Manager InfoSec Operations and Threat Management at Cottage Health in Goleta, California

Job Description:

Supervises the Threat Management and Security Operations. Manages these technical teams with a strong, technical understanding of the Threat Management and Security Operations areas to ensure secure, efficient operations.

MAJOR ACCOUNTABILITIES

Threat Management

Manage the enterprise-wide threat management program including Cottage's internal and external scanning, management of the penetration testing, strategies around additional scanning such as medical device scanning, application scanning etc. Additionally, ensure vulnerability management reporting is addressed in a prioritized risk based approach.

Coordinate and manage security incident response procedures including annual tabletop exercises, updating the incident response plan etc. Primary point of contact for any security incidents to be managed and coordinated with other Cottage departments.

Develop, implement and report on key Security Threat Management metrics to ensure leadership is aware of the posture of security.

Compliance & Regulatory Knowledge

Strong knowledge and understanding HIPAA Security requirements, Meaningful Use regulations, Payment Card Industry (PCI) requirements, and other compliance requirements for healthcare IT systems.

Security Operations

Develop and maintain the Security Operations function to support appropriate level of security monitoring and governance around security controls.

Manage the 3rd party security partners that support the level one and level two support functions for security capabilities.

Key point of contact with Applications and IT Infrastructure to support security controls .Develop governance functions for security areas that fall within Applications and IT Infrastructure so the security posture is known and can be reported on with meaningful security metrics.

Develop, implement and report on key Security Operational metrics to ensure leadership is aware of the posture of security.

REQUIREMENTS

This position requires a Bachelor Degree in Computer Science or related field or equivalent years of applicable experience (8yrs), One of the following: Certified Information Security Auditor (CISA), Certified Information Security Manager, Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC).Working knowledge or HIPAA, Meaningful Use and PCI and 5 years of IT Audit, Risk Management or Security experience and 2 years of IT Management.