MyMichigan Health
IT Security Operations Manager
MyMichigan Health, Midland, Michigan, United States, 48640
Summary:
**Position will be Hybrid and require candidate to come onsite when needed**This position serves as manager overseeing the operations of a team of staff supporting a risk-based cyber security function. Responsible for security operations and processes, this position will engage in continuous improvement for strengthening security posture and contribute toward development and support of security related policies. This role requires coordination and collaboration across the IT Department, Risk, Facility Security, Biomed, Audit, and Regulatory functions.Direct management of all activities involving the support of information systems security. Helps facilitate the selection, evaluation, and implementation of information system security infrastructure and assists in strategic and operational planning. Assists with or directly manages key strategic projects as needed. This position also serves as a top-level technical resource for the organization's IT security application and technology stack and related services, and is responsible for the enterprise-wide monitoring and management of security system architecture.Responsibilities include: planning and participating in projects to meet IT security needs, supporting, mentoring and managing team members building and supporting IT security technologies, project management of team's technical tasks, assisting with long and short term strategic and operational planning for security, reviewing staff job performance and assignment of responsibilities, and providing assistance with technical problem solving. Ensures appropriate resources are utilized in a prioritized and effective manner across project and operational support activities. Promotes teamwork and communication while maintaining high standards and customer satisfaction.Work closely with staff, vendors and others to provide system security that meets the needs of the organization; assist in the development of policies, procedures and standards regarding IT security; ensure that critical business functions are protected from disruption due to system failure or unavailability; ensure that enterprise applications have appropriate protections in place.Responsibilities:(45%)*
Manages IT security support staff, including development of short and long term goals. Reviews and updates goals and objectives periodically as needed. Performs all job review functions for direct reports.
(30%)*
Works collaboratively with system and application support personnel to support business applications and strategic security initiatives. Recommends and prepares configurations for additions and modifications to the IT security technology stack to meet the needs of applications and users consistent with established organizational standards and practices. Prepares and reports on IT security metrics and related projects status.
(25%)*
Participates in establishing, refining, and implementing the standards, policies and procedures for installing, securing, designing, tuning, monitoring, and managing IT security platforms.OTHER DUTIES AND RESPONSIBILITIES:Lead the development, implementation, communication and compliance monitoring of policies and procedures relating to IT Security in conformance with MyMichigan standards.Partner with IT Analysts to develop and enforce application accessibility requirements, ensure application vulnerabilities are identified, and data remains secure.Work with network team to audit and manage firewalls, network access and ensure a secure environment for network infrastructure.Collaborate with Server team to ensure that all application delivery mechanisms, active directory, domain controllers, data centers and any hosting environments are secure, and access to systems and appliances is well regulated and consistently managed.Identify emerging risks involving data access control technologies, information systems security issues, safeguards and techniques.Contribute in security reviews and identify security gaps in security architecture. Provide recommendations for inclusion in the risk mitigation strategy.Lead troubleshooting and problem solving efforts for a broad range of IT technical issues and involving a number of IT related disciplines. Consult with users, IT staff and others on system issues and capabilities and other areas within expertise.Adhere to Change Management standards.Participate in call rotation.MyMichigan Health is a technology driven organization and employees need to demonstrate competency. An employee may be required to participate in further learning opportunities offered by MyMichigan Health.Other duties as assigned.Certifications and Licensures:N/ARequired Education:Bachelor's Degree in a healthcare-related, Information Technology, or business field required.Master's degree is preferredOther Information:EXPERIENCE, TRAINING AND SKILLS:A minimum of five (5) years of information security experience.A minimum of three (3) years experience: managing information security in a regulated field (Healthcare, Energy, Government, etc.), supervising and providing technical guidance and coaching of a team of associates, guiding, mentoring or leading staff, writing and enforcing IT security policies and procedures, security incident management and/or breach mitigation, risk management, disaster recovery or business continuity planning..Expert level/deep knowledge of and extensive experience with the following are required: information assurance (IA) principles and organizational requirements that are relevant to confidentiality, integrity, availability, authentication, and