Manager, IT Security (CISM/CISSP & PHI)

About Sellers Dorsey

Sellers Dorsey is a leading and fast-growing national healthcare consulting firm specializing in Medicaid financing, policy, and operations. We deliver impactful outcomes for our clients with a combination of technical expertise and deep understanding of public policy, government, and national and local political landscape. Together with its clients, Sellers Dorsey realizes opportunities that enhance the bottom-line and ultimately improve the lives of people and is committed to expanding access to healthcare in the US. 

About the Role

Sellers Dorsey is seeking a Manager, IT Security who will oversee the organization’s IT Security function and assist the VP of IT with planning and executing the ongoing maturation of Sellers Dorsey’s IT Security Program. This key management role will be responsible for evolving the IT Security Risk Management strategy and ensuring alignment of functional roadmaps with the organization’s strategic goals and business objectives. The Manager, IT Security will provide hands-on with regards to work deliverables as well as identify and assess risks and help drive informed risk mitigation decisions across corporate departments.

Key Responsibilities

• Evolve the IT Security Risk Management strategy and define and ensure the execution of program roadmaps and organizational IT risk management priorities.
• Contribute thought leadership through cross-functional collaboration with other IT and business functional teams to ensure alignment of the IT Security Program’s objectives with the overall IT strategy and business goals.
• Communicate and evangelize IT security program goals and initiatives with other IT and business department management teams.
• Implement and maintain an industry standard controls framework to identify and assess risks associated with technology-related initiatives.
• Evaluate the effectiveness of data security safeguards and implement risk mitigation solutions to protect Sellers Dorsey’s sensitive data and business information.
• Analyze and solution complex data protection and IT security challenges while striking a balance between business enablement and risk management.
• Drive the continued maturity of the organization’s third-party security due diligence program to ensure risks inherited through third-party relationships are identified and managed.
• Act as the primary point of contact for reporting security incidents and suspicious activities.
• Implement and maintain a consistent approach to triage and remediate security incidents reported Sellers Dorsey users, and third-party managed services providers and threat monitoring services.
• Partner with Legal Counsel to maintain and manage the life-cycle of security incident response plans, processes and procedures.
• Organize and conduct security incident response simulation exercises.
• Ensure capabilities are in place to identify, generate alerts, and respond appropriately to evolving IT threats and vulnerabilities in applications, systems, networks, and business processes.
• Implement a consistent approach to ensure security considerations are factored into IT operations, network and systems architectures, and baseline configurations.
• Stay abreast of cyber security and data privacy trends and evolving technologies by attending seminars, job-related conferences, and peer collaboration and networking events.
• Actively engage in self-learning and skill development activities that help reinforce existing competencies and develop new skills to enhance job performance.
• Partner with Legal Counsel to ensure data protection controls and best practices are factored into data privacy policies, guidelines, and standards.
• Help develop and implement processes and protocols to receive and respond to consumer’s requests to remove personal data or opt-out of future marketing communications.
• Lead the Security Awareness Program and assist with delivering security awareness training to promote an informed workforce.
• Act as a trusted advisor to inform Sellers Dorsey employees on safe information handling and data protection best practices.
• Organize and participate in employee engagement events to help reinforce safe information handling and data protection practices.

Key Qualifications

• 7+ years proven experience across multiple IT security disciplines.
• Bachelor’s Degree in an IT-related area of study.
• Experience with Protected Health data.
• Experience with implementing HiTrust and SOC 2 Type II.
• CISSP professional certification (CISM preferred).
• Demonstrated work history of successfully leading small to medium sized teams of multi-disciplined IT security professionals.
• Advanced technical expertise assessing risks and applying security principles to secure public, private, and hybrid cloud IT environments.
• In-depth knowledge of industry standard risk management approaches and methodologies.
• Strong interpersonal communications skills to collaborate effectively with cross-functional IT and business teams.
• Excellent team and consensus builder.
• Demonstrated technical expertise implementing, configuring and maintaining security controls in Microsoft 365.
• Technical expertise configuring and securing industry standard Identity and Access Management solutions, such as Microsoft Entra ID.
• Strong knowledge of consumer data privacy rights and associated data protection obligations.

Compensation & Benefits 

The anticipated salary range for candidates is $127,600/year in our lowest geographic market range to up to $165,000/year in our highest geographic market range. The final pay offered to a successful candidate will be dependent on several factors that may include but are not limited to the type and years of experience within the job, the type of years and experience within the industry, the candidate’s education, and the candidate’s market location. Typically, candidates are not hired near the top of the range and compensation decisions are made based upon Sellers Dorsey’s Total Compensation Policies & Guidelines. The successful candidate will also be eligible to participate in our annual Corporate Incentive Plan (CIP) that can range to up to X% of annual salary. 

Provided they meet all eligibility requirements under the applicable plan documents, the successful candidate (and their eligible dependents) will be eligible to enroll in group healthcare plans that offer medical, dental, and vision and for insurance plans offering short term disability, long term disability, and basic life. Employees are also able to enroll in Sellers Dorsey’s 401k plan provided they meet plan requirements.  Sellers Dorsey offers a Flexible Time Off that allows employees to use what they need. Additionally, we offer 10 paid holidays throughout the calendar year, paid time off for qualifying medical leave, and up to 12 weeks of combined paid parental and bonding leave. The foregoing benefits and paid time off, including an employee’s eligibility therefore, will be controlled by applicable plan documents and Sellers Dorsey policy. 

This is intended to provide a general description of benefits and other compensation and is not a substitute for applicable plan documents or company policies. 

Sellers Dorsey is an Equal Employment/Affirmative Action employer. We do not discriminate in hiring on the basis of sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected Veteran status, or any other characteristic protected by federal, state, or local law.

If you need a reasonable accommodation for any part of the employment process, please contact us by email at reasonableaccommodations@sellersdorsey.com and let us know the nature of your request and your contact information. Requests for accommodation will be considered on a case-by-case basis. Please note that only inquiries concerning a request for reasonable accommodation will be responded to from this e-mail address. For more information, view the EEO is the Law Poster and Pay Transparency Statement.

This position requires that you be fully vaccinated against Covid-19. Requests for reasonable accommodation on the basis of disability and/or sincerely held religious beliefs will be provided subject to undue hardship.

Sellers Dorsey maintains a Drug-Free workplace.