Information Services & Security Manager - Winter Garden

A career at Community Health Centers offers a unique opportunity to join a team that makes a real impact in our community every day, by improving individuals' health while enhancing their quality of life. 

Top Reasons to work at Community Health Centers

  • A great benefits package that includes healthcare coverage, retirement plans, vacation, sick leave, and more.
  • Competitive compensation with advancement opportunities and tuition / training reimbursement.
  • Awarded "Best and Brightest Companies to Work for in the Nation" in 2018 and 2019.
  • Awarded "Top 100 Workplaces for Growing Families" by Orlando Sentinel.
  • Modernized and attractive health centers, that patients love.
Job Summary:

The Information Services (IS) and Security Manager accomplishes IS objectives by managing and enforcing IS security for all systems within the Information Services domain, leads IS security related initiatives, and provides guidance during security events. The position will primarily focus efforts on ensuring security standards are met within the organization but will also participate in general project management and policy and procedural activities to include scheduling resources, providing technical direction, future planning, support, and enhancement practices for IS services. The position will also lead initiatives involving the technical evaluation of new technologies and projects across the organization, including the scope and prioritization of work assignments, paying strong attention to detail and deadlines. The IS and Security Manager promotes the use of enterprise tools and development/support standards. The position also monitors change requests to ensure appropriate controls are in place and best practices are being utilized. Also core to the position is the development and management of a Security Risk Analysis Plan including identification of risks, mitigation and action plans and reconciliation trending. The IS and Security Manager will oversee the activities of the IS Security Analyst to include evaluating employee performance and providing oversight of development and training. Perform other duties as required.

Primary Responsibilities and Specific Duties:
  • Manages the configuration, support and evaluation of security tools.
  • Manages oversight of SIEM as it relates to cybersecurity metrics and deliverables.
  • Leads internal and external security audits and provides organizational recommendations to mitigate risks.
  • Responsible for the routine analysis of the vulnerability assessments completed against the IT infrastructure.
  • Responsible for proposing, establishing and enforcing baseline computer related security practices within the organization. This includes: system rights, data security such as Data Loss Prevention (DLP) strategies, access control to sensitive information and encryption of sensitive data both at rest and in motion.
  • Analyzes and provide recommendations on technological solutions based upon organizational needs and objectives.
  • Lead facilitator of the Information Security Operations Team (ISOT).
  • Leads breach response activities in collaboration with CIO or Director of Information Services.
  • Leads Business Continuity Planning (BCP/COOP) in conjunction with the Director of IS.
  • Manages project life cycle related to corporate and departmental deliverables of projected and emerging initiatives.
  • Ongoing oversight of Security Risk Analysis Plan.
  • Participates in new technical evaluation requests for future and emerging projects.
  • Reviews required security documentation provided by vendors related to vendor partnerships.
  • Responsible for Corporate communication and training as it relates to cybersecurity initiatives (phishing campaigns, phish alert, CHC News Now Updates).
  • Manage all audits involving the Information Services department, including any follow up for completed audits.
  • Initiates cybersecurity drills and audits to test internal and external controls, reviewing quarterly and following up with business owners to ensure state of readiness across the organization for any unplanned threats.
  • Responsible for the disaster recovery plan, planning process, and working with business owners to ensure items related to the plan are implemented.
  • Reviews all Information Services policies and procedures on an annual basis and in line with corporate review policies.  Works with business owners to establish new or modify existing policies and procedures.
  • Responsible for the oversight of Security Analyst position and the various security monitoring systems which include: Audit log management, AI based alerting, AV alert response, and other computer based security events.
  • Assumes management of Information Services department in the absence of the Director of information Services and Operations Manager.
  • Provides guidance to other IT staff.
  • Works well with others providing administrative support and information pertaining to department operations.
  • Completes work requests and projects as assigned by the Director of Information Services.
  • May be required to provide guidance to external vendors.
  • Develops reports and submits to Director of Information Services.
  • Designs, creates and distributes operational troubleshooting guides related to software and hardware used at CHC.
  • Performs other duties as assigned.
Qualifications:

Education:

  • Bachelor's Degree required.
  • Project Management experience preferred.
  • Management experience in the field of IS preferred.
Experience:
  • Four years direct experience within a business  environment  and information systems
  • Experience with Windows environments required
  • Experience with Linux environments preferred
  • Experience with MS office suite, Remote Administration Suites, anti-virus programs, and terminal emulation software required
  • At least 5 years working in the IT field required
Certification:
  • Certification in Security , CISSP required
Special Skills:
  • Security auditing, review and response.
  • Knowledge of HIPAA, HITECH and NIST Standards as they relate to Healthcare
  • Knowledge of pen testing methodologies.
  • Must have advanced working knowledge of network architecture, topology, and usage
  • Workstation knowledge must include hardware configuration, software installation and usage, and network security
  • Ability to read, understand and follow oral and written instructions