IT Security Operations Manager
Crossix, a rapidly growing, company delivering healthcare marketing analytics solutions to leading pharmaceutical companies and their agencies, is seeking a talented, experienced IT Security Operations Manager. Reporting to the Information Technology Director, this person is principally responsible for ensuring and maintaining HITRUST compliance of our information security program across the entire infrastructure. This includes firewall, data transmission, advanced malware prevention, data loss prevention, intrusion detection/prevention systems, cloud services, VPN, etc.
Additionally, the role will actively participate in infrastructure deployment projects based on approved engineering designs or migrations of existing services to newer technologies. Across the information security program, this role will contribute to security solutions that will deliver high levels of performance security, scalability, automation, maintainability, appropriate reusability, and reliability throughout its lifecycle. When necessary, this position will participate in the Incident Response process relating to cybersecurity events or investigations. This role is accountable to maintain operational documentation to facilitate a smooth running secure environment and will work with leadership to develop strategies and plans to enhance security, identify, and close risks/gaps, and to enforce the company’s information security policies.
What You’ll Do
- Reviews, develops, implements, and maintains controls compliant to HITRUST; develops and reviews existing information security policy and business unit controls for regulatory updates and performs the necessary gap analysis; creates and maintains various internal/external audit and compliance schedules for the Information Security program.
- Develops, reviews, documents, evaluates, and tests manual and automated computer controls throughout the IT environment; develops and implements testing methodologies for IT infrastructure, security, and availability; designs and executes compliance tests for IT systems and coordinates required remediation.
- Conducts risk assessments on business and operational processes, procedures, and policies within the business unit; interprets audit results and makes conclusions on the adequacy and reliability of IT controls; prepares and presents reports on improvements to systems as necessary.
- Prioritizes and controls projects based on severity of risk and non-compliance; communicates control strengths/weaknesses related to compliance and collaborates to develop migration plans; provides assurance while developing a deep understanding of company policies and procedures.
- Applies HITRUST framework to all documentation and remediation efforts; provides guidance to leadership in reengineering of processes and procedures in need of remediation; conducts gap analysis via testing and recommends specific actions to fix gaps.
- Designs and enhances for internal controls such as segregation of duties, production change management, information security, incident handling, and transmission integrity; assists with security assessments to facilitate auditing process.
- Establish annual and long-range security goals; define security strategies, metrics, and reporting mechanisms; and create a road map for continual security program improvements.
- Designs audit/compliance programs to ensure ongoing evaluation and validation of control effectiveness; regularly monitors, logs and manages the Information Security Program; performs other duties as assigned
What You’ve Done
- 3-4 years of experience in an Information Technology position
- Experience with ISO, COBIT, NIST and/or HITRUST compliancy standards
- Experience auditing the following: Windows, Active Directory, UNIX, Oracle, SQL, LANs, WANs, WiFi, Internet/Firewalls,IPS/IDS, VPN, Endpoints, Network Security Infrastructure.
- Certifications: Relevant professional certification preferred. Certified Information Systems Auditor (CISA), Certified Information System Security Professional (CISSP), or Certified Information Security Manager (CISM) is preferred
- Knowledge of CA, SSO, MFA and Cybersecurity best practices.
- Knowledge of process improvement and project management methodologies
- Knowledge of various applications and uses of health information technology
- Strong analytical and decision making skills
- Excellent verbal, written, and diplomacy skills
- Effectively influences and guides others across various organizational structures using strong interpersonal skills
- Ability to manage and collaborate with multidisciplinary teams
- Ability to effectively prioritize and execute tasks based on risk
- Ability to decipher and apply knowledge of regulatory/accreditation requirements
- Ability to prioritize and work on multiple projects under time constraints
- Ability to adapt to shifting priorities, demands, and timelines through analytical and problem-solving capabilities
- Ability to work independently as well as in a team environment including multi-level staff and external partners
About the Team – Crossix delivers hard-to-come-by insights that enable healthcare marketers to plan, measure, and optimize their marketing campaigns with confidence. Using our own proprietary technology and network of health and non-health data, our analyses pinpoint the tactics, programs, and channels that improve performance and boost sales, enabling better healthcare communications. And we do it all while protecting consumer privacy.
Leadership – With decades of combined experience and an unrivaled track record of healthcare innovation, our leadership team sets the standard for us. Their knowledge and expertise continually challenge us and the industry – through their work, their speaking engagements at conferences and their thought leadership published in the top industry publications.
Culture – We know that our employees set us apart. Along with competitive salaries and benefits, we invest in creating compelling opportunities for professional development and career growth. We also believe that diversity is essential to building an environment where everyone can feel they belong. We’re continuously building an inclusive company where everyone feels welcome and heard. Come join our rapidly growing team!
We are an equal opportunity employer and welcome all qualified applicants regardless of race, color, religion, sex, gender identity, sexual orientation, marital status, ancestry, national origin, age, disability, genetic information, or veteran status.