Manager, Security Operations

Overview

The Manager, Security Operations, is responsible for implementing and managing the enterprise cybersecurity program, ensuring the protection of the organization’s information assets while enabling business objectives. This role involves identifying, evaluating, and reporting on legal, regulatory, IT, and cybersecurity risks, providing actionable insights to stakeholders at all levels.

This position proactively collaborates with business partners to implement cybersecurity practices aligned with established policies and standards, fostering a culture of security awareness and compliance. The Manager, Security Operations, leads the development and execution of operational strategies to address emerging threats, ensure incident readiness, and maintain a robust cybersecurity posture.  Embodies Memorial Health Performance Excellence Standards of Safety, Quality, Integrity and Stewardship that support our mission, vision and values.

Qualifications

Education:

• Bachelor's Degree in Computer Science, Management Information Systems, or equivalent combination of education and 5 years of experience to successfully perform the Principle Duties & Responsibilities of the job.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework

Licensure/Certification/Registry:

• Desired: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials

Experience:

• Experience in qualities/skill set evident on resume
• Experience with the following systems preferred:
• Experience with risk assessment, incident response, and security audits.
• Familiar with DevOps security concepts and best practices, and be able to integrate security into the DevOps pipeline
• Familiar with cloud security concepts and best practices, as well as the security features and capabilities of major cloud platforms such as AWS, Azure, and GCP.
• Familiar with security automation tools and techniques, and be able to use them to automate security tasks and improve the efficiency of the SOC.
• Experienced decision-maker with a proven track record of weighing relative costs and benefits of potential actions and identifying the most appropriate option.
• Experience managing enterprise security solutions, such as firewalls, intrusion detection systems, intrusion prevention systems, security information and event management (SIEM) systems, security orchestration, automation, and response (SOAR) platforms, and other security tools and technologies.

Other Knowledge/Skills/Abilities:

• Accountability: Ability to hold people accountable to standards of performance or ensure compliance using the power of one’s position or force of personality appropriately and effectively, with the long-term good of the organization in mind.
• Analytical Thinking: Developing a deeper understanding of a situation, issue or problem by breaking it down or tracing its implications step-by-step. It includes organizing the parts of a situation, issue or problem systematically; making systematic comparisons of different feature or aspects; setting priorities on a rational basis; and identifying time sequences, casual relationships, or if-then relationships.
• Change Leadership: Ability to energize stakeholders and sustain their commitment to changes in approaches, processes, and strategies.
• Collaboration: Ability to work cooperatively and inclusively with other individuals and/or teams not formally lead; working together as opposed to working separately or competitively.
• Communication: Ability to use written and spoken communication in formal and informal situations to convey meaning, build shared understanding, and productively move agendas forward.
• Initiative: Ability to identify a problem, obstacle or opportunity and then take action in light of identification to address current or future problems or opportunities. Initiative emphasizes proactively doing things and no simply thinking about future actions.
• Project Management: Ability to plan, execute and oversee a multi-year project involving significant resources, scope and impact.
• Strategic Orientation: Ability to consider the business, demographic, ethno-cultural, and regulatory implications of decisions and develop strategies that continually improve the long-term success and viability of the organization.
• Team Leadership: Ability to lead groups of people toward shared visions and goals, from forming a team that possesses balanced capabilities, to setting its mission, values and norms, and holding colleagues accountable individually and as a group for results.

Responsibilities

• SAFETY: Prevent Harm - I will put safety first in everything I do.  I will speak up, without fear, on matters of patient and colleague safety.  I will take action to create an environment of zero harm.

• QUALITY: Improve Outcomes -  I will continually advance my knowledge and skills.  I will seek out continuous improvement opportunities.  I will deliver evidence-based care that leads to excellence in outcomes.

• INTEGRITY: Show respect and Compassion  - I will respect others and show compassion.  I will behave honesty and ethically.  I will be accountable for my attitude, actions and health.
• STEWARDSHIP: Reduce Waste - I will use resources wisely and maintain financial stability.  I will work together to coordinate care and services across the health system.  I will promote healthier communities

The intent of this job description is to provide a representative summary of the major duties and responsibilities performed by incumbents of this job.  Incumbents may be requested to perform tasks other than those specifically presented in this description.