Reporting to the Chief Security Officer, the SMS plays a vital role in the organization, and requires a security professional who is experienced in many facets of cyber and physical security, program management, risk management, and has a solid security business acumen. The successful candidate must have an acute, big-picture-oriented mindset that has the ability to make higher-level decisions while having the foresight to manage a strong team of security experts who are trusted to handle hands-on activities within security. He/she must possess strong interpersonal and communication skills as a key part of this position, and will be working closely with business and functional leaders as well as external partners and clients to coordinate various security initiatives.
Essential Duties and Responsibilities:
- Manages the SOC with oversight of vulnerability management, network and cloud security practices, physical security, and Security Information and Event Management (SIEM).
- Leads the SOC during security events and incidents; assists with analysis, root cause identification, and risk mitigation outcomes.
- Analyze and assess results of internal or external vulnerability and penetration testing, and prepare security plans to address risk together with the Chief Security Officer.
- Provides monthly SOC metrics for MedeAnalytics Compliance Committee, including but not limited to vulnerability & threat management capabilities, endpoint protection, and employee education statistics.
- Contributes to the selection and implementation of new security technologies and creating security training program content.
- Interviews potential security team personnel.
- Perform high-level technical implementation activities for security technologies.
- Together with the GRC Analyst and CSO, assists with performing internal and external security risk assessments, third party risk assessment, creating and improving security policies, procedures, & processes, and various Legal & Sales support activities (RFPs, contract reviews)
- Collaborates effectively with Technology Operations and Development to test and improve business continuity, disaster recovery, and incident response plans.
- Sustains job knowledge by tracking and understanding emerging security practices and standards, participating in educational opportunities, reading professional publications, maintaining personal networks, participating in professional organizations.
- Serves as an extension to the CSO and point of escalation during security events or incidents.
- Performs other miscellaneous duties as assigned.
Essential Education, Experience and Interests:
The successful candidate MUST meet the following requirements. The individual must be able to perform each essential job duty satisfactorily. The requirements listed below are representative of the knowledge, skill and/or ability required:
- Minimum 7 years of relevant experience in Security or Information Technology-related field.
- 3+ years of management experience including leading and influencing teams in a matrix management environment.
- 5+ years of program management experience leading large, mission critical programs that involve significant business and technology change for risk reduction.
- B.S. in Computer Science, Security, Information Technology, or related degree, or significant work experience. Advanced degree desired.
- Team player with strong interpersonal and communication skills to work effectively with cross-functional units.
- CISSP or CISM certification required; relevant professional certifications desired (e.g., ITILv3, PMP).
- Experience administering/managing data analysis processes and tools is preferred (e.g., SIEM, vulnerability scanners, DLP solutions, etc.)
- Strategic thinker who can translate vision to tangible execution and results.
- Strong leader who can effectively communicate, influence and build capability in others.
- Requires availability to work in a 24/7 environment in excess of 8 hours per day.
- Periodic travel, both domestically and internationally, may be required of this position – average expectation is 15% travel annually.