Manager - Cybersecurity Vulnerability Management

One of the nation’s largest and most respected providers of hospital and healthcare services, Universal Health Services, Inc. (UHS) has built an impressive record of achievement and performance. During the year, UHS was again recognized as one of the World’s Most Admired Companies by Fortune; and listed in Forbes ranking of America’s Largest Public Companies. Operating acute care hospitals, behavioral health facilities, outpatient facilities and ambulatory care access points, an insurance offering, a physician network and various related services located all over the U.S. States, Washington, D.C., Puerto Rico and the United Kingdom. www.uhs.com

The Corporate Information Services Department is seeking a dynamic and talented Manager – IS Cybersecurity Vulnerability Management.

The Manager – IS Cybersecurity Vulnerability Management will play an integral role in overseeing and managing UHS vulnerability management, application security, and external attack surface programs, as well as providing thought leadership on securing the company against current and emerging threats. This role ensures that the vulnerability management program is designed to reduce the organization's risk exposure by implementing effective remediation strategies and collaborating closely with IT, Security, and Application teams. Participates in the oversight of the establishment, implementation and adherence to policies and standards that guide and support the terms of the information security strategy.

Key Responsibilities include:

• Provide leadership and mentoring to the team, fostering a culture of excellence, innovation, and collaboration while also being able to direct triage and response to critical vulnerabilities and oversee the strategic direction of the program.
• Provides management of the implementation and ongoing support of corporate owned information security applications and security controls.
• Manages and/or perform on-going vulnerability assessments, penetration tests, and application and network security scans.
• Drives remediation of vulnerabilities, while collaborating with and assisting system owners with prioritization and providing guidance on adequate remediation/risk reduction actions
• Communicates vulnerability results in a manner understood by technical and non-technical business units. based on risk tolerance and threat to the business, and gain support through influential messaging.
• Exercises responsibility for supervision, performance evaluations and direction of team. Coordinates work assignments given in order to meet deadlines and ensure continued progress toward assignment completion.
• Works closely with CISO leadership on strategic direction and continuous improvement of the function, including capability and maturity assessments and long-range planning, as well as evaluation of current and future-state toolsets and partnerships.
• Identifies current and emerging threats to our systems and environment to prevent incidents where possible and actively manage them as necessary.
• Maintains operational and technical documentation related to the operational lifecycle of supported solutions is required, as is identifying improvements to ensure the inclusion of appropriate quality of delivery and compliance with security policy and regulations.
• Works closely with CISO and other senior level personnel to further enhance and develop their leadership skills.
• Reports metrics and scorecards to measure effectiveness and efficiency of vulnerability management program.
• Continually evaluates the security posture of UHS environments against internal policy, regulatory requirements and industry best practices.

Position Requirements:

• Bachelor’s degree in Information Systems Security and Risk Management, Computer Science, or related field required.
• 5 years of information security experience that includes knowledge of general security concepts such as defense in-depth and risk-based security management. Healthcare industry experience, preferred.
• 3 years’ experience with vulnerability assessment and reporting, including comprehensive understanding of vulnerability management methodologies and procedures, web application assessment, threat assessment, and remediation management.
• Proven experience leading vulnerability management teams, with deep knowledge of security concepts and strategies and a track record of successful implementation.
• Hands-on experience with vulnerability management tools, with a strong technical understanding of assessing and identifying vulnerabilities across various operating systems, databases, and application servers.
• Ability to conduct penetration testing, application and network scanning, source code analysis, and familiarity with exploit development, and common attack vectors.
• Understanding of network protocols, firewalls, intrusion detection systems (IDS), and other network security technologies.
• Knowledge of regulatory requirements such as Health Insurance Portability and Accountability Act (HIPPA), Payment Card Industry Data Security Standards (PCI DSS).
• Currently holds one or more specialized Security Certifications, required
• Ability to prioritize and balance multiple and sometimes competing projects, priorities, or objectives.
• Strong process and technology analysis skills.
• Ability to collaborate with individuals at all organizational levels, skills, and experiences to build relationships and achieve organizational goals.
• Able to communicate clearly and respectfully with Executives, and all other personnel.
• Learns quickly, takes constructive feedback on performance, stays focused on the job with attention to detail and produces desired outcomes.

Travel Requirements: Up to 10% domestic US travel (depending on projects).

This opportunity provides the following:

• Challenging and rewarding work environment
• Growth and development opportunities within UHS and its subsidiaries
• Competitive Compensation
• Excellent Medical, Dental, Vision and Prescription Drug Plan
• 401k plan with company match
• Generous Paid Time Off

*UHS is a registered trademark of UHS of Delaware, Inc., the management company for Universal Health Services, Inc. and a wholly-owned subsidiary of Universal Health Services, Inc. Universal Health Services, Inc. is a holding company and operates through its subsidiaries including its management company, UHS of Delaware, Inc. All healthcare and management operations are conducted by subsidiaries of Universal Health Services, Inc. To the extent any reference to "UHS or UHS facilities" on this website including any statements, articles or other publications contained herein relates to our healthcare or management operations it is referring to Universal Health Services' subsidiaries including UHS of Delaware. Further, the terms "we," "us," "our" or "the company" in such context similarly refer to the operations of Universal Health Services' subsidiaries including UHS of Delaware. Any employment referenced in this website is not with Universal Health Services, Inc. but solely with one of its subsidiaries including but not limited to UHS of Delaware, Inc.

UHS is not accepting unsolicited assistance from search firms for this employment opportunity. Please, no phone calls or emails. All resumes submitted by search firms to any employee at UHS via-email, the Internet or in any form and/or method without a valid written search agreement in place for this position will be deemed the sole property of UHS. No fee will be paid in the event the candidate is hired by UHS as a result of the referral or through other means.

EEO Statement
All UHS subsidiaries are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates. UHS subsidiaries are equal opportunity employers and as such, openly support and fully commit to recruitment, selection, placement, promotion and compensation of individuals without regard to race, color, religion, age, sex (including pregnancy, gender identity, and sexual orientation), genetic information, national origin, disability status, protected veteran status or any other characteristic protected by federal, state or local laws.
We believe that diversity and inclusion among our teammates is critical to our success.
Notice
At UHS and all our subsidiaries, our Human Resources departments and recruiters are here to help prospective candidates by matching skillset and experience with the best possible career path at UHS and our subsidiaries. We take pride in creating a highly efficient and best in class candidate experience. During the recruitment process, no recruiter or employee will request financial or personal information (Social Security Number, credit card or bank information, etc.) from you via email. The recruiters will not email you from a public webmail client like Hotmail, Gmail, Yahoo Mail, etc. If you are suspicious of a job posting or job-related email mentioning UHS or its subsidiaries, let us know by contacting us at: https://uhs.alertline.com or 1-800-852-3449.