Information Security Manager (Disaster Recovery)

Job Summary

The Information Security Manager-Disaster Recovery will be responsible for translating strategic intent into an operational security program, coordinating across a team of highly skilled multi-disciplinary security professionals. The role will also include oversight of general managed services teams (e.g., security monitoring and incident response). This role will be responsible for helping to resolve key cyber-risk issues and escalating as appropriate across different business lines within the organization. In this position, it is critical that you inspire trust, and build strong, authentic, productive relationships within the organization and with key stakeholders. As a leader in the Information Security space, your responsibility is to manage daily operations, organize daily risk and security reports, coordinate compliance review activities and identity operational improvements.

Rotating shifts, including after hours on-call, and working weekends or irregular long hours as well as occasional overnight travel.

Duties and Responsibilities may include but not limited: 

• Design, implement, and operate cybersecurity processes and technologies across the organization
• Manage reporting, investigation, and resolution of data security incidents
• Lead information security risk analyses and assessments and use these to communicate current risk posture to leadership in an unambiguous manner
• Provide guidance and direction on best practices for the protection of information.
• Ensure compliance with regulations and privacy laws.
• Develop and implement information security policies, standards, guidelines, and procedures to ensure optimal management of Information Security risk.
• Mature security processes to ensure our systems are monitored for security alerts, anomalies are tracked, and procedures followed when alerts are triggered.
• Create internal partnerships with key stakeholders, such as Audit, Finance, HR, Legal, and Marketing Teams to influence and align business-area actions that are needed to achieve security program objectives.
• Build and mentor a strong Information Security team that may include consultants and vendors.
• Provide key performance and risk indicators for the CISO, Technology Services, and the board of directors.
• Adheres to departmental policies and procedures to assure prompt resolution to identified problems.
• Focus on Identity and Access Management and Disaster Recovery functions.
• Develop and implement business plans, policies, and procedures to maintain systems, network, database and/or Web security.
• Oversee the development, implementation, and maintenance of information security, including access management, vulnerability assessments, penetration testing, infrastructure, and regulatory compliance.

Minimum Qualifications

Education: Bachelor’s Degree in a related field or equivalent work experience.

Experience: Minimum Seven years of progressively responsible experience in cyber security. Three years dedicated to building and leading an effective security program. Assisted in designing, managing, and delivering large-scale, enterprise-wide security projects. Experience with project and program management in technical environments with diverse stakeholder groups. Experience and background with on-premise and cloud technology, operating systems, and applications, preferably including clinical and healthcare solutions. Experience conducting information security risk assessment, control analysis, and vulnerability assessments. Demonstrated experience building and mentoring a strong Information Security team that may include consultants and vendors. Ability and skill to operate and produce at all levels of the program. (You have not forgotten how to work on the command line.)

Licensure, certification, and/or registration: Valid Virginia drivers’ license and dependable transportation. Certifications such as CISSP, CISA, CISM are preferred.

Other Minimum Qualifications: Excellent verbal and written communication skills with the ability to influence the actions of internal stakeholders and manage relationships with external stakeholders. Experience managing a team of people Strong problem solving and troubleshooting skills with the ability to exercise mature judgment Proven execution capabilities. Willingness to creatively ensure mission success.

About Carilion

This is Carilion Clinic …

An organization where innovation happens, collaboration is expected and ideas are valued. A not-for-profit, mission-driven health system built on progress and partnerships. A courageous team that is always learning, never discouraged and forever curious.

Headquartered in Roanoke, Va., you will find a robust system of award winning hospitals, Level 1 and 3 trauma centers, Level 3 NICU, Institute of Orthopedics and Neurosciences, multi-specialty physician practices, and The Virginia Tech Carilion School of Medicine and Research Institute.

Carilion is where you can make your own path, make new discoveries and, most importantly, make a difference. Here, in a place where the air is clean, people are kind and life is good. Make your tomorrow with us.