IT Security and Compliance Manager, Full-time

About the position

The IT Security Manager role is a hands-on position with the responsibility of leading the IT security initiative and participating in the selection and implementation of security solutions. The IT Security Manager is responsible for establishing an enterprise security stance through policy, architecture, and training processes. Tasks will include selecting and implementing appropriate security solutions and oversight of any vulnerability audits and assessments. The IT Security Manager is expected to interface with peers in the Systems and Network departments as well as with the leaders of the business units to both share the corporate security vision with those individuals and to solicit their involvement in achieving higher levels of enterprise security through information sharing and cooperation.

Responsibilities

• Maintain and enhance security architecture, enforce security policies, and facilitate employee security awareness training.
• Conduct risk assessments, lead compliance audits (e.g., HIPAA, SOC 2), and manage vendor risk to ensure third-party compliance.
• Oversee daily security operations, implement and maintain incident response plans, and lead investigations with post-incident reviews.
• Collaborate with senior leadership on cybersecurity strategies, facilitate IT Compliance Board and Data Governance meetings, and ensure alignment through participation in the Architecture Review Board (ARB).
• Stay current on IT security trends, including new solutions, processes, and emerging threats.
• Identify, select, and procure new or enhanced security solutions to strengthen enterprise security.
• Oversee the deployment, integration, and configuration of new security solutions and enhancements, adhering to best practices and enterprise security standards.
• Ensure the confidentiality, integrity, and availability of data across enterprise systems and repositories.
• Oversee compliance with enterprise security policies and documentation.
• Supervise investigations into security issues and oversee vulnerability assessments, penetration tests, and security audits.
• Conduct regular security awareness training to maintain high compliance levels.
• Maintain ongoing communication with Systems, Networking, and business groups to align on security goals and foster cooperation.
• Directly supervise Information Security Analysts and Engineers.

Requirements

• Bachelor's degree in IT, Cybersecurity, or related field (Master's preferred).
• Strong preference for certifications like CISSP, CISM, CRISC, or CISA.
• Excellent written, oral, and interpersonal communication skills; adept at presenting ideas in business- and user-friendly language.
• Proven ability to analyze and solve complex issues while prioritizing tasks effectively under pressure.
• Skilled in researching IT security issues and solutions, with a keen attention to detail.
• Team-oriented, highly self-motivated, and effective in collaborative environments.
• Extensive experience in security architecture design, document creation, and employee security awareness training.
• Skilled in developing Business Continuity and Disaster Recovery Plans, with experience in HIPAA/HITECH regulatory standards.
• Proficient in vulnerability management tools, firewall configurations, IDS/IPS solutions, SIEM log correlation, and network protocols (IP, TCP/IP).
• Familiar with encryption technologies and IT frameworks like ITIL and COBIT.
• Strong organizational skills, management experience, and expertise in leading security-focused projects.

Benefits

• Competitive Pay
• Comprehensive Benefits package
• Vacation/Paid Time Off
• Retirement Plan with Match
• Employee Discounts
• Education and Professional Development Programs