non-repudiation, IT security principles and methods (e.g. firewalls, Demilitarized Zones, encryption), access control, data loss prevention software.Knowledge of: how data flows across the network (TCP/IP, OSI, etc.), secure configuration management techniques, HIPAA/HITECH, Payment Card Industry (PCI) data security standard, IT supply chain and third-party vendor security/risk management policies, requirements and procedures, operating systems such as Microsoft Windows, Linux, UNIX, MacOS X.Experience with penetration testing, vulnerability scanning, access reviewsPrior audit experience.Network related certification(s), including CCNA, Net+ or equivalent preferred.Must possess a high degree of initiative, mature judgement, and discretion.Leadership, project management, use of methodology, time management and organizational skills.Demonstrated ability to work effectively and carefully under pressure, to meet project deadlines, to learn independently, to communicate effectively with a variety of people and to write well is required. Excellent troubleshooting and problem solving skills are required.Interpersonal and presentation skills needed to communicate successfully both orally and in writing with individuals / groups and interact with people at all levels to communicate ideas and concepts in a clear and understandable manner.Mandatory tuberculosis (TB) testing must be completed as required.Mandatory Occupational Safety and Health Administration (OSHA) training must be completed annually according to the Exposure Control Plan.PHYSICAL/MENTAL REQUIREMENTS AND TYPICAL WORKING CONDITIONS:Exposure to stressful situations, including those involving public contact, as well as, trauma, grief and death.Able to wear personal protective equipment that includes latex materials or appropriate substitute if required for your position.Is able to move freely about facility with or without an assisted device and must be able to perform the functions of the job as outlined in the job description.Overall vision and hearing is necessary with or without assisted device(s).Frequently required to sit/stand/walk for long periods of time. May require frequent postural changes such as stooping, kneeling or crouching.Some exposure to blood borne pathogens and other potentially infectious material. Must follow MidMichigan Health bloodborne pathogen and TB testing as required.Ability to handle multiple tasks, get along with others, work independently, regular and predictable attendance and ability to stay awake.Overall dexterity is required including handling, reaching, grasping, fingering and feeling. May require repetition of these movements on a regular to frequent basis.Physical Demand Level:Light.Must be able to occasionally (0-33% of the workday) lift or carry 11-20 lbs., and or Walk/Stand/Push/Pull of Arm/Leg controls .
**Position will be Hybrid and require candidate to come onsite when needed**This position serves as manager overseeing the operations of a team of staff supporting a risk-based cyber security function. Responsible for security operations and processes, this position will engage in continuous improvement for strengthening security posture and contribute toward development and support of security related policies. This role requires coordination and collaboration across the IT Department, Risk, Facility Security, Biomed, Audit, and Regulatory functions.Direct management of all activities involving the support of information systems security. Helps facilitate the selection, evaluation, and implementation of information system security infrastructure and assists in strategic and operational planning. Assists with or directly manages key strategic projects as needed. This position also serves as a top-level technical resource for the organization's IT security application and technology stack and related services, and is responsible for the enterprise-wide monitoring and management of security system architecture.Responsibilities include: planning and participating in projects to meet IT security needs, supporting, mentoring and managing team members building and supporting IT security technologies, project management of team's technical tasks, assisting with long and short term strategic and operational planning for security, reviewing staff job performance and assignment of responsibilities, and providing assistance with technical problem solving. Ensures appropriate resources are utilized in a prioritized and effective manner across project and operational support activities. Promotes teamwork and communication while maintaining high standards and customer satisfaction.Work closely with staff, vendors and others to provide system security that meets the needs of the organization; assist in the development of policies, procedures and standards regarding IT security; ensure that critical business functions are protected from disruption due to system failure or unavailability; ensure that enterprise applications have appropriate protections in place.Responsibilities:(45%)*
Manages IT security support staff, including development of short and long term goals. Reviews and updates goals and objectives periodically as needed. Performs all job review functions for direct reports.
(30%)*
Works collaboratively with system and application support personnel to support business applications and strategic security initiatives. Recommends and prepares configurations for additions and modifications to the IT security technology stack to meet the needs of applications and users consistent with established organizational standards and practices. Prepares and reports on IT security metrics and related projects status.
