Satellite Healthcare Information Security Manager in San Jose, California

Requisition Number 19-0088

Post Date 1/30/2019

Title Information Security Manager

Job Category Information Services

Location Information Services

Job Status Full Time

Work Hours 40

City San Jose

State CA

Description

Satellite Healthcare is a successful, nonprofit organization that has improved the lives of people living with kidney disease since 1973. We earn our national reputation for excellent patient care each day by offering a complete

range of dialysis therapy choices, personalized clinical services, and unparalleled wellness education.

Satellite Healthcare provides expert, personalized kidney care at over 80 centers across the U.S. as well as at acute dialysis locations in California and Texas. Learn more about Satellite Healthcare at www.satellitehealth.com .

The Information Security Manager will be responsible for information security strategic and tactical initiatives and to maintain information security as a key business

function rather than just a technology function. This is a highly hands on position.

In this position, you will support the cybersecurity strategy and roadmap, and will develop and implement security policies, standards, and procedures

for overall cybersecurity hygiene as needed.

A successful individual in this position will exemplify Satellite Healthcare’s core values and will assist in the secure ongoing design and implementation of the Satellite Healthcare initiatives.

This individual will also be extensively working with all business and IT functions, as determined by the security officer. This individual will report directly to Director – IT Security (Security Officer).

Essential Functions

The essential functions listed are not a comprehensive inventory of all duties, tasks, and responsibilities. Employees may also perform other duties as assigned. All employees must work in accordance with Satellite’s I-CARE Standards.

Operations

  • Respond to security incidents and drive them to conclusion. Document the lessons learned from the security incident and prevent future recurrences.

  • Monitor the Satellite Healthcare environment and make recommendations to mitigate or reduce security incident proactively.

  • Work with Security Operations Center (SOC) to proactively identify areas of improvement.

  • If needed, be available during off hours to ensure critical/high impact security incidents are promptly addressed and ensure the impact to business is low.

  • Design and implement solutions to ensure confidentiality, integrity, and availability of Satellite Healthcare data, as applicable.

  • Identify and work with stakeholders to identify and mitigate vulnerabilities as applicable, provide hands on support as required.

  • Perform or liaise with vendors to perform red team and blue team exercises as needed.

  • Continuously review and optimize the existing security controls as needed.

  • Review and consolidate security controls as needed.

  • Perform other security operations activities as needed.

Architecture

  • Participate in project management meetings and ensure security recommendations are given and implemented without impacting project timelines.

  • Participate in other Business and IT initiatives and ensure security recommendations are considered and implemented without impacting project timelines.

  • Perform Static and Dynamic application security testing to identify and mitigate application security vulnerabilities in systems as needed.

  • Perform secure source code review to identify and mitigate vulnerabilities within source code as needed.

  • Perform architecture risk reviews as needed including but not limited to: Firewalls, and other Infrastructure devices to identify and reduce attack surface to Satellite Healthcare data.

  • Perform other secure architecture activities as needed.

Governance, Risk, and Compliance

  • Perform security risk assessments to identify security risks. Document and keep track of such security risks and mitigate them to conclusion by working with appropriate stakeholders as needed. Provide hands on support as needed.

  • Perform security audits as needed to identify non-conformities in line with Satellite Healthcare policies and related procedures.

  • Establish and manage security policies as applicable. Update the policies based on the security, compliance, regulatory, and business requirements as needed.

  • Perform security risk assessments to identify security and mitigate security risks with Satellite Healthcare’s third parties.

  • Perform other information security governance, risk, and compliance activities as needed.

Note: This role will be responsible for selecting, developing and managing direct reports, as applicable.

Requirements

Minimum Qualifications

Any combination of education and experience that would likely provide the required knowledge, skills, and abilities as well as possession of any required licenses or certifications is qualifying.

Education: B.S. in Computer Science, Information Security, Computer Science, Computer Forensics or related field, or an alternate combination of education/experience which results in equivalent job knowledge.

Experience: Minimum of 5 years of relevant cybersecurity experience.

Knowledge, Skills & Abilities:

  • Should possess business and technical skills/knowledge as would be acquired through experience as part of a diverse background in information technology and business management.

  • Strong organization skills with effectiveness in developing security objectives.

  • Must have played an extensive hands on security implementation role.

  • Experience managing and developing direct reports.

  • Demonstrated ability to manage multiple projects and priorities in an ever-changing environment

  • Information Security Certification: CISSP, CISM, CRISC etc.

  • Hands on experience in cybersecurity support in a global environment.

  • Hands on experience with Cloud based services etc.

  • Familiar with industry standard regulations such as HIPAA, NIST SP 800-50, NIST SP 8000-53.

  • Demonstrated abilities in Microsoft Office applications (Outlook, Word, Excel, PowerPoint)

  • Able to read, write, speak, understand and satisfactorily communicate with others in English in person, over the phone and via email

Satellite Healthcare, Inc. (SHC) strongly values diversity and is committed to equal opportunity and non-discrimination in all of its policies and practices, including the area of employment. Accordingly, SHC does not discriminate against any person on the basis of race, color, sex, sexual orientation or identity, religion, age, national or ethnic origin, political beliefs, marital status, medical condition, genetic information, veteran status, or disability. Women and men, members of all racial and ethnic groups, people with disabilities, and veterans are encouraged to apply. We offer a drug-free work environment.