Security Manager

Position: IS Security Manager
* Recommend updates to security policies and standards to align with HIPAA, HITRUST, NIST, and other frameworks.
* Coordinate implementation of security programs, policies, and configuration standards across IS.
* Lead risk assessments, vulnerability analyses, remediation planning, and the administration of a GRC platform.
* Manage third‑party risk processes, including vendor assessments and ongoing monitoring.
* Oversee penetration tests, program maturity assessments, and risk assessments.
* Ensure ongoing compliance with regulatory, contractual, and audit requirements.
* Lead the response to audit requests and efforts to remediate adverse results.
* Manage team and recommend team direction and goals in alignment with the organizational mission, vision, and values.
* Identify work and staffing needs to meet work expectations; recruit and hire, using an equity, diversity, and inclusion lens.
* Plan, organize, schedule, and monitor work; ensure employees have information and resources to meet job expectations.
* Lead the development, communication, and oversight of team and individual goals; ensure goals, expectations, and standards are clearly understood by staff.
* Train, supervise, motivate, and coach employees; provide support toward employee development.
* Incorporate guidance from Care Oregon equity tools into people leadership, planning, operations, evaluation, and decision making.
* Ensure team adheres to department and organizational standards, policies, and procedures.
* Evaluate employee performance and provide regular feedback to support success; recognize strong performance and address performance gaps and accountability (corrective action).
* Perform supervisory tasks in collaboration with Human Resources as needed.
* Minimum 6 years’ experience in information security systems, solutions or related services
* Experience must include most of the following:* + Leading teams, including developing and mentoring staff and supporting change management  + Leading complex systems projects  + Managing vendors and contracts  + Influencing others  + Developing policy and strategy roadmaps with business partners and aligning work efforts and solutions accordingly  + Developing and implementing information or cyber security programs
* Strong understanding of information security best practices and secure design principles
* Knowledge of ITIL frameworks and their application within IS environments
* Knowledge of cross‑team alignment practices and organizational calibration processes
* Understanding of governance standards and adherence to established processes
* Ability to apply core managerial disciplines, including project and change management, cross‑functional collaboration, innovation, and organizational effectiveness
* Experience across multiple information security domains, including governance risk and compliance, attack surface management, identity and access management, network security, data protection, disaster recovery, security operations, incident response, and threat modeling
* Experience managing Intrusion Detection and Prevention systems such as Rapid7, Insight

IDR and Defender ATP
* Experience with Data Loss Prevention and data classification
* Ability to promote continuous learning, empowerment, engagement, and development opportunities for employees
* Strong oral and written communication skills, including meeting facilitation and presentations
* Ability to clearly convey complex or controversial topics to diverse audiences
* Ability to form an independent perspective, collaborate in decision‑making, and motivate others—especially during challenging situations
* Ability to propose solutions and articulate business value
* Ability to elevate strategic concerns to senior leadership clearly, accurately, and promptly
* Ability to build strong working relationships with internal leaders and external partners
* Ability to collaborate effectively with coworkers, staff, leaders, and executives across all departments
* Ability to maintain a high degree of professionalism and a positive attitude
* Ability to develop and monitor policies, risks, and solutions
* Sound judgment with the ability to develop, implement,…