensure continuous compliance with HIPAA, HITECH, and NIST 800-53 / 800-171 requirements. - Coordinate with Compliance, Legal, and Clinical leadership to ensure consistent risk management practices. - Participate in post-incident reviews, documenting lessons learned and recommending process improvements. Qualifications - Bachelor’s degree in Information Security, Computer Science, Information Technology, or related field required. - Minimum of 5–7 years of progressive experience in cybersecurity, IT risk management, or audit within a regulated environment (preferably healthcare). - At least 2 years in a program management or leadership role overseeing information security functions. - Strong working knowledge of HIPAA, NIST 800-53, HITRUST, and security risk management frameworks. - Certifications (preferred but not required): Security +, CISSP, CISM, CRISC, HCISPP, or equivalent security certification. - PMP or similar project management certification is a plus. Technical Skills - Understanding of endpoint protection, SIEM tools, MDM platforms (e.g., Intune), and vulnerability management solutions. - Experience with vendor risk tools, audit tracking systems, and compliance reporting. - Familiarity with Microsoft 365 Security Suite, KnowBe4, and GRC platforms. Core Competencies - Strong analytical and problem-solving skills. - Excellent written and verbal communication skills, with the ability to translate technical risks for non-technical stakeholders. - Highly organized and detail-oriented, with the ability to manage multiple priorities simultaneously. - Demonstrated ability to build cross-functional relationships and drive accountability. - Passionate about RCA’s mission and maintaining the privacy and security of patient information. Travel - Limited travel is required for this position. - This position is primarily a remote position.

Related Categories

Related Job Pages

More Security Engineer Jobs

ContractRemoteTeam 201-500Since 2012H1B No Sponsor

• Definir e implantar las políticas de seguridad aplicables a las plataformas de bases de datos y backup. • Diseñar y coordinar la implantación de medidas de hardening sobre plataformas Oracle, SQL Server, PostgreSQL y otras tecnologías de bases de datos. • Definir e implementar controles de ciberresiliencia para las plataformas de backup y recuperación. • Garantizar la protección de los datos frente a amenazas como ransomware, accesos no autorizados y pérdida de información. • Diseñar estrategias de recuperación segura y continuidad del servicio para bases de datos y sistemas de backup. • Supervisar la implantación de mecanismos de cifrado, gestión de credenciales, control de acceso y segregación de funciones. • Colaborar con el área de Ciberseguridad en la gestión de vulnerabilidades, remediación y planes de mejora. • Coordinar auditorías técnicas y asegurar el cumplimiento de los requisitos regulatorios y corporativos. • Definir estándares técnicos y procedimientos de seguridad para las plataformas de datos. • Participar en proyectos de modernización tecnológica, garantizando la incorporación de requisitos de seguridad desde el diseño (Security by Design). • Analizar riesgos técnicos y proponer planes de mitigación. • Elaborar documentación técnica, procedimientos operativos y evidencias para auditorías internas y externas. • Promover la mejora continua de la postura de seguridad y resiliencia de las plataformas.

Spain
€250 - €300 / day
EWOR logo

Cybersecurity Co-Founder, CPO

EWOR

For those who think in decades and build in days.

Full TimeRemoteTeam 201-500Since 2020H1B No Sponsor

• Own, build, and run your startup in fields such as Cybersecurity • Embark on a personal development journey crafted by unicorn founders • Receive support in hiring through a network of over 50,000 professionals • Intensive coaching to make your startup ready for funding • Iterate your product until reaching product-market fit

Germany
Zensar logo

Offensive + Defensive Security - Specialist

Zensar

At Zensar, we’re “experience-led everything”. We are committed to conceptualizing, designing, engineering, marketing, and managing digital solutions and experiences for over 130 leading enterprises. We are a company driven by a bold purpose: Together, we shape experiences for better futures. Whether for our clients, our people, or the world around us, this belief powers everything we do. At the heart of our culture is ONE with Client - a set of four core values that reflect who we are and how we work: One Zensar, Nurturing, Empowering, and Client Focus. Part of the $4.8 billion RPG Group, we’re a community of 10,000+ innovators across 30+ global locations, including Milpitas, Seattle, Princeton, Cape Town, London, Zurich, Singapore, and Mexico City. We believe the best work happens when individuality is celebrated, growth is encouraged, and well-being is prioritized. We are an equal employment opportunity (EEO) and affirmative action employer, committed to creating an inclusive workplace. All qualified applicants will be considered without regard to race, creed, color, ancestry, religion, sex, national origin, citizenship, age, sexual orientation, gender identity, disability, marital status, family medical leave status, or protected veteran status.

Full TimeRemoteTeam 10,001

Role Description A lean, high-impact team focused on vulnerability discovery, attack simulation, and remediation enablement. - Developer-led profiles with a cybersecurity mindset - Experience in: - Penetration testing / ethical hacking / red teaming - Identifying vulnerabilities and supporting remediation - Ability to operate across offensive and defensive security domains Team composition: - Mix of: - Highly skilled / senior specialists - Mid-level / support resources (testing, analysis, support activities) Deployment model: - 1 role - Flexible / remote (not required to be on-site) Company Description At Zensar, we’re “experience-led everything”. We are committed to conceptualizing, designing, engineering, marketing, and managing digital solutions and experiences for over 130 leading enterprises. We are a company driven by a bold purpose: Together, we shape experiences for better futures. Whether for our clients, our people, or the world around us, this belief powers everything we do. At the heart of our culture is ONE with Client - a set of four core values that reflect who we are and how we work: One Zensar, Nurturing, Empowering, and Client Focus. Part of the $4.8 billion RPG Group, we’re a community of 10,000+ innovators across 30+ global locations, including Milpitas, Seattle, Princeton, Cape Town, London, Zurich, Singapore, and Mexico City. We believe the best work happens when individuality is celebrated, growth is encouraged, and well-being is prioritized. We are an equal employment opportunity (EEO) and affirmative action employer, committed to creating an inclusive workplace. All qualified applicants will be considered without regard to race, creed, color, ancestry, religion, sex, national origin, citizenship, age, sexual orientation, gender identity, disability, marital status, family medical leave status, or protected veteran status.

India
Cashea logo

Data Security Engineer

Cashea

Compra ahora y paga después, en cuotas sin interés. El impulso que mereces.

Full TimeRemoteTeam 501-1,000Since 2022H1B No Sponsor

• Proteger los datos de la compañía a lo largo de todo su ciclo de vida (ingesta, procesamiento, almacenamiento, consumo y eliminación). • Diseñar e implementar controles técnicos (especialmente en GCP) con foco en DLP, gobierno del dato, gestión de accesos, cifrado/keys, monitoreo y respuesta ante incidentes de datos. • Definir y mantener el modelo de clasificación y manejo de datos. • Implementar y mejorar controles de protección de datos: acceso, cifrado y gestión de llaves, y hardening.

Argentina