*POSITION SUMMARY* The Information Security Program Manager leads the initiatives of the Information Security team under the direction of the CISO. This role is responsible for operational information security and the delivery of information security-related projects, including administrative and technical implementation and continuous improvement of solutions to maintain and enhance the overall security posture. The position focuses on Information Security governance, risk and compliance, as well as security training & awareness and IT resilience. The Information Security Program Manager proactively works with customers, stakeholders, architects and engineers to prioritize management of information security risks. The Information Security Program Manager will lead multiple disciplines of work and supervise individuals as part of the security leadership team. *PRIMARY ACCOUNTABILITES* 1. Creates and maintains a comprehensive risk register to document and track identified risks, mitigation strategies, and progress. This includes testing, tracking, remediation and documenting risk acceptance for identified technology and security risks. Keeps senior leaders abreast of emerging, new and unaddressed risks. 2. Oversees investigations and audits, manages information security risk assessments, and recommends improvements to mitigate risks. Recommendations from this role are a key contribution of Health First Security Strategy. 3. Provides subject matter expertise on all aspects of Information Security including development, implementation, and maintenance. This includes development and update of Information Security related Policies, Procedures and Standards as well as tracking and reporting on exceptions to policy as well as mapping policies to applicable regulations and frameworks. 4. Coordinates with CISO to ensure clear and professional documentation of root cause and risk analysis of all security incidents. 5. Coordinates Information Security requirements as part of the Breach Investigation Team to document and report to CISO, Privacy Officer and other senior leaders on any incident or event that may lead to breach notification. 6. Identifies, evaluates, and reports on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the organization. 7. Oversees an effective and comprehensive Information Security training program, including communications and training initiatives to increase cybersecurity awareness and promote safe computing practices for workforce members. 8. Oversees IT disaster response planning and execution to ensure the organization can effectively be resilient when responding to and recovering from technology impact including but not limited to security incidents. 9. Oversees the time and resources of team members to ensure efficient and effective completion of security-related projects and tasks to maintain departmental productivity. 10. Participates with CISO in budgeting functions for the department. 11. Works with the CISO to establish goals and performance standards for assigned functions. *LEADERSHIP ACCOUNTABILITIES* * Define and communicate a clear, compelling vision for the team that effectively ties into the mission and vision of Health First, and inspirationally lead the team to achieve that vision. * Provide leadership, motivation, coaching, feedback and support to foster and strengthen growth and development of an effective, high performing team. * Lead change through effective communication, explaining the connection and value to the organization, creating stronger buy-in and urgency, while understanding impact to the team to obtain commitment. * Demonstrate openness to hearing diverse ideas and thoughts; create a sense of inclusivity; and encourage collaboration across teams to help break down silos to meet the team’s and organization’s goals. * Recruit, select, grow, and retain highly engaged, high performing diverse and inclusive associates. * Contribute to and support the strategic direction, and demonstrate financial acumen, for areas of responsibility and organization. *MINIMUM QUALIFICATIONS* * Education: Bachelor’s degree in Computer Science, Information Security, Management, or relevant field. * Work Experience: Minimum five (5) years of information security experience. * Licensure: None * Certification: Advanced level security certification within one (1) year of start date. * Work Experience In Lieu of Education: o Anyone of the following: o Associate’s degree and six (6) years of applicable information security experience OR o High School Diploma or equivalent and eight (8) years of applicable information security experience. * Skills/Knowledge/Abilities: o Knowledge of IT governance, risk, and compliance frameworks such as COBIT, NIST, PCI, SOX, GLBA, CSA, and/or FFIEC. o Understanding of concepts related to information systems, information security, general IT controls, application controls, and technology risks. o Experience in planning, designing, and implementing risk management processes. o Experience in leading gap assessments, third-party risk assessments, application risk assessments, and user access certifications. o Strong communication skills, both verbal and written, with the ability to present complex topics in an understandable manner. o Experienced in reporting security risk to different levels of the organization. o Ability to work independently and as part of a team, with a focus on delivering capabilities for the customer. o Ability to analyze and think through highly complex issues and manage outcomes. *PREFFERED QUALIFICATIONS* * Work Experience: Previous experience within Healthcare or a similarly complex industry. * Certification: Expert level security certification (e.g., CISSP). * Skills/Knowledge/Abilities: Competency with Governance Risk and Compliance technology platforms. *PHYSICAL REQUIREMENTS* * Majority of time involves sitting or standing; occasional walking, bending, and stooping. * Long periods of computer time or at workstation. * Light work that may include lifting or moving objects up to 20 pounds with or without assistance. * May be exposed to inside environments with varied temperatures, air quality, lighting and/or low to moderate noise. * Communicating with others to exchange information. * Visual acuity and hand-eye coordination to perform tasks. * Workspace may vary from open to confined, onsite, or remote. * May require travel to various facilities within and beyond county perimeter; may require use of personal vehicle. *ABOUT HEALTH FIRST* At Health First, diversity and inclusion are essential for our continued growth and evolution. Working together, we strive to build and nurture a culture that recognizes, encourages, and respects the diverse voices of our associates. We know through experience that different ideas, perspectives, and backgrounds create a stronger and more collaborative work environment that delivers better results. As an organization, it fuels our innovation and connects us closer to our associates, customers, and the communities we serve. **Job:** **IT Security* **Organization:** **Health First Shared Svcs Inc* **Title:** *Information Security Program Manager* **Location:** *Florida - Brevard County-Melbourne* **Requisition ID:** *077279*