Manager of Information Security
Our goals are to provide excellent service, utilize advanced technology, and proficiently deliver results. To accomplish these goals, we constantly seek individuals who look for ways to do things better. We are a company whose
cultivates teamwork, rewards excellence, focuses on quality for every aspect of our business, and promotes community involvement.
Tabula Rasa HealthCare (TRHC) is a leader in providing patient-specific, data-driven technology and solutions that enable healthcare organizations to optimize performance to improve patient outcomes, reduce hospitalizations, lower healthcare costs, and manage risk. Medication risk management is TRHC’s lead offering, and its cloud-based software applications, including EireneRx® and MedWise™, provide solutions for a range of payers, providers and other healthcare organizations.
TRHC empowers our employees to provide excellent service, utilize advanced technology, and proficiently deliver results. Our 32Fundamentals are what we are and who we are. Our culture cultivates teamwork, rewards excellence, focuses on quality for every aspect of our business, and promotes community involvement. As a part of our team, you will help us bring innovative service models to healthcare, improving patient outcomes.
The Information Security Manager will provide technical leadership for the the managed services provider’s day-to-day security operations, perform security architecture reviews, driving the implementation of controls, addressing information security vulnerabilities, creating and maintaining documentation. They will play a key role in the governance and risk management activities of the Information Security Team.
ESSENTIAL JOB FUNCTIONS:
- Manage daily interactions with our managed service provider to ensure risks, vulnerabilities and other security items are addressed and acted upon.
- Manage the execution and adherence of security strategy to ensure TRHC is continually prepared in terms of their security posture, and that it aligns with the company’s risk appetite and external regulatory requirements.
- Lead risk assessment acivities for critical assets, and manage risks throughout the Risk Management Process.
- Be a key contributor in the overall governance with the Information Security Program.
- Manage the information security policies and ensure that it aligns with the security strategy and any regulatory requirement (e.g., SOX, HIPAA) and external frameworks (e.g., HITRUST) used.
- Manage Third-Party Security Risk Management practices and procedures to ensure T-P security risk is managed and maintained within company standards and regulatory requirements.
- Perform audits of third parties such as vendors, services providers, consulting organizations etc. as part of Third-Party Risk Management.
- Manage and perform security architectural review of acquired application (e.g., IT Tools, SAAS) and internal Products to ensure they are designed and operating in a secure manner as required by security policy and external regulations.
- Participate in the Information Security Incident process.
- Participate and support internal and external audits as required.
- Provide guidance and support to IT and business areas to ensure security posture is in place and maintained to meet the various mandates.
- Participate in education and mentoring of technical teams on security requirements.
- Ensure that appropriate documentation in the form of policies, standards and procedures is created and managed to drive behaviors and set expectations for securing the environment.
- Must be able to build relationships with technology and business teams across the company.
- Interact routinely with managed service providers, vendors, consultants/advisers and professional organizations.
- Occasional travel to company divisions outside of the corporate office location may be required.
QUALIFICATION REQUIREMENTS: These represent the desired qualifications of the ideal candidate. They are not meant to limit consideration for candidates who do not meet all of the standards listed. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
EDUCATION: Bachelor's or Master's degree in a computer or information management or related field
EXPERIENCE: 3-5 years' experience in an information security operations management, 1-3 experience working with or managing a managed-service provider is a plus. 2-4 years’ experience in security architecture and/or security strategy role.
- At least one of CISSP, CISM or CRISC preferred.
- Strong attention to detail, influencing and problem resolution skills.
- An outgoing personality is a MUST for this position.
- Demonstrated experience in maintaining and managing security operations and GRC functions.
- Understanding of Sarbanes Oxley (SOX) Compliance requirements and IT General Controls.
- Familiarity with a broad range of IT and Information Security products and technologies such as identity and access management, vulnerability management, encryption and key management, logging and monitoring and application security.
- Familiarity with cloud and SaaS-based environments and technologies with associated auditing methodologies.
- Expert presentation, documentation and communication skills.
The Company is proud to be an equal opportunity employer. All qualified applicants will receive consideration without regard to ancestry or national origin, race or color, religion or creed, age, disability, AIDS/HIV, gender, marital or family status, pregnancy, childbirth or related medical conditions, genetic information, military service, protected caregiver obligations, sexual orientation, protected financial status or other classification protected by applicable law.
- Pay Type Salary