(25%)*
Participates in establishing, refining, and implementing the standards, policies and procedures for installing, securing, designing, tuning, monitoring, and managing IT security platforms.OTHER DUTIES AND RESPONSIBILITIES:Lead the development, implementation, communication and compliance monitoring of policies and procedures relating to IT Security in conformance with MyMichigan standards.Partner with IT Analysts to develop and enforce application accessibility requirements, ensure application vulnerabilities are identified, and data remains secure.Work with network team to audit and manage firewalls, network access and ensure a secure environment for network infrastructure.Collaborate with Server team to ensure that all application delivery mechanisms, active directory, domain controllers, data centers and any hosting environments are secure, and access to systems and appliances is well regulated and consistently managed.Identify emerging risks involving data access control technologies, information systems security issues, safeguards and techniques.Contribute in security reviews and identify security gaps in security architecture. Provide recommendations for inclusion in the risk mitigation strategy.Lead troubleshooting and problem solving efforts for a broad range of IT technical issues and involving a number of IT related disciplines. Consult with users, IT staff and others on system issues and capabilities and other areas within expertise.Adhere to Change Management standards.Participate in call rotation.MyMichigan Health is a technology driven organization and employees need to demonstrate competency. An employee may be required to participate in further learning opportunities offered by MyMichigan Health.Other duties as assigned.Certifications and Licensures:N/ARequired Education:Bachelor's Degree in a healthcare-related, Information Technology, or business field required.Master's degree is preferredOther Information:EXPERIENCE, TRAINING AND SKILLS:A minimum of five (5) years of information security experience.A minimum of three (3) years experience: managing information security in a regulated field (Healthcare, Energy, Government, etc.), supervising and providing technical guidance and coaching of a team of associates, guiding, mentoring or leading staff, writing and enforcing IT security policies and procedures, security incident management and/or breach mitigation, risk management, disaster recovery or business continuity planning..Expert level/deep knowledge of and extensive experience with the following are required: information assurance (IA) principles and organizational requirements that are relevant to confidentiality, integrity, availability, authentication, and non-repudiation, IT security principles and methods (e.g. firewalls, Demilitarized Zones, encryption), access control, data loss prevention software.Knowledge of: how data flows across the network (TCP/IP, OSI, etc.), secure configuration management techniques, HIPAA/HITECH, Payment Card Industry (PCI) data security standard, IT supply chain and third-party vendor security/risk management policies, requirements and procedures, operating systems such as Microsoft Windows, Linux, UNIX, MacOS X.Experience with penetration testing, vulnerability scanning, access reviewsPrior audit experience.Network related certification(s), including CCNA, Net+ or equivalent preferred.Must possess a high degree of initiative, mature judgement, and discretion.Leadership, project management, use of methodology, time management and organizational skills.Demonstrated ability to work effectively and carefully under pressure, to meet project deadlines, to learn independently, to communicate effectively with a variety of people and to write well is required. Excellent troubleshooting and problem solving skills are required.Interpersonal and presentation skills needed to communicate successfully both orally and in writing with individuals / groups and interact with people at all levels to communicate ideas and concepts in a clear and understandable manner.Mandatory tuberculosis (TB) testing must be completed as required.Mandatory Occupational Safety and Health Administration (OSHA) training must be completed annually according to the Exposure Control Plan.PHYSICAL/MENTAL REQUIREMENTS AND TYPICAL WORKING CONDITIONS:Exposure to stressful situations, including those involving public contact, as well as, trauma, grief and death.Able to wear personal protective equipment that includes latex materials or appropriate substitute if required for your position.Is able to move freely about facility with or without an assisted device and must be able to perform the functions of the job as outlined in the job description.Overall vision and hearing is necessary with or without assisted device(s).Frequently required to sit/stand/walk for long periods of time. May require frequent postural changes such as stooping, kneeling or crouching.Some exposure to blood borne pathogens and other potentially infectious material. Must follow MidMichigan Health bloodborne pathogen and TB testing as required.Ability to handle multiple tasks, get along with others, work independently, regular and predictable attendance and ability to stay awake.Overall dexterity is required including handling, reaching, grasping, fingering and feeling. May require repetition of these movements on a regular to frequent basis.Physical Demand Level:Light.Must be able to occasionally (0-33% of the workday) lift or carry 11-20 lbs., and or Walk/Stand/Push/Pull of Arm/Leg controls .