Job Description:Summary:The Manager Information Security Operationsreports to the Director of Information Security. Under general supervision, manages and provides support to all Brown University Health information security services to assure a high value, efficient, comprehensive, security program which meets Brown University Health needs.Responsibilities:Interviews, hires, and assigns subordinate staff; provides guidance and counsel to subordinate staff; conducts periodic performance evaluation; recommends personnel actions; acts as a resource for staff; conducts periodic individual and/or group staff meetings; prepares and submits payroll; provides and maintains subordinate staff development plans; develops standards for subordinate staff performance; coaching staff on career progression, certifications, and cross-training. Assist in determining the needs, structure, staffing, and systems required to deliver world class information security capabilities to all Brown University Health affiliates.Directs the efforts of others in the achievement of strategic and operational objectives of the group.Advise and make recommendations in a strategic direction. Identify opportunities for automation, standardization, cost savings, and business improvement. Identify gaps, develop strategy, and create operational plans in support of Brown University Health’s security mission.Manage functional metric reporting requirements, developing metrics delivered to executive steering committee and measuring program success. Manage resolution of problems with reporting and has responsibility for overseeing maintenance of reporting systems.Manages Security Operations Center (SOC) surrounding, SIEM, Alerting / Detection (Network / Endpoint), Log Management, Phishing (Detection & Response), Digital Forensics, Penetration Testing, Zero-Trust architecture, threat-informed defense (MITRE ATT&CK), O365 and security automation.Monitor / manage security controls across multi-cloud (Azure / AWS) environment as needed.Develop, maintain, and publish up-to-date security policies, standards and guidelines which align with industry best practices using control standards and regulatory frameworks. Ensure proper documentation is in place for a wide range of products including network devices, virtual machines, mobile devices, Operating Systems, and applications.Integrate, align, and act as liaison with the business to ensure there is alignment to Brown University Health’s Information Security Program.Manages third party partners and services to ensure Brown University Health receives value and performance in accordance with contractual agreements.Drive continuous improvement against HIPAA Security Rule and NIST CSFDevelop roadmaps for enterprise security technologies.Manage cloud / on-premises Incident Response processes, including tabletop exercises for breach scenarios.Ensure Brown University Health is prepared for external audits.Responsible for developing and managing IS Security budget.Maintains up-to-date technical knowledge by attending seminars, vendor presentations, and reading professional literature.Participate in councils, quality improvement teams, and other committees as required.Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or possessed by the organizationOversee training and dissemination of security policies and practicesParticipates in all departmental goals and strategy development. Provides assistance in negotiation and management of contracts with outside vendors.Participate in Demonstrations/Presentations and BenchmarksEnsure security programs are in compliance with relevant laws, regulations and policies to eliminate or minimize risk and audit findingsServe as a liaison between the information security team and corporate compliance, audit, finance, legal, marketing, operations and HR management teams as requiredMaintains work effort status within SLA’s on Brown University Health’s Service Desk Platform and Task Management Platforms. Assign tickets as required.Attend and actively contribute to problem-management and major-incident conference calls as required, providing technical guidance, ensuring action-item ownership, and driving timely resolution and root-cause analysis.Attend and actively contribute to project and steering committee meetings as required.Researches and assists in the piloting and evaluation of new tools, technologies, technical controls, and processes to support and enforce defined security policies.Monitor emerging threats, vulnerabilities, and industry best practices to ensure security controls remain effective and aligned with the evolving threat landscape.Provide expertise on security best practices across IT, infrastructure, and enterprise operations to support secure business strategies.Requires management support after normal hours for critical security incidents.This position requires participation in a recurring on-call schedule that includes evenings and weekends. On-call responsibilities cover a wide range of IT incidents, including but not limited to information security, network, server, application, and other enterprise technology issues. During general IT incident calls, the manager serves in a scribe capacity, documenting key details and ensuring accurate and timely entry into the service management platform.Perform other related duties as required.Other information:EXPERIENCE:Bachelor’s degree in Management or information systems required; M.B.A. or M.S. in is preferred.Certifications Required (3 or more - CISSP, CISM, CRISC, GIAC, CCSP, Security+)A minimum of ten years of IS experience, with five years in an information security role.Five years progressively responsible related work experience, including at least two years of related supervisory/management experience in a similar environment.Proven track record of managing remote teams.Comprehensive understanding of risk assessment protocols to develop appropriate assessment models to evaluate program effectiveness and quantify information security and cybersecurity risks across the organizationExpert knowledge in security operations and incident response.Experience designing and implementing secure landing zones in both Microsoft Azure and Amazon AWS.Ability to translate technical risk into business impact for executive and clinical leadership.Expert knowledge of third-party vendor security risk management and cyber supply chain managementExpert knowledge of regulatory requirements, risk and industry standards associated with emerging technology, authentication capabilities, network design/security, cloud computing environment, the “dark web” and internet of things (IoT). Knowledge of leading Information Security industry frameworks (ie: NIST, ISO, SANS) and Information Security and Data governance modelsKnowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts.Ability to manage multiple high visibility deliverables simultaneouslyExcellent customer service and interpersonal skills requiredMust have excellent written and verbal (face-to-face and phone) communication skills including professional grammar and demeanorExpert presentation and reporting to executive audiencesExperienced with Microsoft ExcelExperienced with vendor management, selection and contractsINDEPENDENT ACTION:Functions independently within departmental policies and practices. Must be able to work independently in a manner to achieve goals, objectives and productivity requirements.SUPERVISORY RESPONSIBILITIES:Supervisory responsibility for up to 15 FTEs.Brown University Health is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, ethnicity, sexual orientation, ancestry, genetics, gender identity or expression, disability, protected veteran, or marital status. Brown University Health is a VEVRAA Federal Contractor.Location: Brown University Health Corporate Services, USA:RI:ProvidenceWork Type: Full TimeShift: Shift 1Union: Non-Union
