Inovalon is a leading technology company that combines advanced cloud-based data analytics and data-driven intervention platforms to achieve meaningful insight and impact in clinical and quality outcomes, utilization, and financial performance across the healthcare landscape. Inovalon's unique achievement of value is delivered through the effective progression of Turning Data into Insight, and Insight into Action.
The Manager, Security Governance is internal to Inovalon a part of the Security, Risk and Compliance department that partners with IT groups, business groups, and project teams to plan, develop security standards and guides for consumption, and manage significant elements of our business resilience including, Enterprise Business Continuity governance and Disaster Recovery program management. This person will be accountable for the overall planning, directing, and organizing activities for the areas of Security Governance and Business Continuity and ensuring efficient operations.
Manage and develop security policies, implementation standards and control procedures for consumption by the enterprise; ensure the organization’s policies and procedures are fulfilling all applicable regulatory requirements including HIPAA and HITRUST;
Participate in strategic planning efforts for Privacy and Security and throughout the organization;
Lead and mature monthly Security and Compliance executive reporting;
Effectively communicate relevant security-related information to Senior Leadership Team;
Manage a staff of Information Security professionals, train new staff, conduct performance reviews and provide leadership and coaching while maintaining on-call support and prioritizing work;
Manage information security frameworks, requirements, direction and system recommendations;
Provide project management and operational responsibility for administrative coordination and implementation of the organization’s security program;
Provide senior subject matter expertise, program leadership and administration in responsible areas of security governance, risk, business continuity, disaster recovery and emergency planning and crisis management;
Manage security and business continuity projects as required (designing, planning and conducting a wide range of complex drills and exercises) to assess whether emergency response, crisis management, business continuity and technology recovery strategies and procedures are effective;
Responsible for customer, vendor, and third party risk management support and guidance to ensure continuity and disaster recovery activities are understood and executed;
Develop and manage program practices including, maintenance and testing of tools, plans, equipment, systems and data repositories and enterprise-wide education and awareness;
Build and utilize collaborative networks with key contacts both internal and external of the organization; and
Determine the need for process changes or new procedures and ensures appropriate standards are followed.
Bachelors of Science degree in a Computer or Engineering related discipline or equivalent experience;
Master’s degree is preferred but not required;
CISSP, CISA, CISM, MCP and MCSE certifications preferred;
Minimum 5-10 years of progressive experience performing IT and security related duties;
Strong technical acumen and experience leading the development of a complex solution as a senior lead architect in the areas of security requirements analysis, security architecture, security testing, security operations and maintenance and the security economics;
Expert level experience of Security fundamentals with a solid understanding of threats, vulnerabilities, defenses, security principles and policies;
Experience in engineering solutions in the following areas: firewalls, mobile devices, virtual environments, Intrusion Detection (IDS), Intrusion Prevention (IPS), Data Loss Prevention (DLP), Antivirus, and Private Key Exchange (PKI); and
Knowledge of applicable HIPAA, SAS70, CoBIT, SOX, NIST, CIS, and data privacy practices and laws.