Cybersecurity Vulnerability and Threat Manager Job at Rush University Medical Ce
Rush University Medical Center, Chicago, IL, United States, 60290
Job Description
Location: Chicago, IL
Hospital: Rush University Medical Center
Department: Cybersecurity Engineering
Work Type: Full Time (Total FTE between 0.9 and 1.0)
Shift: Shift 1
Work Schedule: 8 Hr (8:00:00 AM - 5:00:00 AM)
Rush offers exceptional rewards and benefits; learn more at our Rush benefits page.
Summary:
This position is responsible for Infrastructure and Application vulnerability/threat management for RUSH Systems for Health. The role enhances vulnerability and threat management functions and directs the team to align with the approach. As a Vulnerability and Threat Manager, you will lead RUSH’s efforts to identify, assess, and mitigate vulnerabilities across our IT infrastructure and applications. You will be responsible for developing and implementing a comprehensive vulnerability and threat management program, ensuring the security of our systems and data by proactively addressing potential threats. This role requires a deep understanding of cybersecurity principles, vulnerability assessment tools, and risk management practices. The ideal candidate will have excellent organizational, communication, and management skills and the ability to lead training sessions and workshops for staff members.
Responsibilities:
- Infrastructure Vulnerability Assessment:
- Develop and manage a robust Infrastructure vulnerability management program.
- Oversee regular vulnerability scans and assessments to identify potential security weaknesses.
- Prioritize vulnerabilities based on risk and potential impact on the organization.
- Develop asset and technology hardening checklists and measure compliance against them.
- Application Vulnerability Assessment:
- Develop and manage a robust application vulnerability management program.
- Work with development teams to set a cadence for application vulnerability scans.
- Prioritize vulnerabilities based on risk and potential impact on the organization.
- Collaborate with procurement, vendor, and application teams to define a remediation plan.
- Threat Assessment:
- Develop and manage a threat assessment program.
- Prioritize threats based on risk and impact on the organization’s attack surface.
- Mitigation and Remediation:
- Collaborate with IT and development teams to develop and implement effective remediation plans.
- Track and report on the status of vulnerability remediation efforts, ensuring timely resolution.
- Recommend and implement appropriate controls and safeguards to mitigate identified risks.
- Risk Management:
- Conduct risk assessments and impact analyses to understand the potential implications of vulnerabilities.
- Develop and maintain metrics and KPIs to measure the effectiveness of the vulnerability management program.
- Governance:
- Establish a multi-layer governance to manage vulnerability and remediation plans.
- Team Leadership:
- Lead and mentor a team of vulnerability engineers.
- Provide training and support to team members to enhance their skills and knowledge.
- Stakeholder Communication:
- Communicate vulnerability management status, trends, and recommendations to senior management and other stakeholders.
- Work with external auditors and assessors to provide necessary documentation and information.
- Tool Management:
- Evaluate, implement, and maintain vulnerability management tools and technologies.
- Stay current with emerging technologies and methodologies in the field of cybersecurity.
- Act as a subject matter expert and advocate for adopting information security best practices across the organization.
- Contribute to the Information Security leadership team and committees as needed.
- Direct technical security assessments in support of third-party risk management programs.
Required Job Qualifications:
- Bachelor’s degree in computer science or computer science-related fields.
- 10+ years of relevant experience in the cybersecurity field.
- Experience in leading vulnerability management teams.
- Proficiency with vulnerability scanning tools (e.g., Nessus, Qualys, Rapid7).
- Knowledge of infrastructure and application security principles and experience with threat intelligence platforms.
- Experience in working with COTS application vulnerability management.
- Experience in various application testing models such as SAST, DAST, and IAST.
- Experience in working with ASM tools.
- Experience in working with a managed services provider.
- Experience influencing and collaborating to get work done through others.
- Experience with technical controls and resolving InfoSec problems.
Preferred Job Qualifications:
- Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Cloud Security Professional (CCSP).
- Experience in reviewing vendor contracts and Service Level Agreements.
- Experience with security risk assessment and management, including threat modeling and risk analysis.
- Familiarity with incident response and disaster recovery procedures.
- Knowledge of cloud security and DevSecOps practices, including secure software development methodologies and cloud security controls.
- Preferred experience with Azure, Crowdstrike, Qualys, and any CSPM.
Rush is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics.
Position: Cybersecurity Vulnerability and Threat Manager
Location: US:IL:Chicago
Req ID: 14617
#J-18808-Ljbffr