Manager, Information Security at UC HEALTH LLC in Cincinnati, Ohio

Job Description:

The Information Security Manager will have the following experience and capabilities:

• Proven track record of managing an IT or Security team including security operations.
• Strong knowledge of information security principles and practices
• Experience with numerous security technologies including, Active Directory and Entra ID, MFA, SSO, EDR/XDR, SIEM, Firewall, DDOS, Network Segmentation.
• Experience with or understanding of risk management frameworks, methodologies, and certifications, including NIST CSF, SOC 2, HITRUST, CIS.
• Familiarity with data protection regulations and privacy laws including HIPAA.
• Excellent communication and interpersonal skills.
• Strong analytical and problem-solving abilities.
• Experience in the development of system requirements and related solution specifications.
• Overseen or directed the implementation of IT systems.
• Strong knowledge of Windows. Familiarity and experience with Apple - Mac/iOS and Linux preferred
• Awareness and understanding of security concepts related to Cloud, SaaS, On-prem, and hybrid systems
• Familiarity with virtualization including VMware and VDI.
• Policy and SOP development and maintenance.

Minimum Requirements: Bachelor's degree in information systems or related field. 6 - 10 Years IT experience including five or more years of experience in Information Security required.

Preferred: 6 - 10 Years Information Security experience - Healthcare systems experience desirable. Familiarity with Microsoft security suite preferred. Relevant certifications such as CISSP, CISM, or CRISC required.Key Responsibilities:

• Security Operations: Manage and monitor security operations to protect the organization's information assets. This includes overseeing the security incident response process, conducting security assessments, and ensuring compliance with security policies and standards.


• Risk Management: Identify, assess, and mitigate information security risks. Develop and implement risk management strategies to protect the organization from potential threats. Conduct regular risk assessments and audits to ensure the effectiveness of security controls.


• Privacy Operations: Support the organization's privacy operations by ensuring compliance with data protection regulations and policies. Work with the privacy team to develop and implement privacy policies and procedures. Conduct privacy impact assessments and manage data breach response activities.


• Policy Development: Develop and maintain information security policies, procedures, and guidelines. Ensure that all policies are up-to-date and aligned with industry best practices and regulatory requirements.


• Training and Awareness: Conduct security training and awareness programs for employees to promote a culture of security within the organization. Ensure that all employees are aware of their responsibilities regarding information security and privacy.


• Collaboration: Work closely with IT, legal, compliance, and other departments to ensure a coordinated approach to information security and privacy. Provide guidance and support to other teams on security-related matters.


• Reporting: Prepare and present regular reports on the status of the organization's information security and privacy programs to senior management. Provide recommendations for improvements and highlight any areas of concern.

Key Responsibilities:

• Security Operations: Manage and monitor security operations to protect the organization's information assets. This includes overseeing the security incident response process, conducting security assessments, and ensuring compliance with security policies and standards.


• Risk Management: Identify, assess, and mitigate information security risks. Develop and implement risk management strategies to protect the organization from potential threats. Conduct regular risk assessments and audits to ensure the effectiveness of security controls.


• Privacy Operations: Support the organization's privacy operations by ensuring compliance with data protection regulations and policies. Work with the privacy team to develop and implement privacy policies and procedures. Conduct privacy impact assessments and manage data breach response activities.


• Policy Development: Develop and maintain information security policies, procedures, and guidelines. Ensure that all policies are up-to-date and aligned with industry best practices and regulatory requirements.


• Training and Awareness: Conduct security training and awareness programs for employees to promote a culture of security within the organization. Ensure that all employees are aware of their responsibilities regarding information security and privacy.


• Collaboration: Work closely with IT, legal, compliance, and other departments to ensure a coordinated approach to information security and privacy. Provide guidance and support to other teams on security-related matters.


• Reporting: Prepare and present regular reports on the status of the organization's information security and privacy programs to senior management. Provide recommendations for improvements and highlight any areas of concern.

Apply Now