Systems Manager IT Cybersecurity

CommonSpirit Health was formed by the alignment of Catholic Health Initiatives (CHI) and Dignity Health. With more than 700 care sites across the U.S. from clinics and hospitals to home-based care and virtual care services CommonSpirit is accessible to nearly one out of every four U.S. residents. Our world needs compassion like never before. Our communities need caring and our families need protection. With our combined resources CommonSpirit is committed to building healthy communities advocating for those who are poor and vulnerable and innovating how and where healing can happen both inside our hospitals and out in the community.

CommonSpirit Health is seeking a highly motivated Cybersecurity Manager to lead Cybersecurity Analysts and Engineers in the pursuit of actionable cyber risk throughout the organization specific to vulnerability management and analytics.

As a manager within Cybersecurity, you will be responsible to effectively create, communicate, and coordinate tactical direction and implementation of cybersecurity risk discovery operations and remediation efforts in support of key organization initiatives and strategy. 

The Cybersecurity Manager will report to the Director, Threat Prevention, as part of the overall Cyber Vigilance and Defense group, which is focused on identifying, protecting, responding and containing threats, vulnerabilities, and weaknesses with respect to the overall CommonSpirit organization.

The management of cybersecurity risk discovery operations and remediation efforts are grounded in the proactive detection of cyber risk. Once a cyber risk to the organization has been identified, collaborative development of action plans and timelines ensure that key stakeholders are involved and can act quickly to protect the organization. You will collaborate with leaders throughout the organization. You will foster relationships with key business partners, internal technology and cybersecurity teams, and external vendors to leverage technology to enable detection of cyber risk. You will remain knowledgeable about security issues, vulnerabilities, regulatory, legal, and security policies and standards that may impact information security. 

• Manage the work direction and resource needs for a team of Cybersecurity Analysts and Engineers. Define strategic goals and manage performance to meet those goals, specific to security vulnerability scanning and remediation, administration of applicable toolsets and enterprise vulnerability & risk analytics.
• Manage activities relative to the day-to-day operations of vulnerability reporting and remediation; determine business and technical requirements to maintain the highest possible degree of monitoring, assessment, testing, and analysis capability. Serve as a key respondent and facilitator for proactive cyber risk remediation in the organization.
• Recruit, retain, and develop a diverse and high performing team; create an environment of continuous learning and growth development.
• Follow industry and technology trends and best practices to advise leadership and direct teams on the best employment of tools, techniques and procedures.
• Maintain a high degree of awareness of current and potential threats and risks to the company and sector.
• Develop and maintain a working relationship with internal stakeholders and third-party service providers. Work with business unit executives and service providers to introduce into and refine cybersecurity capabilities within the environment.
• Must possess a broad knowledge relating to IT infrastructure and Cybersecurity, and have in-depth and up-to-date experience with today’s enterprise level platforms and tools, including penetration testing, asset/application/service discovery, and vulnerability scanning tools, techniques, and procedures.
• Remote eligible.

• Bachelor’s degree in related field or equivalent combination of education and experience preferred
• 7+ years in Information Technology, including 3+ years of experience managing a complex function, team or program.
• 5 years direct experience in cybersecurity operations and/or cybersecurity incident response.
• One or more relevant technical/professional security certifications (such as: COMP-TIA Network+, Security+, SANS GIAC, CISSP, CRISC, CISA, or vendor-specific) preferred.
• Experience in Windows, UNIX/Linux OS required.
• Functional understanding of regulatory and compliance mandates and frameworks, including but not limited to: HIPAA, HITECH, PCI, Sarbanes-Oxley, Center for Internet Security (CIS), NIST, or MITRE Attack Framework preferred.
• Experience conducting Vulnerability Testing (Network, Application, Database, and/or System Security), Analysis, Prioritization, and Documentation, and the management of communication with leadership and affected stakeholders preferred.
• Leadership experience preferred
• Demonstrated ability to effectively communicate and present complex technical information to a broad audience and make recommendations with justification to leadership.
• Proven investigative and problem solving, critical thinking, root-cause analysis, and business risk analysis skills.
• Experience in the healthcare industry or critical infrastructure preferred.