Manager, Technology - Information Security

Provide management within responsible technical area through operations and change-the-business. The specific responsible technology area may consist of multiple technology functions within a specific technology focus including at least one of the following: software engineering, platform system development, information security, enterprise architecture, infrastructure (including data center, network, and telephony) and/or PMO-Program/Project Management. Provide a platform for continuous technical improvement and transformation to better meet GTS and business needs.

Provide direction to the team on a daily basis

Address and navigate technical issues, anticipating and preventing  impending issues 

Problem solve beyond the scope of an individual team member to optimal outcome

Consistently meet commitments within expected timeframe with minimal direction 

Partner with deliverable stakeholders  inform others of technical impediments, updates, and progress in relationship to timelines or SLAs

Provide detailed technology functional planning supporting the overlaying strategies of GTS and business direction for technical infrastructure, architecture, application systems, and/or related business processes within technical functional area, and ensure proper functioning, and cohesive implementation

Drive and adopt incremental and step function change within technical groups and adjacencies
 

Engage in planning to meet operational, daily, and quarterly goals; plan and execute department-level technical projects

Determine and  develop best technical practices sometimes in relation to business procedures

Identify and mitigate operational and strategic risk

Engage Team and Peers in technical opportunity identification

Remain current on new technology and methods to ensure state-of-the-art and cost-effective solutions to business processes

Coordinate training to ensure all departmental staff have appropriate skill sets and receive appropriate information/instruction

Ensure effective communications are maintained across technical functional areas and externally as necessary; where appropriate involve senior level management, and employees in plans, and keep up to date on progress towards meeting goals

Monitor expenses to ensure technical area’s costs are with established levels

Job Specifications

Typically has the following skills or abilities:

Bachelor’s degree in related field or equivalent experience

Minimum of 3 years of management experience with responsibilities for hiring, training, assigning work, and managing performance of direct reports

Comprehensive knowledge of primary technology area, preferably within healthcare environment

Ability to regularly exercise discretion and independent judgment in the performance of job duties

Lead the development and implementation of comprehensive information security risk management strategies in accordance with the roadmap and vision of the Digital Trust and Assurance Director to ensure the protection of VSP Vision's information systems and data.

Lead, coach, and manage a team of senior information security risk assessors to deliver high quality risk assessments and implement and manage the risk management program in line with DT&A Director's guidance and direction.

Conduct technical project, supplier, and solution risk assessments, including artificial intelligence assessments, in accordance with industry standards and authoritative sources such as NIST 800-37 (RMF) and the NIST CSF, as well as VSP Vision's authoritative baselines such as HIPAA, HITRUST, and ISO 27001:2022.

Facilitate, monitor, and report to senior leadership on risk treatment and mitigation activities (issue management) across the enterprise, providing regular updates to key stakeholders and recommending adjustments based on assessments aligned with VSP's authoritative frameworks and internal Risk Management Program requirements

Stay updated on evolving information security threats, regulatory changes, and updates to risk management standards, ensuring that VSP's Information Protection Program remains current and effective

Oversee the preparation, maintenance, and development of Risk Management Program documentation related to established risk methodology, risk assessments, risk treatment activities, and compliance activities ensuring alignment with industry and VSP authoritative baselines

Represent the DT&A Risk Management Program and associated controls and processes with external accreditation auditors, client audits, regulatory bodies, and in RFP response activities to demonstrate VSP's commitment to recognized standards and continuous improvement in information security best practices

Preferred Skills:

Experience working within a global IT infrastructure preferably in healthcare

 

Knowledge in Information Security;  Governance, Risk, and Compliance (GRC); and Privacy

 

Experience with internal controls, performing assessments, IT control function, audit, testing

 

Demonstrated experience in conducting risk assessments, developing security compliance insurance programs, evaluating and writing policies

 

Knowledge of relevant state, federal, and international security and privacy regulation

#LI-VISIONCARE

Compensation range for the role is listed below. Applicable salary ranges may differ across markets. Actual pay will be determined based on experience and other job-related factors permitted by law. As a part of the compensation package, this role may include eligible bonuses and commissions. For more information regarding VSP Vision benefits, please click here. 

Salary Ranges: $81,900.00 - $149,625.00

VSP Vision is an equal opportunity employer and gives consideration for employment to qualified applicants without regard to age, gender, race, color, religion, sex, national origin, gender identity, sexual orientation, disability or protected veteran status.  We maintain a drug-free workplace and perform pre-employment substance abuse testing.

Notice to Candidates: Fraud Alert - Fake Job Opportunity Solicitations Used to Collect Fees/Personal Information. 

We have been made aware that fake job opportunities are being offered by individuals posing as VSP Vision and affiliate recruiters. Click here to learn about our application process and what to watch for regarding false job opportunities. 

As a regular part of doing business, VSP Vision (“VSP”) collects many different types of personal information, including protected health information, about our audiences, including members, doctors, clients, brokers, business partners, and employees.  VSP Vision employees will have access to this sensitive personal information and are subject to follow Information Security and Privacy Policies.