Community Health System - Franklin, TN
posted 16 days ago
About the position
As a member of the Cybersecurity leadership team, the Manager of Threat Management leads a team of security practitioners whose service lines are threat intelligence and cyber initiative delivery ('Cyber Enablement'), and will build and operate a new Security Validation service line that provides internal red team capabilities, validation that vulnerabilities have been effectively closed, and demonstration of susceptibility to build consensus and buy-in regarding the need for resolution. In leading the Threat Intelligence team, this position will elevate insights regarding the CHS and healthcare industry threat landscape to help shape cybersecurity and broader technology strategy. The manager will drive strategy and projects that increase the overall growth and maturity of the threat management services.
Responsibilities
- Develop and maintain a broad understanding of the healthcare threat landscape, including notable threat actors, techniques, and news.
- Provide leadership, management, and oversight for cyber enablement, ensuring that work generated by partner teams such as vulnerability findings and low-severity incident response findings are effectively driven to closure.
- Provide leadership, management, and oversight for the threat intelligence program including reviewing threat intelligence communications for the enrichment of the broader cybersecurity and technology programs.
- Launch and Operationalize a new Security Validation service line, including hiring dedicated personnel, in order to demonstrate susceptibility to attack.
- Perform internal red team exercises and purple team exercises in coordination with the SOC.
- Generate credibility by demonstrating attack patterns and validating effective closure of risks.
- Function as a key partner to the Security Operations Center and vulnerability management activities.
- Evaluate, develop, and report on metrics demonstrating the effectiveness of each program within this position's scope.
- Continuously improve Threat and Vulnerability services through the identification and execution of process improvement efforts.
- Make recommendations for the creation of cost-effective risk mitigation strategies to reduce the overall enterprise cybersecurity risk.
- Manage collaboration with peer organizations to ensure required technical capabilities are maintained, available, and aligned to current as well as future program requirements.
- Review security technologies, tools, and services, and make recommendations to the broader security team for their use.
- Liaise with Chief Cybersecurity Architect to share best practices and insights.
- Develop and mature processes to guide team member development to achieve career goals.
Requirements
- High School Diploma required.
- 6+ years of IT or information security experience.
- 4+ years of information security experience.
- Experience in designing and implementing technologies to reduce information security risk.
- Experience in monitoring, vulnerability management, threat intelligence, security architecture and engineering, and operations.
- Experience in process-driven structured environments and participation in process optimization activities.
- Advanced knowledge of security principles, issues, techniques and implementations across IT platforms.
- Proactive identification and solving of complex problems.
- Strong understanding of systems development lifecycle.
- Effective communication of technical concepts to a non-technical audience.
- Excellent written and verbal communication skills.
Nice-to-haves
- Bachelor's or Master's Degree in Cyber Security, Computer Science, Information Systems, or equivalent work experience.
- SANS Certification.
- GIAC Certification.
- CISSP Certification.
