Information Security Manager, Incident Response
Seton Medical Center Harker Heights
- Brentwood, TN
- Permanent
- Full-time
Responsibilities
- Manage / define incident response processes, procedures, and playbooks.
- Coordinates tabletop exercises / training.
- Create incident reports and maintain incident logs.
- Build / Maintain an incident response toolkit.
- Research and recommend solutions that meet security standards while ensuring functionality for business continuity.
- Mentor security engineers/analyst in their professional growth.
- Assist in development of disaster recovery and contingency plans.
- Work closely with Threat and Vulnerability team to develop purple team process, procedures and exercises.
- BS/BA degree in computer science, information technology or specialized information security technical training.
- A reputable security certification (GIAC GCIH, E|CIH, IHRP, CSIH/CIHE, CISSP, CISSP w/specialization HCISPP, etc.).
- An advanced degree is preferred.
- A minimum of 6 years of progressive Information Security experience.
- Previous team lead or management experience is required.
- Threat hunting experience is required.
- ITIL experience - managing incidents, requests, and changes.
- Experience in security architecture design is preferred.
- Knowledge of Federal and state laws regarding security and privacy of electronic information assets, within the context of the healthcare industry is highly preferred (e.g., HIPAA, Sarbanes-Oxley, etc.).
- Knowledge of Industry security frameworks (e.g., NIST).
- Taking initiatives toward personal development such as maintaining skills and obtaining professional certifications (e.g., Information Systems Security Association, Certified Information Systems Security Professional, etc.).
- Ability to balance the seriousness of protecting electronic information assets with the need to enable users to effectively and efficiently use systems to perform job responsibilities, while continuing to emphasize quality patient care.
- Strong customer service focus and ability to manage client (e.g., facility) expectations.
- Excellent oral and written communication skills with the ability to present and discuss technical information in a manner suitable for the audience.
- Working knowledge of Microsoft Active Directory.
- In-depth knowledge of various operating systems including Windows and Linux, etc.
- Ability to analyze all layers of the OSI model from the security stance.
- Prepare and present plans / designs to IT and business leaders.
- Knowledge of common and emerging attack vectors, penetration methods, countermeasures, and remediation methods.
- Familiarity with information security forensics and incident response.
- In depth knowledge of networking technologies and architecture.
- Prioritize tasks effectively to meet project deadlines and deliverables.
- Excellent problem-solving ability.
- High degree of self-motivation.
- Solving complex problems with information technology.
- Ability to handle stressful situations.
- Ability to collaborate with IT and business departments to identify, contain, eradicate, and recover.
- Excellent written and oral communication skills.
- Competent using the Microsoft Office suite of products.
- Demonstrates the core values of inquisitive, passionate, positive attitude, and team minded.
- Ability to mentor / train team members.
- Must be willing to travel occasionally.
- Must be willing to respond to security issues 24x7.