• Information Security Manager

    Job Locations US-RI-Smithfield
    Req No.
    2019-10629
    NHPRI Department
    435 - Information Security
    Type
    Regular Full-Time
  • Overview

    The Information Security Manager will lead the vulnerability identification and security event monitoring process and manage tasks such as security event log reviews, intrusion alert reviews, and running vulnerability scans.  He/she must stay up-to-date on the latest intelligence, including hackers’ methodologies, in order to proactively mitigate security incidents. In addition, he/she will track remediation of vulnerabilities within specified timelines developed based on industry leading practices and regulatory guidelines.

    Supports the Information Security Officer in reviewing security practices and providing recommendations for implementing a secure computing environment while enabling the business. He/She will conduct security risk assessments and make recommendations to ensure the security controls meet regulatory requirements as well as industry leading practices. In addition, this role will support the Information Security Officer in policy and standard development and will help ensure operational compliance to such policies. 

    Responsibilities

    • Support Information Security Officer in establishing and maintaining Information Security policies to help protect the data and assets of the company
    • Develop technical minimum security baseline standards for IT implementation and develops testing procedure for compliance review
    • Develop and manage penetration testing and vulnerability scanning schedules, rules, SLA’s and reporting
    • Coordinate Information Security penetration tests with external partners
    • Manage remediation efforts associated with the results of penetration tests and vulnerability scans
    • Utilize vulnerability management scanning tools and perform regular threat assessments and scans
    • Conduct proper review and follow-up for potential threats based on log monitoring results
    • Monitor security threats, and liaise with IT in taking measures to mitigate risks
    • Periodically review the organization’s security architecture, security tools, and deployment for best practices
    • Lead in the development of Cloud Usage security requirements
    • Help develop Key IT Metrics (KPIs and KRIs) and prepare reports for Information Security Officer and Senior Leadership, reporting on Information Security program achievements, successes, challenges and opportunities for improvement
    • Support the Information Security Officer in measuring and continuously improving a comprehensive security program
    • Support in the creation and delivery of Security Awareness and Training throughout the organization to  help raise awareness of cyber risks and prevention measures across the enterprise
    • Assist as needed as a security advisor in new business or product development activities to ensure products comply with information security and privacy standards
    • Review security for existing and new vendors to minimize risk to the organization
    • Develop and execute IT Control test plan and schedule
    • Perform Information Security risk assessments and execute tests of data processing systems to ensure functioning of security measures
    • Support Information Security Officer in the review, exercise and updating of the Security Incident Response plans as needed
    • Support internal and external auditor requests
    • Plan and facilitate periodic access reviews (PAR)
    • Assist with annual review of Information Security policies, standards  and procedures
    • Perform additional duties and projects as assigned by Information Security Officer
    • Corporate Compliance Responsibility - As an essential function, responsible for complying with Neighborhood’s Corporate Compliance Program, Standards of Business Conduct, applicable contracts, laws, rules and regulations, policies, and procedures as it applies to individual job duties, the department and the Company. This position must exercise due diligence to prevent, detect, and report unlawful and/or unethical conduct by fellow co-workers, professional affiliates and/or agents.

    Qualifications

    Required:

    • 5+ years of Information Security professional with Governance, Risk and Compliance experience
    • BS degree in Information Technology/Security, related discipline, or equivalent experience
    • Demonstrated experience with security frameworks and security management including knowledge of common information security management frameworks, HITRUST, and NIST
    • Ability to develop and manage penetration testing and/or and vulnerability scan activity and associated tools experience
    • Ability to recommend technical remediation strategies to safeguard computers, networks and regulated data
    • Facilitate and track security remediation efforts by internal IT staff and business line owners
    • Perform Information Security/Information Technology risk assessments
    • Ability to communicate security risk in business terms
    • Ability to perform as an individual contributor as well as manage a team, and develop junior team members
    • Ability to effectively prioritize and execute tasks
    • Ability to effectively and persuasively communicate in written and verbal form across all levels of the organization
    • Must be an organized, detail oriented team player with the ability to prioritize daily work and support multiple initiatives simultaneously
    • Strong analytical skills, problem solving skills, and project/program management skills
    • Excellent Customer service skills

    Preferred: 

    • Healthcare/Health Plan industry experience
    • Solid understanding of common security tools (e.g., vulnerability scanners, firewalls, IDS/IPS, AV software)
    • CISM, CISSP, CRISC, CISSP, CISA or similar security certification preferred
    • Proficient with MS Office, project management software, and at least one GRC tool (highly recommended)

    Core Company-Wide Competencies:

    • Communicate Effectively
    • Respect Others & Value Diversity
    • Analyze Issues & Solve Problems
    • Drive for Customer Success
    • Manage Performance, Productivity & Results
    • Develop Flexibility & Achieve Change

    Job Specific Competencies:

    • Collaborate & Foster Teamwork
    • Attend to Detail & Improve Quality
    • Create & Innovate
    • Plan & Organize

    Flexible Work Arrangement:

    • Yes 

    Telecommuting Arrangement:

    • Yes (flexible) 

    Travel Expectations:

    • Minimal travel locally between locations is required

    Neighborhood is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status or any other legally protected basis.

    Neighborhood is committed to ensuring individuals with disabilities and/or those who have special needs participate in the workforce and are afforded equal opportunity to apply for jobs. If you would like to contact us regarding the accessibility of our Website or need assistance completing the application process, please contact us at recruiting@nhpri.org.

    Neighborhood is an EOE M/F/D/V and an E-Verify Employer

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Need help finding the right job?

    We can recommend jobs specifically for you! Click here to get started.