Manager of Information Security

Description

Who we are: 

Spire Orthopedic Partners is a growing national partnership of orthopedic practices that provides the support, capital and operational resources physicians need to grow thriving practices for the future. As a Management Services Organization (MSO), Spire provides the infrastructure for administrative operations that allows practices to operate at their highest level, so doctors can focus their efforts on what matters most – patient care. Rooted in the 100-plus-year legacy of its founding partners, the network spans the Northeast with 128 physicians, over 1100 employees, and 28 locations from Connecticut, New York, and Massachusetts

What you’ll do: 

We are seeking a self-motivated Information Security and Cybersecurity Engineer/Manager to join our healthcare management services organization. The ideal candidate will be a versatile IT and security generalist with strong, hands-on technical skills in information security and information technology. This role is critical in safeguarding our organization’s information systems against cyber threats and ensuring compliance with healthcare regulations.

Responsibilities/Duties:

• Lead ongoing internal processes to ensure compliance with relevant regulatory requirements and mandates such as:
  • HIPAA (Health Insurance Portability and Accountability Act)
  • SOX (Sarbanes-Oxley Act)
  • PCI (Payment Card Industry)
• Lead security due diligence processes of external entities to evaluate the risk associated with those entities including:
  • key vendors
  • potential acquisitions
• Lead ongoing development and implementation of the security awareness training program which includes:
  • LMS (Learning Management Solution) security courses and modules
  • periodic security training sessions and presentations
  • security training content in the form of newsletters, bulletins, videos, etc.
• Provide guidance for the development and maintenance of corporate information security policies, standards, and procedures
• Perform risk assessment and risk management processes which includes documenting information asset profiles, evaluating threats, identifying mitigating controls, and determining overall risk to information assets.
• Serve as the information security risk and compliance subject matter expert on initiatives, projects, and other efforts
• Work with other departments to address any needs related to governance, risk, or compliance
• Conduct ongoing research on current industry best practices and regulatory requirements that are relevant to Spire.
• Periodically collaborate with end-users and vendors to assess, recommend, design, and implement security solutions and technologies.
• Evaluates and recommends new and emerging technologies as they relate to business and operational priorities.
• Builds and maintains security monitoring tools and services, ensuring they are effective and relevant to reflect the needs of our organization.
• Collaborates with other IT and business stakeholders in efforts to control, remediate and recover in the event of a security incident or breach.
• Assists in identifying, evaluating, and documenting technology and security products and solutions and provides recommendations.
• Builds and maintains relationships with user community and vendors to understand business needs and requirements related to the design / integration of new security technologies.
• Collaborates with IT management and staff, clinical business leaders, and other departments on security-related items and any other duties as assigned by the enterprise.
• Supports IT department staff in the analysis, solution, and documentation of system and network security issues and problems.
• Works with IT and Security management to help develop, communicate, implement, and maintain information security policies, standards, and procedures.
• Develop, implement, and manage security measures and controls, with a focus on Microsoft technologies and services.
• Maintain and update the infrastructure security architecture to address evolving threats.
• Perform security and vulnerability assessments, identify vulnerabilities across various technologies, and develop comprehensive mitigation strategies.
• Lead efforts in detecting and analyzing security-related events and escalates as needed.
• Ensure adherence regulatory mandates and healthcare industry standards (e.g., HIPAA/HITECH, HITRUST, etc.).
• Assist in developing and implementing information security training tools for employees, emphasizing self-sufficiency and security best practices.
• Work independently and collaboratively with IT and other departments, demonstrating strong self-starting capabilities and communication skills.
• Stay abreast of the latest cybersecurity and technology solutions, security trends, and best practices, adapting and applying these to our security infrastructure.

Qualifications

Who you are:

• Bachelor’s degree in information technology, cybersecurity, or a related field is preferred.
• Experience required: 7 years working as an information security and technology professional with experience in the following areas: security architecture; identity and access management; threat and vulnerability management; data protection; security incident response.
• Proven ability to work independently and as a self-starter.
• Professional certification in Information Security (e.g. CISSP) and/or Microsoft technologies (e.g., Microsoft Certified: Security, Compliance, Identity, etc.) are a plus.
• Experience with Microsoft technologies and services is a plus.
• Expertise with physical and cloud security infrastructure, services, and protocols.
• Excellent analytical, problem-solving, and decision-making skills.
• Strong communication and interpersonal abilities.
• Solid ability to plan and prioritize projects and tasks.
• Advanced knowledge of general information security standards such as NIST CSF, ISO 27000, NIST SP 800 series a plus.
• Understanding and experience with security and privacy-related regulatory and industry frameworks such as HIPAA, PCI, and SOX.

What we offer: 

• Excellent growth and advancement opportunities 
• Dynamic environment 
• Access to a diverse network of practitioners 
• Broad infrastructure of tools and programs to enhance the employee experience    
• Competitive Compensation 
• Generous PTO  
• Benefits package: health, dental, vision, 401(k), etc. 

We are an equal-opportunity employer. Qualified Applicants are considered for positions and are evaluated without regard to actual or perceived race, color, creed, religion, national origin, ancestry, citizenship status, age, sex, or gender (including pregnancy, childbirth, and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, or any other characteristic protected by applicable federal, state, or local laws and ordinances (referred to as “protected characteristics”).  
 

Salary : $124,500 - $174,300