Sys Manager IT Cybersecurity

Overview

Inspired by faith. Driven by innovation. Powered by humankindness. CommonSpirit Health is building a healthier future for all through its integrated health services. As one of the nation's largest nonprofit Catholic healthcare organizations, CommonSpirit Health delivers more than 20 million patient encounters annually through more than 2,300 clinics, care sites and 137 hospital-based locations, in addition to its home-based services and virtual care offerings. CommonSpirit has more than 157,000 employees, 45,000 nurses and 25,000 physicians and advanced practice providers across 24 states and contributes more than $4.2 billion annually in charity care, community benefits and unreimbursed government programs. Together with our patients, physicians, partners, and communities, we are creating a more just, equitable, and innovative healthcare delivery system.

Responsibilities

This is a remote position.
Job Summary

CommonSpirit Health is seeking a highly motivated Cybersecurity Manager to lead Cybersecurity Analysts and Engineers in the pursuit of actionable cyber risk throughout the organization specific to web application security.

As a manager within Cybersecurity, you will be responsible to effectively create, communicate, and coordinate tactical direction and implementation of cybersecurity risk discovery operations and remediation efforts in support of key organization initiatives and strategy.

The Cybersecurity Manager will report to the Director, Attack Surface Management, as part of the overall Cyber Vigilance and Defence group, which is focused on identifying, protecting, responding and containing threats, vulnerabilities, and weaknesses with respect to the overall CommonSpirit organization.

The management of cybersecurity risk discovery operations and remediation efforts are grounded in the proactive detection of cyber risk. Once a cyber risk to the organization has been identified, collaborative development of action plans and timelines ensure that key stakeholders are involved and can act quickly to protect the organization. You will collaborate with leaders throughout the organization. You will foster relationships with key business partners, internal technology and cybersecurity teams, and external vendors to leverage technology to enable detection of cyber risk. You will remain knowledgeable about security issues, vulnerabilities, regulatory, legal, and security policies and standards that may impact information security.
Job Responsibilities

• Manage the work direction and resource needs for a team of Cybersecurity Analysts and Engineers. Define strategic goals and manage performance to meet those goals, specific to web application security including dynamic application security testing, secure software development, vulnerability scanning and remediation, API assessment, scripts monitoring, web application security program development, as well as vendor engagement related to these areas.
• Manage activities relative to the day-to-day operations of dynamic application security testing and scripts monitoring; determine business and technical requirements to maintain the highest possible degree of monitoring, assessment, testing, and analysis capability. Serve as a key respondent and facilitator for proactive cyber risk remediation in the organization.
• Recruit, retain, and develop a diverse and high performing team; create an environment of continuous learning and growth development.
• Follow industry and technology trends and best practices to advise leadership and direct teams on the best employment of tools, techniques and procedures.
• Maintain a high degree of awareness of current and potential threats and risks to the company and healthcare sector.
• Develop and maintain a working relationship with third-party service providers. Work with business unit executives and service providers to introduce into and refine cybersecurity capabilities within the environment.
• Must possess a broad knowledge relating to web application development, IT infrastructure and Cybersecurity, and have in-depth and up-to-date experience with today's enterprise level applications, platforms, and tools, including asset/application/service discovery, web application security testing tools (dynamic, static, composition analysis) and other vulnerability scanning and application monitoring tools, techniques, and procedures.

Qualifications

• Bachelor's degree in related field or equivalent combination of education and experience preferred
• 10+ years in Information Technology, including 3+ years of experience managing a complex function, team or program.
• 5+ years direct experience in cybersecurity operations related to web application security testing.
• Experience in Windows, UNIX/Linux OS required.
• Functional understanding of regulatory and compliance mandates and frameworks, including but not limited to: HIPAA, HITECH, PCI, Sarbanes-Oxley, OWASP, Center for Internet Security (CIS), NIST, or MITRE Attack Framework preferred.
• Experience conducting Web Application Security Testing (DAST, SAST, SCA, RASP, IAST), and Vulnerability Testing (Network, Application, Database, and/or System Security), Analysis, Prioritization, and Documentation, and the management of communication with leadership and affected stakeholders preferred.
• Experience creating, administering, and maintaining web applications and/or APIs preferred.
• Familiarity with coding languages such as Python, Java, JavaScript, C++, C# or others preferred.
• Leadership experience preferred
• Demonstrated ability to effectively communicate and present complex technical information to a broad audience and make recommendations with justification to leadership.
• Proven investigative and problem solving, critical thinking, root-cause analysis, and business risk analysis skills.
• Experience in the healthcare industry or critical infrastructure preferred

#LI-Remote

#LI-CSH