Information Security & Assurance Manager

Job Summary: 

This position will serve as a subject matter expert in the area of cybersecurity and work on a regular basis with a cross-functional team comprised of emergency management and technical stakeholders to achieve the goals of a federal research contract.

This role requires a technical leader with a high degree of knowledge in the overall field and recognized expertise in specific areas; problem-solving frequently requires analysis of unique issues/problems without precedent and/or structure. May manage programs that include formulating strategies and administering policies, processes, and resources; functions with a high degree of autonomy. Seeking candidates with experience defining the security requirements for safeguarding Healthcare systems and supporting Clinical units with technical and administrative readiness who are also open to cross training with emergency management or business continuity professionals to develop a foundational understanding of emergency management, disaster preparedness, and business continuity principles and practice in order to better protect health care systems against a variety of emergencies arising from hostile cyber threats.

 

Job Duties: 

Directs and constructs security operations, develops goals and objectives, and administers policies, procedures and processes as needed.

Develops appropriate metrics to track the security posture of UT Health San Antonio’s IT environment.

Ensures prevention and detection mechanisms and practices remain current with cyber threats. Validates IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable.

Conducts or facilitate threat modeling of services and applications that tie to the risk and data associated with the service or application.

Ensures a complete, accurate and valid inventory of all systems, infrastructure, and applications. Oversees the identification of vulnerabilities in the university’s IT environment and communicates and monitors mitigation priorities with system owners and administrators.

Coordinates with Compliance and privacy officer to document data flows of sensitive information in the organization (e.g., PII or ePHI) and recommend controls to ensure that this data is adequately secured.

Oversees information security awareness programs for all approved systems users and contractors/third parties.

Establish, manage, and coordinate implementation of security training and awareness program including facilitation of security advocacy events.

Conducts cyber security and IT risk management research and provides updates on industry trends, standards, and practices.

Manages security incident containment, investigation, communication, and reporting activities.

Collaborates with appropriate IT and university leadership on IT system resiliency controls, disaster recovery and business continuity programs, processes, and technology.

May lead staff members by providing direction and guidance of day-to-day workflow.

Ensures compliance of the Information Security Program with applicable laws and regulations.

Develops, reviews, and facilitates approval of information security policies and standards that align to state laws and federal regulatory rules, university and UT System policies.

Manages an information risk management program with appropriate risk assessment processes, documenting IT controls, and identifying threats and impact of risk.

Assesses data security risks as it relates to projects and technology use and develop tools and interventions to mitigate risk.

Coordinates a risk-based process for managing vendor/third-party risk and business associate oversight. Ensures adherence to policies and procedures related to IT security/privacy and systems resiliency for all third-party access and engagements.

Partners closely with UT Health San Antonio IT, Purchasing, Legal, Compliance, Audit, Research and Academic leadership to ensure close alignment and support for any technical, security, or privacy aspects of contracts, systems, and related information security needs.

 

Education: 

Bachelor's degree in computer science, information systems, cybersecurity or a related field required.

Master's degree is preferred.

 

Experience:

Seven (7) years of General IT experience and Four (4) years of IT security-related experience required.

Preferred:

• Expertise with HIPAA and other healthcare data protection and security requirements as defined by HHS.
• Experience assessing compliance and cyber risk for a clinical medical system.

 

Licenses and Certifications:

CISSP - Certified Information Systems Security Professional required.

Additional Information