Boston Medical Center
Manager Cybersecurity Program
Boston Medical Center, Boston, MA
POSITION SUMMARY:The Manager, Cybersecurity Program is responsible for overseeing, coordinating, and implementing cybersecurity risk management initiatives to help protect the organization’s information and infrastructure assets. This role involves managing multiple cybersecurity risk assessments and audits, security policy development, compliance initiatives, and incident response plans, ensuring they align with the organization's overall cybersecurity strategy. The Manager works closely with the CISO and cross-functional teams, including ITS, Privacy, Compliance, Legal, and Risk Management, to coordinate resources, track risk mitigation progress, and report on key security metrics. Additionally, they ensure that cybersecurity risk initiatives are adhering to regulatory and organizational security standards. Finally, the Manager, Cybersecurity Program will directly supervise a team of cybersecurity analysts. The role requires a strong blend of project management expertise, knowledge of cybersecurity frameworks, and excellent documentation and communication skills to drive effective cybersecurity policies and practices across the organization.Position: Manager Cybersecurity Program Department: Information TechnologySchedule: Full TimeESSENTIAL RESPONSIBILITIES / DUTIES:The Manager, Cybersecurity Program is responsible for managing a team of cybersecurity analysts to assist in overseeing and safeguarding an organization’s cybersecurity posture utilizing Cybersecurity Frameworks and controls. The position will work closely with The Chief Information Security Officer and other key cybersecurity and ITS leaders in developing and implementing the following:Developing and Implementing Cybersecurity StrategyThe Manager, Cybersecurity Program will help to formulate a comprehensive cybersecurity strategy aligned with organizational objectives. They will create and maintain policies, standards, and guidelines to manage cybersecurity risks across the organization.Risk Management and ComplianceThe Manager, Cybersecurity Program will oversee risk management programs, assessing and managing risks related to cybersecurity. They ensure compliance with relevant legal and regulatory requirements (e.g. HIPAA, PCI), industry standards, and internal policies.Collaboration with StakeholdersThe Manager, Cybersecurity Program collaborates closely with other executives, particularly the privacy and compliance departments, to align security initiatives with the organization's strategic goals. They also work with external stakeholders, such as regulators and auditors, to ensure the organization is aligned on security practices.Overseeing Cybersecurity Risk Management OperationsThe Manager, Cybersecurity Program is responsible for overseeing day-to-day security operations, such as 3rd party cyber risk monitoring, threat detection, and vulnerability management. They ensure that effective preventive and detective controls are in place.Security Awareness and TrainingThe Manager, Cybersecurity Program promotes a culture of security awareness within the organization. They develop and lead security training and awareness programs to educate employees on best practices and potential threats.Monitoring Emerging ThreatsStaying ahead of evolving threats and trends is critical. The Manager, Cybersecurity Program will monitor the cybersecurity risk landscape, assess new threats, and update the organization’s cybersecurity documentation accordingly.Policy Development and GovernanceThe Manager, Cybersecurity Program drafts and enforces cybersecurity policies, including appropriate use of technology, data protection, access control, and incident reporting. They help oversee governance frameworks that define roles, responsibilities, and accountability for security within the organization.The Manager, Cybersecurity Program role requires a balance of meticulous documentation, strategic vision, and leadership to assist in advancing the organization’s cybersecurity program.Recommends risk management enhancements to the CISO.Performs other duties as assigned or as necessary.Adheres to all of BMC’s RESPECT behavioral standards(The above statements in this job description are intended to depict the general nature and level of work assigned to the employee(s) in this job. The above is not intended to represent an exhaustive list of accountable duties and responsibilities required).JOB REQUIREMENTSEDUCATION:Bachelor’s degree in Computer Science, or related discipline, or equivalent experience, requiredCERTIFICATES, LICENSES, REGISTRATIONS REQUIRED:CISSP Required. CISM or CISA also PreferredEXPERIENCE:Minimum of 5 years of Information Security and Cybersecurity related experience is required for this position.3-5 years of supervisory experience required.Demonstrated experience with Cybersecurity Risk Management and Enterprise Security Frameworks is requiredKNOWLEDGE, SKILLS & ABILITIES (KSAs):Ability to translate complex security requirements into sustainable security documentation.Strong managerial skills.Excellent communications skills including facilitating presentations.Excellent analytical skills and the ability to define problems, collect data, establish facts, and draw conclusions.Excellent organization skills; someone who thrives in a dynamic and ever-changing environment.The ability to express issues and communicate well with various vendors and their operations personnel.A strong understanding of risk management fundamentals.Ability to prioritize projects and workload independently.Works and manages initiatives of moderate to advanced complexity under minimal supervision.Ability to multitask and shift priorities when necessary.Equal Opportunity Employer/Disabled/VeteransSummaryLocation: BostonType: Full time