The Information Security Manager will work closely with the Deputy Information Security Officer on the development, documentation, implementation, and monitoring of policies, procedures, and practices that ensure the confidentiality, integrity, and availability of Henry Ford Health System patient, employee, and company confidential information. The Information Security Services Manager is the primary resource for security incident management leading tactical improvements by designing and building short and long term enterprise plans and standards to ensure services meet current and future requirements. The position is responsible for participating in the Information Privacy and Security Office’s planning and managing of budgets, project prioritization, strategy, execution, policies, procedures, and guiding practices.
The Information Security Services Manager reports to the Deputy Information Security Officer. This position collaborates closely with cross functional enterprise groups to ensure processes and services are implemented and operationalized to meet both the needs of the business and regulatory requirements. The position will manage all aspects of the system-wide cybersecurity incident management plan, processes, and staff.
PRINCIPAL DUTIES AND RESPONSIBILITIES:
Provide cybersecurity incident management leadership, administrative management of staff (performance, scheduling/on-call rotation, professional development, etc.), adherence to incident response processes, service level agreements, implementation and operational management of security event monitoring technologies, threat intelligence processes, and associated reporting.
Provides leadership, vision, and managerial oversight, development, implementation, and execution of Henry Ford Health System’s Enterprise-Wide Cybersecurity Incident Management Program. The Information Security Services Manager maintains policies and processes that enable HFHS to establish consistent, efficient, and appropriate controls. The Information Security Services Manager will set performance expectations for direct reports and provide constructive performance feedback on a regular basis. This position is responsible for enterprise-wide security incident event communications and reporting.
Information Security Services Management
- Evaluate and update Information Security Services operational processes and procedures as appropriate and ensure compliance.
- Keep abreast with industry alerts and technology trends and best practices related to information security.
- Partner with peer department groups to foster an atmosphere of collaboration and cooperation.
- Ensure and monitor security compliance with regulatory requirements, industry best practices, and organizational policies. (HIPAA, HITECH, PCI, Federal/State laws, etc.).
- Provide oversight of and support for response processes related to detected security incidents and threats.
- Manage departmental vendor/partner/support relationships.
- Contributes to the development of a multi-year IT Security roadmap and strategic planning activities, as well as budgeting and forecasting activities to provide a measurable value to the organization.
- Central authority of security incident events through identification, protection, detection, response and recovery.
- Manage the development and implementation of information security policies, processes, standards, and guidelines as related to enterprise-wide information security incident management.
- Program management of departmental initiatives, projects, and implementation and monitoring of information security controls.
- Responsible for ensuring that appropriate resources are allocated to projects and that the timelines, commitments, and service levels from the team are met.
- Responsible for the design, maintenance, and monitoring of Security Information and Event Management (SIEM) and Security Operations Center processes and configurations.
- Liaison for departmental process and incident escalations to leadership.
- Provides functional leadership and supervision to Information Security Services staff. Including staff scheduling, performance, and development management.
- Manage the reporting employee lifecycle, by maintaining a diverse, efficient and effective work force.
- Regularly meet with direct reports for feedback, mentoring, support, and career development including performance expectations to ensure continuous value.
- Foster a culture of customer service, disciplined business conduct, and healthy communication.
- Ensure each team member understands their role, responsibilities, and are accountable for their performance.
- Bachelor's Degree in Information Systems, Computer Science or equivalent required.
- Must have a minimum of 6 years of cybersecurity experience, to include a minimum of 2 years of leadership experience.
- Demonstrated strong and effective verbal, written, and interpersonal communication skills, with experience in all at the executive level.
- Ability to prioritize and multi-task in a dynamic, fast paced, and challenging environment.
- Experience with federal and state healthcare information regulations and requirements (e.g. HIPAA)
- Advanced knowledge of IT systems and functions, process development, change management, and service and implementation lifecycle.
- Knowledge of information security best practices, NIST Cybersecurity Framework, and common risk frameworks.
- Can conform to shifting priorities, demands and timelines through analytical and problem-solving capabilities.
- Demonstrated experience in the development and management of a comprehensive information security program that balances risk along with the organizational goals and objectives.
- Demonstrate the ability to influence without direct control and/or authority.
- CISM/CISSP or equivalent certification required.
Minimum Starting Salary: $87,753.12 This rate is the minimum pay for the position. Actual compensation will be based on education, years of experience, and other factors at the time of offer.”
Henry Ford Health System, one of the largest and most comprehensive integrated U.S. health
care systems, is a national leader in clinical care, research and education. The system includes
the 1,200-member Henry Ford Medical Group, five hospitals, Health Alliance Plan (a health
insurance and wellness company), Henry Ford Physician Network, a 150-site ambulatory
network and many other health-related entities throughout southeast Michigan, providing a
full continuum of care. In 2015, Henry Ford provided $299 million in uncompensated care.
The health system also is a major economic driver in Michigan and employs more than 24,600
employees. Henry Ford is a 2011Malcolm Baldrige National Quality Award recipient. The
health system is led by President and CEO Wright Lassiter III. To learn more, visit HenryFord.com.
Whether it's offering a new medical option, helping you make healthier lifestyle choices or
making the employee enrollment selection experience easier, it's all about choice. Henry
Ford Health System has a new approach for its employee benefits program - My Choice
Rewards. My Choice Rewards is a program as diverse as the people it serves. There are
dozens of options for all of our employees including compensation, benefits, work/life balance
and learning - options that enhance your career and add value to your personal life. As an
employee you are provided access to Retirement Programs, an Employee Assistance Program
(Henry Ford Enhanced), Tuition Reimbursement, Paid Time Off, Employee Health and Wellness
and access to day care services at Bright Horizons Midtown Detroit, and a whole host of other
benefits and services.
Equal Employment Opportunity/Affirmative Action Employer
Equal Employment Opportunity / Affirmative Action Employer Henry Ford Health System is
committed to the hiring, advancement and fair treatment of all individuals without regard to
race, color, creed, religion, age, sex, national origin, disability, veteran status, size, height,
weight, marital status, family status, gender identity, sexual orientation, and genetic information,
or any other protected status in accordance with applicable federal and state laws.