Lifespan
Overview
The Manager Information Security Operations reports to the Director of Information Security. Under general supervision, this role manages and provides support to all Brown University Health information security services to assure a high value, efficient, comprehensive security program which meets Brown University Health needs. Responsibilities
Interviews, hires, and assigns subordinate staff; provides guidance and counsel to subordinate staff; conducts periodic performance evaluations; recommends personnel actions; acts as a resource for staff; conducts periodic individual and/or group staff meetings; prepares and submits payroll; provides and maintains subordinate staff development plans; develops standards for subordinate staff performance; coaches staff on career progression, certifications, and cross-training. Assists in determining the needs, structure, staffing, and systems required to deliver world class information security capabilities to all Brown University Health affiliates. Directs the efforts of others in the achievement of strategic and operational objectives of the group. Advises and makes recommendations in a strategic direction. Identifies opportunities for automation, standardization, cost savings, and business improvement. Identifies gaps, develops strategy, and creates operational plans in support of Brown University Health's security mission. Manages functional metric reporting requirements, developing metrics delivered to executive steering committee and measuring program success. Manages resolution of problems with reporting and has responsibility for overseeing maintenance of reporting systems. Manages Security Operations Center (SOC) operations including SIEM, alerting/detection (network/endpoint), log management, phishing (detection & response), digital forensics, penetration testing, zero-trust architecture, threat-informed defense (MITRE ATT&CK), O365 and security automation. Monitors and manages security controls across multi-cloud (Azure/AWS) environment as needed. Develops, maintains, and publishes up-to-date security policies, standards and guidelines aligning with industry best practices using control standards and regulatory frameworks. Ensures proper documentation for products including network devices, virtual machines, mobile devices, operating systems, and applications. Integrates, aligns, and acts as liaison with the business to ensure alignment with Brown University Health's Information Security Program. Manages third party partners and services to ensure value and performance per contractual agreements. Drives continuous improvement against HIPAA Security Rule and NIST CSF. Develops roadmaps for enterprise security technologies. Manages cloud and on-premises incident response processes, including tabletop exercises for breach scenarios. Ensures Brown University Health is prepared for external audits. Responsible for developing and managing the IS Security budget. Maintains up-to-date technical knowledge by attending seminars, vendor presentations, and reading professional literature. Participates in councils, quality improvement teams, and other committees as required. Develops, implements and monitors a strategic, comprehensive enterprise information security and IT risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or possessed by the organization. Oversees training and dissemination of security policies and practices. Participates in departmental goals and strategy development. Assists in negotiation and management of contracts with outside vendors. Participates in demonstrations/presentations and benchmarks. Ensures security programs comply with relevant laws, regulations and policies to minimize risk and audit findings. Acts as a liaison between the information security team and corporate compliance, audit, finance, legal, marketing, operations and HR management teams as required. Ensures Team RACI is current. Maintains work effort status within service level agreements on Brown University Health's Service Desk Platform and Task Management Platforms. Assigns tickets as required. Attends problem-management and major-incident conference calls as required, providing technical guidance, ensuring action-item ownership, and driving timely resolution and root-cause analysis. Attends project and steering committee meetings as required. Researches and assists in piloting and evaluating new tools, technologies, controls, and processes to support security policy enforcement. Monitors emerging threats, vulnerabilities, and industry best practices to ensure controls remain effective and aligned with evolving threat landscape. Provides expertise on security best practices across IT, infrastructure, and enterprise operations to support secure business strategies. Requires management support after normal hours for critical security incidents. Participates in a recurring on-call schedule that includes evenings and weekends, covering a wide range of IT incidents. During general IT incident calls, the manager serves in a scribe capacity, documenting key details and ensuring accurate entry into the service management platform. Performs other related duties as required. Experience and Qualifications
Bachelor's degree in Management or Information Systems required; MBA or MS preferred. Certifications Required (three or more): CISSP, CISM, CRISC, GIAC, CCSP, Security+. Ten or more years of information security experience, with five years in an information security role. Five years progressively responsible related work experience, including at least two years of related supervisory/management experience in a similar environment. Proven track record of managing remote teams. Comprehensive understanding of risk assessment protocols to evaluate program effectiveness and quantify information security and cybersecurity risks. Expert knowledge in security operations and incident response. Experience designing and implementing secure landing zones in Microsoft Azure and Amazon AWS. Ability to translate technical risk into business impact for executive and clinical leadership. Expert knowledge of third-party vendor security risk management and cyber supply chain management. Expert knowledge of regulatory requirements, risk and industry standards related to emerging technology, authentication capabilities, network design/security, cloud environments, and related domains. Knowledge of frameworks (NIST, ISO, SANS) and data governance models. Knowledge of network infrastructure including routers, switches, firewalls, and related protocols. Ability to manage multiple high-visibility deliverables simultaneously. Excellent customer service and interpersonal skills; excellent written and verbal communication; professional demeanor. Expert presentation and reporting skills to executive audiences; proficient with Microsoft Excel. Experience with vendor management, selection and contract management. Independent Action
Functions independently within departmental policies and practices. Must be able to work independently to achieve goals, with unresolved complex issues referred to the Director of Information Security for clarification of policies and procedures. Supervisory Responsibilities
Supervisory responsibility for up to 15 FTEs. Brown University Health is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, ethnicity, sexual orientation, ancestry, genetics, gender identity or expression, disability, protected veteran status, or marital status. Brown University Health is a VEVRAA Federal Contractor. Location: Brown University Health Corporate Services, USA:RI:Providence Work Type: Full Time Shift: Shift 1 Union: Non-Union
