Manager, IT Security/Information Security Officer (ISO)

The Manager of IT Security/ISO role is to provide vision and leadership for developing and supporting information security initiatives.

This is the top information security position with the responsibility for helping to set organization policy, strategy, standards, and procedures for information and system security, protection, disaster recovery, and business continuance. It is responsible for the development and implementation of security audits and procedures to ensure system and information integrity, availability, reliability and confidentiality and legal/regulatory compliance.

The position ensures the organization's information technology complies with all applicable federal, state, and local information privacy and related laws and regulations. It sets, monitors and enforces security elements within application, infrastructure, and data architectures and development methodologies.
Education/Training:

• Bachelor's degree preferred
• Work experience of 6-12 years may be substituted in lieu of education
• Minimum 5 years' experience managing and/or directing an IT and/or security operation.
• Experience with, ProofPoint, Palo Alto, M356, Siem/SOC oversight, Network Protocol Analysis, and other security products and troubleshooting tools is desired.

Licenses/Certification:

• CISSP Certification preferred

Responsibilities

• Participate as a member of the IT management team in governance processes of the organization's security strategies.
• Lead strategic information security planning to achieve business goals by prioritizing defense initiatives and coordinating the evaluation, deployment, and management of current and future information security technologies.
• Develop and communicate information security strategies and plans to executive team, staff, partners, customers, and stakeholders.
• Develop, implement, maintain, and oversee enforcement of policies, procedures, and associated plans for system security administration and user system access based on industry-standard best practices.
• Work closely with IT department on corporate technology development to fully secure information, computer, network, and processing systems.
• Oversee the administration of all computer security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and anti-virus software.
• Develop, track, and oversee the information security services annual operating and capital budgets for purchasing, staffing, and operations.
• Recommend and implement changes to information security policies and practices in accordance with changes in local or federal law.
• Creatively and independently provide resolution to information security problems in a cost-effective manner.
• Define and communicate corporate plans, procedures, policies, and standards for the organization for acquiring, implementing, and operating new information security systems, equipment, software, and other technologies.
• Assess and communicate any and all security risks associated with any and all purchases or practices performed by the company.
• Collaborate with CIO, CTO, privacy officer, and human resources to establish and maintain a system for ensuring that security and privacy policies are met.
• Assist with the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements.
• Where applicable, supervise recruitment, development, retention, and organization of information security staff in accordance with corporate budgetary objectives and personnel policies.
• Promote and oversee strategic information security relationships between internal resources and external entities, including government, vendors, and partner organizations.
• Remain informed on trends and issues in the information security industry, including current and emerging technologies and prices. Advise, counsel, and educate executive and management teams on their relative importance and financial impact.
• Ongoing development of Sturdy Health's Identity Access Management program.

Position Requirements

• Proven experience in planning, organizing, and developing IT security and system technologies.
• Experience in planning and executing information security policies and standards development.
• Excellent knowledge of technology environments, including information security, building security, and defense solutions.
• Substantial exposure to data processing, hardware platforms, enterprise software applications, and outsourced systems
• Good understanding of computer systems characteristics, features, and integration capabilities.
• Experience with systems design and development from business requirements analysis through to day-to-day management.
• Excellent understanding of project management principles.
• Superior understanding of the organization's goals and objectives.
• Demonstrated ability to apply IT in solving security problems.
• In-depth knowledge of applicable laws and regulations as they relate to security.
• Proven leadership ability.
• Ability to set and manage priorities judiciously.
• Excellent written and oral communication skills.
• Excellent interpersonal skills.
• Strong negotiating skills.
• Ability to present ideas in business-friendly and user-friendly language.
• Exceptionally self-motivated and directed.
• Keen attention to detail.
• Superior analytical, evaluative, and problem-solving abilities.
• Exceptional service orientation.
• Ability to motivate in a team-oriented, collaborative environment.

Work Conditions

• On-call availability and periodic overtime.
• Sitting for extended periods of time.

Other duties: Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

AGE AND DIVERSITY RELATED CRITERIA: Consistently treats patients, colleagues and visitors with the dignity and respect, while being sensitive to the differing needs of all age groups, backgrounds, characteristics and cultures.

ABILITY TO FULFILL JOB EXPECTATIONS: Must have the ability to the perform essential functions of the position, including required work hours, locations and physical demands, without posing a direct threat to the health and safety of themselves or other individuals in the workplace, and with or without reasonable accommodation.

PHYSICAL DEMANDS: Sit for long periods of time. Use their hands to handle, control, or feel objects, tools, or controls. Repeat the same movements. See details of objects that are less than a few feet away. Speak clearly so listeners can understand. Understand the speech of another person.

Sturdy Memorial Hospital is an equal employment opportunity employer. There is no discrimination because of race, color, creed, age, gender, sexual orientation, national origin, veteran status or disability.