Share this Job

Manager - Cyber Security Consulting

About Providence

Providence, one of the US’s largest not-for-profit healthcare systems, is committed to high quality, compassionate healthcare for all. Driven by the belief that health is a human right and the vision, ‘Health for a better world’, Providence and its 120,000 caregivers strive to provide everyone access to affordable quality care and services.

Providence has a network of 52 hospitals, 1,000+ care clinics, senior services, supportive housing, and other health and educational services in the US. 

Providence India was established to bring to fruition the transformational shift of the healthcare ecosystem to Health 2.0. The India center will have focused efforts around healthcare technology and innovation, and play a vital role in driving digital transformation for Improved patient outcomes and experiences, caregiver efficiency, and running the business of Providence at scale.



Why Us?

  • Best In-class Benefits
  • Inclusive Leadership
  • Reimagining Healthcare
  • Competitive Pay
  • Supportive Reporting Relation

How is this team contributing to the vision of Providence?

Enterprise Information Security (EIS) is committed to appropriately protecting all information relating to its caregivers and affiliates, as well as protecting its confidential business information (including information relating to its caregivers, affiliates, and patients).

 

What will you be responsible for?

  • Design, development, operationalization and continuous improvement of Security-as-a-Service (Providence's Security Consulting) strategy, capabilities, and services as a major contributor to the global team. This strategy is crucial to the organization’s vision of enhancing Cybersecurity maturity and providing best-in-class services, while driving down costs.
  • Drive the productization, sales and delivery of Security-as-a-Service strategy, capability maturity, service delivery and maturity.
  • Collaborate with other Providence teams and leadership to discover and realize innovation for Security-as-a-Service capabilities and services within scope of responsibility. 
  • Partner, collaborate and build relationship with different departments, leaders, stakeholders, vendors, agents, and others to deliver Security-as-a-Service goals.
  • Establish deep trust relationships with customer’s key security leaders and related IT/controls and business operations personnel.
  • Have a thorough understanding of complex IT systems and technical security concepts, and stay up to date with the latest security standards, systems and protocols, as well as best practice security products.
  • Provide thought leadership on new and industry-leading enterprise-class Security solutions, capabilities, and services.
  • Drive accountable areas for results. Take ownership of the environment, teams, operations, initiatives, and projects within areas of accountability, sometimes in ambiguous circumstances
  • Build and manage a professional, creative, and collaborative team. Take ownership of hiring, training, and developing staff to ensure the team has both the technical and organizational skills to effectively maintain operations and support as measured by established service levels; conduct and oversee evaluations and establish performance goals of the staff; resolve disciplinary problems, grievances, and other sensitive personnel matters.
  • Provide responsive leadership to delegate, coordinate, and motivate staff; evaluate performance for direct reports and for contractors/other peoples’ direct reports; work with individuals and HR to improve performance as needed.

 

What would your day look like?

  • Advocate Information Services (IS) and Enterprise Information Security (EIS) goals and commitments.
  • Understand and deploy EIS vision within Security-as-a-Service function. Govern adherence to policies and standards.
  • Drive Security-as-a-Service engagement model, capabilities, and services.
  • Determine marketing requirements and work towards building marketing strategy across service capabilities.
  • Develop new and unique security services focused on Healthcare Industry.
  • Develop security capability, strategy, roadmaps and governance of platforms/solutions in various technology domains.
  • Develop workflows for key business office functions and associated projects and new processes that are being implemented including requirements definition, business analysis documents, and standard operating procedures.
  • Conduct both technical and non-technical security assessments and internal audits in accordance with ISO 27001/2, NIST CSF and other appropriate standards such as HIPPA and PCI DSS.
  • Provide strategic and technical recommendations following identification of vulnerabilities across systems, applications, cloud services, network, etc.
  • Provide security expertise with Acquired Entities Integration and Business teams on solutions and deployment of company standard security technologies and access controls.
  • Provide security expertise into design prototyping projects and maximize the value of prototyping by taking forward the learnings and outputs into the solution and end-to-end design.
  • Conduct security incident response/investigations and forensic and data collection services as needed as a back up to primary team members performing this service.
  • Participate as a Subject Matter Expert in cyber security incident and breach investigations and post-breach remediation work.
  • Monitor compliance with the organization's security policies and procedures among employees, contractors, vendors and other third parties and takes corrective action.
  • Participate in the analysis for major contracts for hardware, software and services within areas of accountability.
  • Communicate and summarize status of operations and projects, and progress toward major initiatives to leadership as well as to direct and indirect reports.
  • Perform well under pressure and with appropriate regard for confidentiality and discretion when dealing with sensitive matters.
  • Build consensus and drive to agreement upon a course of action where there are multiple perspectives.
  • Know when to proactively communicate with leadership about issues and problems that exist in their own functional area; performs daily interaction with staff; holds regular team meetings.
  • Lead a team of Security Engineers at different levels.
  • Travel up to 50% of work schedule, if required.

 

Who are we looking for?

  • 4-year University (Bachelor’s) degree in Computer Science, Information Technology, Cyber Security or related field, or equivalent experience.
  • CISSP, ISSAP, OSCP, SANS or equivalent Information Security certifications.
  • 12+ years of experience in an Information Systems role. 7+ years of experience as a security consultant providing diverse set security services.
  • 10+ years of experience in performing Security Audits/Assessments for end clients, such as for ITGC, HIPPA, PCI DSS, System and Application Security Assessment, Vulnerability Assessment, Penetration Testing, Solution Security Architecture, Design and Configuration Assessment, Forensic Investigations, etc.
  • 7+ years of experience in architecting and designing security offerings that are on-prem and cloud hosted systems that are continuously monitored, such as for SIEM, SOAR, UEBA, Host Security, Application Security, Cloud Workload Security, Network Security, Security Posture Monitoring, etc.
  • Market knowledge on cyber security demands and Healthcare customers' security-related expectations.
  • Solid experience in developing Pricing/Costing models for security service proposals.
  • Security Engineering Techno-functional SME with very good customer negotiation skills.
  • Strong experience and background on responding to Request for Proposal/Information (RFP/RFI), developing Master Service Agreements (MSA), Statement of Works (SOW) and other contractual arrangements for Security engagements.
  • Preferred Healthcare provider domain experience
  • A start-up mindset with the intent to take ownership and belief that you can make a difference!

At Providence, we not only acknowledge differences but also honor it. We appreciate differences related to the following factors but not limited to background, education, gender, age, generation, religious background, ability, technical skills in all our employment related opportunities.

Health is a human right