#J-18808-Ljbffr
The Manager Information Security Operations reports to the Director of Information Security. Under general supervision, this role manages and provides support to all Brown University Health information security services to assure a high value, efficient, comprehensive security program which meets Brown University Health needs. Responsibilities
Interviews, hires, and assigns subordinate staff; provides guidance and counsel to subordinate staff; conducts periodic performance evaluations; recommends personnel actions; acts as a resource for staff; conducts periodic individual and/or group staff meetings; prepares and submits payroll; provides and maintains subordinate staff development plans; develops standards for subordinate staff performance; coaches staff on career progression, certifications, and cross-training. Assists in determining the needs, structure, staffing, and systems required to deliver world class information security capabilities to all Brown University Health affiliates. Directs the efforts of others in the achievement of strategic and operational objectives of the group. Advises and makes recommendations in a strategic direction. Identifies opportunities for automation, standardization, cost savings, and business improvement. Identifies gaps, develops strategy, and creates operational plans in support of Brown University Health's security mission. Manages functional metric reporting requirements, developing metrics delivered to executive steering committee and measuring program success. Manages resolution of problems with reporting and has responsibility for overseeing maintenance of reporting systems. Manages Security Operations Center (SOC) operations including SIEM, alerting/detection (network/endpoint), log management, phishing (detection & response), digital forensics, penetration testing, zero-trust architecture, threat-informed defense (MITRE ATT&CK), O365 and security automation. Monitors and manages security controls across multi-cloud (Azure/AWS) environment as needed. Develops, maintains, and publishes up-to-date security policies, standards and guidelines aligning with industry best practices using control standards and regulatory frameworks. Ensures proper documentation for products including network devices, virtual machines, mobile devices, operating systems, and applications. Integrates, aligns, and acts as liaison with the business to ensure alignment with Brown University Health's Information Security Program. Manages third party partners and services to ensure value and performance per contractual agreements. Drives continuous improvement against HIPAA Security Rule and NIST CSF. Develops roadmaps for enterprise security technologies. Manages cloud and on-premises incident response processes, including tabletop exercises for breach scenarios. Ensures Brown University Health is prepared for external audits. Responsible for developing and managing the IS Security budget. Maintains up-to-date technical knowledge by attending seminars, vendor presentations, and reading professional literature. Participates in councils, quality improvement teams, and other committees as required. Develops, implements and monitors a strategic, comprehensive enterprise information security and IT risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or possessed by the organization. Oversees training and dissemination of security policies and practices. Participates in departmental goals and strategy development. Assists in negotiation and management of contracts with outside vendors. Participates in demonstrations/presentations and benchmarks. Ensures security programs comply with relevant laws, regulations and policies to minimize risk and audit findings. Acts as a liaison between the information security team and corporate compliance, audit, finance, legal, marketing, operations and HR management teams as required. Ensures Team RACI is current. Maintains work effort status within service level agreements on Brown University Health's Service Desk Platform and Task Management Platforms. Assigns tickets as required. Attends problem-management and major-incident conference calls as required, providing technical guidance, ensuring action-item ownership, and driving timely resolution and root-cause analysis. Attends project and steering committee meetings as required. Researches and assists in piloting and evaluating new tools, technologies, controls, and processes to support security policy enforcement. Monitors emerging threats, vulnerabilities, and industry best practices to ensure controls remain effective and aligned with evolving threat landscape. Provides expertise on security best practices across IT, infrastructure, and enterprise operations to support secure business strategies. Requires management support after normal hours for critical security incidents. Participates in a recurring on-call schedule that includes evenings and weekends, covering a wide range of IT incidents. During general IT incident calls, the manager serves in a scribe capacity, documenting key details and ensuring accurate entry into the service management platform. Performs other related duties as required. Experience and Qualifications
Bachelor's degree in Management or Information Systems required; MBA or MS preferred. Certifications Required (three or more): CISSP, CISM, CRISC, GIAC, CCSP, Security+. Ten or more years of information security experience, with five years in an information security role. Five years progressively responsible related work experience, including at least two years of related supervisory/management experience in a similar environment. Proven track record of managing remote teams. Comprehensive understanding of risk assessment protocols to evaluate program effectiveness and quantify information security and cybersecurity risks. Expert knowledge in security operations and incident response. Experience designing and implementing secure landing zones in Microsoft Azure and Amazon AWS. Ability to translate technical risk into business impact for executive and clinical leadership. Expert knowledge of third-party vendor security risk management and cyber supply chain management. Expert knowledge of regulatory requirements, risk and industry standards related to emerging technology, authentication capabilities, network design/security, cloud environments, and related domains. Knowledge of frameworks (NIST, ISO, SANS) and data governance models. Knowledge of network infrastructure including routers, switches, firewalls, and related protocols. Ability to manage multiple high-visibility deliverables simultaneously. Excellent customer service and interpersonal skills; excellent written and verbal communication; professional demeanor. Expert presentation and reporting skills to executive audiences; proficient with Microsoft Excel. Experience with vendor management, selection and contract management. Independent Action
Functions independently within departmental policies and practices. Must be able to work independently to achieve goals, with unresolved complex issues referred to the Director of Information Security for clarification of policies and procedures. Supervisory Responsibilities
Supervisory responsibility for up to 15 FTEs. Brown University Health is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, ethnicity, sexual orientation, ancestry, genetics, gender identity or expression, disability, protected veteran status, or marital status. Brown University Health is a VEVRAA Federal Contractor. Location: Brown University Health Corporate Services, USA:RI:Providence Work Type: Full Time Shift: Shift 1 Union: Non-Union
#J-18808-Ljbffr