25 Oct
Information Security Manager
Washington, Bellevue , 98004 Bellevue USA

Vacancy expired!

For over 30 years, HMA has been helping Pacific Northwest-based employers administer their own health plans. We believe that good healthcare should improve health, so we support companies in taking better care of their people by taking better care of them. Now is an excellent time to join HMA as our employees are combining purpose, passion, and experience in new and innovative ways to stay ahead of the healthcare curve. We offer competitive pay, comprehensive benefits, professional development opportunities and an entrepreneurial, collaborative, and fun team environment.

How YOU will make a Difference:Protection of our systems and data are vital to maintaining our clients trust. The Manager, Information Security is responsible for our overall information security program, ensuring that our policies, systems, and best practices align with our risk posture and compliance requirements.The Manager, Information Security demonstrates substantive skill in four key areas:
  • Security program development, including features, best practices & success criteria.
  • Technical acumen for security & compliance tools, platforms, and solutions.
  • Policy standards, requirements and best practices.
  • Security operations & incident management, including tactical (hands on) and strategic (program management).

What YOU will do:
  • Responsible for the strategic leadership of the corporation’s information security program.
  • Lead information security planning processes to establish an inclusive and comprehensive information security program for the organization.
  • Provide guidance and counsel to IT Leadership and key members of the executive leadership team, working closely together to define objectives for information security, while building relationships and goodwill.
  • In partnership with Cambia Health Solutions CISO, establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
  • Oversee the development, implementation and administration of technical security standards, as well as security services and tools to address and mitigate security risk.
  • Stay abreast of information security issues and regulatory changes affecting the company, including State and Federal law, the company’s industry compliance standards, and regulatory & compliance requirements specific to the industry segments that we operate in.
  • Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
  • Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the organization’s information and technology systems.
  • Coordinate and track all information technology and security related audits including scope of audits, timelines, and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the organization in its best light. Provide guidance, evaluation and advocacy on audit responses.
  • Work closely with IT leadership, technical experts, and managers across the company on a wide variety of security issues that require an in-depth understanding of the IT environment in their units, as well as the research landscape and federal regulations that pertain to their line of business.
  • Create education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities.
  • Work with IT teams, and IT leadership to build awareness and a sense of common purpose around security.
  • Develop proactive security initiatives that contribute to an improved security posture for the organization (e.g. protecting identity theft, mobile social media security, phishing, online reputation program).
  • Keep abreast of security incidents and act as primary control point during significant information security incidents.
  • Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
  • This position falls into the category of an individual contributor, however, managing processes, timelines, projects, and leading initiatives are requirements.

Knowledge and Key Attributes needed for Success:
  • Able to communicate and engage effectively with a diverse audience, including front line technical staff, non-technical staff & management, executives, and vendors/providers.
  • Demonstrated operational and technical skills relating to information security.
  • Superb communication skills including all aspects of formal and informal communication to individuals, teams, stakeholders and customers. Strong consensus builder who builds credibility through targeted, accurate, and effective communication.

Experience and Education Requirements:
  • 3+ years leading a security program or security team for an organization of similar size / complexity.
  • Prior experience in a technical engineering role is required.
  • Bachelor’s Degree in Computer Science, Engineering, Management Information Systems, or related discipline (or additional, relevant work experience) required.
  • One or more applicable security certifications required (CISSP, CISM ,CISA).
  • Knowledge of information security frameworks like NIST CSF, HITRUST, and ISO 27001
  • Demonstrated in-depth knowledge of the HIPPA Security Rule.
  • Subject matter expertise in information security technology domains and how those relate to overall technology infrastructure.
  • Demonstrated ability to be ‘hands on’ in the selection, deployment and management of key security platforms.
  • Demonstrated knowledge of key considerations for a sound and effective information security program.
  • Experience in the health insurance industry, payer oriented processes and systems is preferred

How we Support your Work, Life, and Wellness GoalsWe offer a comprehensive total rewards package including: competitive pay; annual incentive; medical, dental, and vision insurance; 401K retirement plan with match; generous PTO and holidays; an onsite gym facility; a gym subsidy; Life, AD&D, Short-Term and Long-Term Disability Insurances; an Employee Assistance Plan; free parking and easy freeway access to I-405 and I-520; a well-stocked kitchen on-site with subsidized snacks and refreshments; year-round wellness activities; the ability to earn a $500 wellness incentive; monthly events; paid volunteer hours and more!HMA requires a background screen prior to employment.Protected Health Information (PHI) Access Healthcare Management Administrators (HMA) employees may encounter protected health information (PHI) in the regular course of their work. All PHI shall be used and disclosed on a need-to-know-basis and according to HMA’s standard policies and procedures.

HMA is an Equal Opportunity Employer

Vacancy expired!


Report job