Work In Oregon Veterans Jobs

Jobs Currently Available in Oregon

Mobile Worksource Oregon logo

Job Information

CareOregon IS Security Manager in Portland, Oregon

Position Title: IS Security Manager

Department: Infrastructure and Applications

Title of Manager: Director, IS Infrastructure & Operations

Supervises: IS Security Staff

Exemption Status: Exempt

Requisition: 16104

General Statement of Duties

The IS Security Manager is responsible for ensuring that CareOregon’s information security posture is complete and robust in service to our members. This position partners with business leaders across the enterprise to oversee and mature CareOregon’s information systems security policies and processes. The role is also responsible for assessing and monitoring internal IS teams and external technology partners for security risk and compliance.

Essential Position Functions

Information Security Program

  • Accountable for the design, implementation and oversight of an effective Information Systems Security Program aligned with recognized industry best practices.

  • Partner with Information Services leaders to ensure information system security objectives are met.

  • Champion the cause for information security throughout the organization.

  • Propose improvements and updates to CareOregon’s security policy in alignment with security best practices and any applicable regulations, such as HIPAA/HITRUST and NIST SP 800-53.

  • Establish the Information Security Roadmap and reporting on its progress to senior IS department leaders and CareOregon’s senior executives.

  • Provide ongoing oversight of the Information Security Incident Response Plan; coordinate training for participating teams.

  • Perform formal assessments of security controls against cybersecurity best practices to identify gaps, generate reports on assessment findings and participate in the development and support of required corrective action plans.

  • Lead the design and execution of periodic testing of the IS Disaster Recovery Plan.

  • Facilitate information security governance meetings with CareOregon senior leadership and executives; compile management reports, summary analyses and detailed presentations to describe security risk, controls and maturity assessments.

  • Ensure information security awareness training content is current and comprehensive and all CareOregon staff successfully complete the required annual training.

  • Provide IS security subject matter expertise to IS and business teams throughout the organization.

  • Establish and maintain relationships with suitable information security vendors and partners.

  • Guide and oversee organizational security posture of services transitioning from on-premise to cloud services such as Azure.

Information Security Operations

  • Assess current and future information security risk; lead remediation efforts.

  • Lead the audit of applications and system configurations routinely to ensure proper information security is in place.

  • Identify and report on any systems vulnerabilities; partner with IS teams to implement appropriate countermeasures.

  • Establish and lead a vulnerability management program, prioritize remediation efforts and work with other teams to document and track program effectiveness.

  • Assess and ensure CareOregon’s applications, systems and services are in alignment with CareOregon IS security and risk management policies.

  • Investigate reported security incidents, lead remediation efforts and provide reporting as necessary.

  • Ensure compliance with internal auditing, HIPAA and other federal regulations.

  • Develop or participate in business planning, budgeting, performance targets, and policy development.

  • Define and report on appropriate metrics.

  • Continuously assess endpoint security control coverage, escalating gaps to appropriate teams for corrective action required.

Audits and Third-Party Oversight

  • Respond to audits and lead efforts to remediate adverse results.

  • Monitor partners and third parties for compliance with CareOregon security policies, contracts and government regulations.

  • Test security controls and validate that the controls are designed appropriately and are effective.

  • Effectively and efficiently document findings and develop actionable, clear recommendations.

  • Evaluate the security operations of managed service providers and oversee risk management.

Management and Leadership

  • Plan, organize, manage and monitor work projects, frequently acting as project manager on projects.

  • Train, supervise and evaluate performance of assigned staff.

  • Provide staff with the training, mentoring and resources necessary to carry out their work.

  • Ensure adherence to department and organizational standards, policies and procedures.

  • Ensure performance goals, expectations and standards are clearly understood by supervised staff.

  • Manage team priorities and activities, and ensure deliverables are met.

  • Evaluate employees’ performance on an ongoing basis and take appropriate corrective action if needed.

  • Perform human resource functions in collaboration with Human Resources.

    Essential Department and Organizational Functions

  • Propose and implement process improvements.

  • Meet deadlines for completion of workload.

