Cyber Security Manager

KHS reasonably expects to pay starting compensation for the position of Cyber Security Manager in the range of $132,512 -172,265 annual

"On-Site Position"

About us

Kern Health Systems is dedicated to improving the health status of our members through an integrated managed health care delivery system.

About the role

The Cybersecurity Manager is responsible for leading and managing the information security program to ensure the confidentiality, integrity, and availability of the organization?s information assets. This role involves developing, implementing, and maintaining security policies, procedures, and standards, as well as overseeing the day?to?day activities of the Information Security program and team. In collaboration with Directors within Management Information Systems (MIS), the Cybersecurity Manager supports the development of cybersecurity strategies, governance frameworks, policies, procedures, reporting, and incident response capabilities across the organization.

The Cybersecurity Manager monitors, reviews, and approves Information Security (InfoSec) decisions prior to implementation and provides security oversight and guidance for systems, networks, and technology solutions. Incumbents are expected to possess a strong understanding of systems, networks, and telecommunications architectures sufficient to assess risk, define security requirements, and ensure secure design and operation.

This role requires strong organizational, planning, and leadership skills to manage distributed initiatives, coordinate cross?functional efforts, and support security training and awareness activities as required.

Essential Duties and Responsibilities

Cybersecurity Program & Roadmap Management

• Lead and manage the enterprise information security program, ensuring alignment with organizational goals, regulatory requirements, and risk tolerance.
• Own and maintain the cybersecurity roadmap, translating strategy into prioritized initiatives, milestones, and measurable outcomes.
• Track execution progress, risks, and dependencies, and provide regular reporting on cybersecurity posture and maturity to executive leadership.

Governance, Risk, and Compliance (GRC)

• Design, implement, and maintain the Information Security Management System (ISMS) aligned with ISO/IEC 27001.
• Lead planning, readiness, and execution activities for ISO/IEC 27001 certification, including gap assessments, remediation efforts, and internal audits.
• Oversee HITRUST framework adoption and ongoing maturity, including control mapping, evidence management, and third?party assessments.
• Ensure continuous HIPAA Security Rule compliance through risk assessments, control monitoring, remediation tracking, and audit readiness.
• Develop, maintain, and govern cybersecurity policies, standards, and procedures, ensuring regular review, version control, and organizational adoption.
• Conduct and oversee enterprise security risk assessments and support organizational risk management processes.

Microsoft Security & Data Protection

• Drive continuous improvement of Microsoft Security Secure Score by prioritizing and overseeing implementation of recommended security controls.
• Provide oversight of Microsoft security platforms (e.g., Microsoft Defender) supporting identity, endpoint, email, and cloud security.
• Manage Microsoft Purview for information protection, data loss prevention (DLP), retention, and compliance policy enforcement.
• Utilize Microsoft Purview to support policy and procedure governance, documentation management, and compliance reporting.

Security Operations Oversight

• Provide cybersecurity oversight and guidance to IT Operations teams responsible for infrastructure, networks, endpoints, and cloud services.
• Ensure security requirements are embedded into system design, configuration standards, and change management processes.
• Oversee vulnerability management, security monitoring, and incident response coordination.
• Lead or support security incident investigations, root cause analysis, and remediation planning.

Vendor, Audit, and Stakeholder Management

• Evaluate, select, and manage cybersecurity?related vendors, tools, and services.
• Coordinate external audits, assessments, and testing activities related to cybersecurity and compliance.
• Serve as the primary cybersecurity liaison with auditors, regulators, and internal oversight bodies.
• Partner with Privacy, Compliance, Legal, and business stakeholders to address findings, risks, and remediation efforts.

Leadership & Program Management

• Lead, mentor, and develop cybersecurity staff and/or matrixed resources.
• Promote security awareness and training initiatives to strengthen organizational security culture.

• Support cybersecurity budgeting, resource planning, and prioritization activities.

Employment Standards:

Bachelor?s degree in Information Security, Computer Science, Information Systems, or a related field or equivalent experience required.

Minimum of 8 years of progressive experience in cybersecurity, information security, or risk management within a regulated environment (healthcare preferred). 4 of 8 years of progressive supervisory experience should include direct leadership of professional staff, leading cybersecurity programs, governance initiatives, and cross?functional security efforts.

Preferred Certifications:

CISSP, CISM, CRISC, HCISPP, or equivalent.