Job Summary
The IT Cyber Security Manager will lead a team of security analysts and will report directly to the Director of IT Security (Deputy CISO). This role is responsible for executing and overseeing day-to-day security operations, managing security technologies, policies, and processes, and driving projects to support the enterprise security posture and reduce corporate cyber security risk. This position will collaborate regularly with leadership, including the Deputy CISO and CISO, to ensure cybersecurity priorities align with overall IT strategies and business objectives. Key responsibilities include oversight of the enterprise information security policy, developing and documenting security protocols and procedures, cyber incident response handling, identifying security gaps creating risks, pushing forward compliance efforts, monitoring threats, and driving continuous security improvements.
Core Responsibilities for all jobs at this level.
- Lead and oversee cybersecurity operations: Manage day-to-day security operations including incident response, monitoring and maintaining core security systems, and ensuring alignment with organizational cyber security policies and procedures.
- Develop and maintain governance and risk frameworks: Oversee enterprise cybersecurity policies, manage the risk register, evaluate cyber risks and potential solutions, and provide informed recommendations to leadership.
- Drive compliance and resilience efforts: Lead compliance initiatives for HIPAA, DFARS, PCI, and other applicable compliance needs, maintain disaster recovery programs, and prepare for and test organizational readiness in the event of a cyber-attack or another major security incident.
- Foster security awareness and team development: Enhance the organization's security awareness programs, prevent data loss to safeguard sensitive data, and mentor and motivate a team of security analysts to achieve operational excellence.
- Collaborate with the Project Management Office (PMO): Work closely with the PMO and other IT teams to organize and execute project tasks, ensuring cybersecurity milestones are achieved on time and within budget while aligning with broader organizational goals.
- Maintain security program capabilities and monitor cyber threats: Ensure robust coverage of deployed cyber solutions within the environment and continuously monitor and manage vulnerability posture, suspicious activities, potential cyber intrusions, and changes within the environment that may create risk exposure.
Essential Functions and Responsibilities include the following.
Security Operations Management
- Responsible for the oversight of core security systems, managed security providers, and associated security-related systems.
- Manage daily security operations, including threat detection, incident identification, and response.
- Serve as the primary incident manager for cybersecurity incidents, coordinating containment, remediation, and reporting efforts.
- Weigh business needs against security risks and make recommendations on the best options and approach
Policy and Governance
- Oversee the enterprise information and cybersecurity policy and its execution, ensuring alignment with industry standards and regulatory requirements.
- Lead efforts in Security Governance, including process, policy, and program management.
- Interface with IT leadership as needed on projects, initiatives, and other requests. Regularly communicate with the Director IT Security (Deputy CISO) and CISO to align cybersecurity with organizational priorities.
Compliance and Risk Management
- Lead and maintain compliance and/or certification efforts for applicable compliance needs (e.g. HIPAA, PCI, DFARS/CMMC, etc.) for Information Security.
- Maintain and update the organization's risk register, continuously evaluating cyber risk and threat intelligence.
- Weigh business needs against security risks and make informed recommendations to organizational leadership.
Disaster Recovery and Resilience
- Maintain the Disaster Recovery program, plan, and recurring testing to ensure organizational preparedness.
- Awareness and Prevention
- Drive continuous improvement in the effectiveness of security awareness programs throughout the organization.
- Oversee efforts in data loss prevention and cyber fraud prevention, ensuring appropriate safeguards are in place.
- Maintain and publish program metrics for leadership and participate in prioritization efforts for improvement.
Project Management
- Manage security-related projects, including technology upgrades, process improvements, and risk mitigation initiatives.
- Collaborate with IT, business units, and external vendors to ensure project success.
- Ensure PMO documentation requirements are addressed in a timely fashion during all project phases.
- Other Duties as assigned.
Additional job requirements:
- Regularly scheduled attendance
- Indicate the percentage of time spent traveling: <10%
Subject to applicable laws and Air Method’s policies, regular attendance is an essential function of the position. All employees must follow Air Methods’ employment practices and policies.
Supervisory Responsibilities
Directly supervises employees in the IT information security department. Carries out Supervisory responsibilities in accordance with the organization’s policies and applicable laws. Responsibilities include interviewing, selecting, hiring, and training employees, planning, assigning and directing work; appraising performance, rewarding and disciplining employees, addressing complaints and resolving problems. For Exempt Managers: Managers that carry out these responsibilities for two or more employees will have significant input in hiring and termination decisions.
Qualifications
To perform this job successfully, an individual must be able to perform each essential function satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. In accordance with applicable laws, Air Methods will provide reasonable accommodations that do not create an undue burden so disabled employees may perform the essential functions of the position.
Education & Experience
- Bachelor’s degree from four-year college or university; and five or more years’ related experience and/or training; or equivalent combination of education and experience
- Two or more years of management experience at the tactical operational level within IT Security
- Experience in executing cyber security programs based on the NIST, HIPAA, PCI, and similar frameworks
Skills
- Strong interpersonal skills and a high degree of collaboration at all levels.
- Demonstrates high critical thinking, reasoning skills, and problem-solving skills
- Excellent organizational skills, detail oriented, ability to multi-task efficiently and meet deadlines
- Excellent communication and presentation skills, both written and verbal
- Ability to exercise sound judgement and make decisions in a manner consistent with the essential job functions.
- Builds partnerships with related departments or functions to enhance efficiency and execution
- Contributes to business sustained growth through leadership and functional expertise
- Initiates, leads and evaluates implementation for functional programs and solutions across major business areas
Computer Skills
- Advanced Microsoft Office Suite, including Word, Excel, PowerPoint and Outlook
- Atlassian Jira for project task execution, resourcing, and tracking.
- High degree of proficiency with all levels of technology, data protection and security; including underpinning core network, system, development and application technologies
- Experience with Cloud computing and commensurate security measures thereof
Certificates, Licenses, Registrations
- None required, but a benefit for the position includes: CISSP, CISM or GIAC, or similar industry-recognized credentials.
Air Methods is an EEO/AA employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.
