Mgr Information Security

Summary:
The Manager Information Security reports to the VP Chief Information Security Officer. Under general supervision manages and provides support to all Lifespan information security services to assure a high value efficient comprehensive security program which meets Lifespan needs.

 

Responsibilities:
Interviews hires and assigns subordinate staff; provides guidance and counsel to subordinate staff; conducts periodic performance evaluation; recommends personnel actions; acts as a resource for staff; conducts periodic individual and/or group staff meetings; prepares and submits payroll; provides and maintains subordinate staff development plans; develops standards for subordinate staff performance. Assists in determining the needs structure staffing and systems required to deliver world class information security capabilities to all Lifespan affiliates.



Directs the efforts of others in the achievement of strategic and operational objectives of the group.



Advises and makes recommendations on strategic direction. Identifies opportunities for automation standardization cost savings and business improvement. Identifies gaps develop strategy and create operational plans in support of Lifespan�s security mission.



Manages functional metric reporting requirement developing metrics and measuring program success. Manages resolution of problems with reporting and has responsibility for overseeing maintenance of reporting systems.



Manages GRC (Governance Risk Compliance) activities surrounding policies exceptions risk register and compliance requirements such as HIPAA PCI and JC.



Develops maintains and publishes up-to-date security policies standards and guidelines which align with industry best practices using control standards and regulatory frameworks.



Integrates aligns and acts as liaison with the business to ensure there is alignment to Lifespan�s Information Security Program.



Manages vendor relations to ensure Lifespan receives value and performance of resources in accordance with contractual agreements.



Develops roadmaps for all enterprise security technologies.



Ensures proper documentation is in place for all security standards procedures and hardening for a wide range of products including network devices virtual machines mobile devices Operating Systems and application development



Ensures Lifespan is prepared for external audits.



Works with third parties to evaluate their Information Security practices.



Develops assists and reviews with preparation and monitoring of IS Security budgets.



Maintains up-to-date technical knowledge by attending seminars vendor presentations and reading professional literature.



Participates in councils quality improvement teams and other such committees as required.



Develops implements and monitors a strategic comprehensive enterprise information security and IT risk management program to ensure the integrity confidentiality and availability of information owned controlled or possessed by the organization.



Oversees training and dissemination of security policies and practices



Participates in all departmental goals and strategy development. Provides assistance in negotiation and management of contracts with outside vendors. Participates in Demonstrations/Presentations and Benchmarks.



Ensures security programs are in compliance with relevant laws regulations and policies to eliminate or minimize risk and audit findings.



Serves as a liaison between the information security team and corporate compliance audit finance legal marketing operations and HR management teams as required.



Performs other related duties as required.

 

Other information:
EXPERIENCE:



Bachelor�s degree in Management or information systems required; M.B.A. or M.S. preferred.



Certifications Required (3 or more - CISSP CISM CRISC GIAC Security+).



A minimum of ten years of IS experience with five years in an information security role.



Five years progressively responsible related work experience including at least two years of related supervisory/management experience in a similar environment.



Comprehensive understanding of risk assessment protocols to develop appropriate assessment models to evaluate program effectiveness and quantify information security and cybersecurity risks across the organization.



Expert knowledge of third-party vendor security risk management and cyber supply chain management.



Expert knowledge of regulatory requirements risk and industry standards associated with emerging technology authentication capabilities network design/security cloud computing environment the �dark web� and internet of things (IoT). Knowledge of leading Information Security industry frameworks (ie: NIST ISO SANS) and Information Security and Data governance models.



Knowledge of network infrastructure including routers switches firewalls and the associated network protocols and concepts.



Ability to manage multiple high visibility deliverables simultaneously.



Excellent customer service and interpersonal skills required.



Must have excellent written and verbal (face-to-face and phone) communication skills including professional grammar and demeanor.



Expert presentation and reporting to executive audiences.



Expert level Microsoft Excel usage.



Experienced with vendor management selection and contracts.



Flexible work hours (May require management support after normal hours).



SUPERVISORY RESPONSIBILITIES:



Supervisory responsibility for up to 15 FTEs.

 

Lifespan is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race color religion sex national origin age ethnicity sexual orientation ancestry genetics gender identity or expression disability protected veteran or marital status.   Lifespan is a VEVRAA Federal Contractor.

 

Location: Corporate Headquarters USA:RI:Providence

 

Work Type: Full Time

 

Shift: Shift 1

 

Union: Non-Union