  • Maintain agreed upon work schedule.

  • Demonstrate cooperation and teamwork.

  • Provide cross-training on specific job responsibilities.

  • Meet identified business goals that contribute to departmental goals.

  • Perform other duties as needed.

    Knowledge, Skills and Abilities Required

  • Understanding of information security best practices and design

  • Experience working in multiple information security domains (e.g. governance risk and compliance), attack surface management, identify and access management, network security, data protection, disaster recovery, security operations, incident response and threat modeling

  • Understanding of ITIL

  • Experience managing Intrusion Detection and Prevention systems, such as Rapid7, InsightIDR and Defender ATP

  • Experience with Data Loss Prevention and Data Classification

  • Strong understanding and ability to apply managerial concepts and techniques such as project/change management, idea creation and cross-team effectiveness

  • Ability to foster continuous employee learning, empowerment, engagement and opportunities

  • Strong oral and written communication skills, including meeting facilitation and presentations

  • Ability to effectively communicate complex and/or controversial topics and concepts to diverse audiences

  • Ability to establish an independent view, effectively collaborate in decision-making and motivate others, especially during difficult situations or on challenging organizational issues

  • Able to propose solutions and communicate business value

  • Ability to effectively elevate strategic concerns to senior management in a timely, clear and accurate manner

  • Ability to develop strong working relationships with internal leaders and external partners

  • Ability to effectively collaborate with coworkers, staff, leaders and executives across all departments

  • Strong knowledge of cross team calibration

  • Ability to maintain high degree of professionalism

  • Ability to maintain a positive attitude

  • Ability to develop and monitor policies, risks and solutions

  • Sound judgment and ability to develop, implement and reinforce policy and strategy

  • Ability to see the big picture beyond a request and takes appropriate holistic action, employing “systems thinking”

  • Advanced project management skills

  • Advanced vendor management skills

  • Advanced budget management skills

  • Strong analytical and research skills; ability to see patterns in data and draw appropriate conclusions

  • Understanding of and ability to adhere to governance and process

    Physical Skills and Abilities

Lifting/Carrying up to 0 Pounds

Pushing/Pulling up to 0 Pounds

Pinching/Retrieving Small Objects

Crouching/Crawling

Reaching

Climbing Stairs

Repetitive Finger/Wrist/Elbow/

Shoulder/Neck Movement

0 hours/day

0 hours/day

0 hours/day

0 hours/day

0 hours/day

0 hours/day

More than 6 hours/day

Standing

Walking

Sitting

Bending

Seeing

Reading

Hearing

Speaking Clearly

0 hours/day

0 hours/day

0 hours/day

0 hours/day

More than 6 hours/day

More than 6 hours/day

3-6 hours/day

3-6 hours/day

Cognitive and Other Skills and Abilities

Ability to focus on and comprehend information, learn new skills and abilities, assess a situation and seek or determine appropriate resolution, accept managerial direction and feedback, and tolerate and manage stress.

Education and/or Experience

Minimum 6 years’ experience in information security systems, solutions or related services, including a minimum of 2 years’ supervisory or people management experience. Experience must include most of the following:

  • Leading teams, including developing and mentoring staff and supporting change management

  • Leading complex systems projects

  • Managing vendors and contracts

  • Influencing others

  • Developing policy and strategy roadmaps with business partners and aligning work efforts and solutions accordingly

  • Developing and implementing information or cyber security programs

Working Conditions

  • Environment: This position’s primary responsibilities typically take place in the following environment(s) (check all that apply on a regular basis):

☒ Inside/office ☐ Clinics/health facilities ☐ Member homes

☐ Other_____________

  • Travel: This position may include occasional required or optional travel outside of the workplace, in which the employee’s personal vehicle, local transit, or other means of transportation may be used.

  • Equipment: General office equipment and mobile technology

  • Hazards: n/a

Candidates of color are strongly encouraged to apply. CareOregon is committed to building a linguistically and culturally diverse and inclusive work environment

Veterans are strongly encouraged to apply.

Equal opportunity employer. This company considers all candidates regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.

DirectEmployers