ABOUT SHIRLEY RYAN ABILITYLAB

Shirley Ryan AbilityLab is the global leader in physical medicine and rehabilitation for adults and children with the most severe, complex conditions. By joining our team, you will be part of our life-changing Mission and Vision. You’ll work in a truly inclusive environment where diversity and equity are championed through words and actions. You’ll contribute to an innovative culture that is second to none, one that embraces curiosity, discovery and compassion. You’ll play a role in something that’s never been done before as we integrate science and clinical care to help patients achieve better, faster outcomes — as we Advance Human Ability, together.

If you are seeking career advancement, continuing education and research opportunities coupled with a diverse and welcoming workplace, competitive compensation and generous employment benefits, please consider the following opportunity, or visit our careers page to explore additional openings.

GENERAL SUMMARY

Experienced and hands-on IT Security Operations Manager will be responsible for building and leading the Cyber Security Operations team and working in close partnership with the Risk & Compliance teams. A high degree of initiative and technical knowledge, ownership, commitment to ongoing and continuous security improvements, professional demeanor and teamwork must be demonstrated in this role.

This leader will be a subject matter expert and implementer of IT security and operational best practices. She/he will lead a diverse team in delivering security services, assist in developing training and security awareness programs, providing mentoring to junior analysts and engineers, being responsible for cyber security incidents’ investigations, audits and maturing the current security operations program and toolsets.

In a demanding 24x7x365 healthcare environment, this position requires exceptional technical knowledge, a steadfast execution mindset, excellence in services delivery, attention to details, communication and collaboration skill set.

The Manager, IT Security Operations will consistently demonstrate support of the Shirley Ryan AbilityLab statement of Vision, Mission and Core Values by striving for excellence, contributing to the team efforts and showing respect and compassion for patients and their families, fellow employees, and all others with whom there is contact at or in the interest of the institute.

The Manager, IT Security Operations will demonstrate Shirley Ryan AbilityLab Core Attributes: Communication, Accountability, Flexibility/Adaptability, Judgment/Problem Solving, Customer Service and Core Values (Hope, Compassion, Discovery, Collaboration, and Commitment to Excellence) while fulfilling job duties.

Required Skills

PRINCIPAL RESPONSIBILITIES

The Manager, IT Security Operations:

1. Leads the cybersecurity operations and response team, including operational security for patching and remediation of vulnerabilities, systems monitoring, threat analysis, defense operations, organizational education and training, and incident response.
2. Provides guidance to tier 1, 2, 3 and other first responders, analysts and engineers, for proper handling of cybersecurity incidents. Contributes to a team of cyber security staff in a leadership, coach, and mentor capacity while working on threats, briefing event details to leadership, and coordinating remediation with key personnel.
3. Leads daily security operations for all on-premises, hosted, and cloud infrastructure, storage, applications, systems, and networks. Performs oversight of internal teams and managed service providers that support IT security operations.
4. Develops strategies and plans to adapt security operations best practices, administers training and security awareness programs, leads the creation and delivery of formal measures for infrastructure security health and performance.
5. Leads analysis of potential impact of new threats, exploits and integrates protective measures into current controls and platforms.
6. Analyzes digital forensic evidence using forensic tools to identify the severity, exposure and threat of exploitation.
7. Performs in-depth analysis in support of complex Incident Response operations and provides enhancement and recommendations.
8. Performs post-incident root cause analysis and makes recommendations for changes and process improvement.
9. Builds formal and informal relationships within SRAlab and among business partners and customers to improve the effectiveness of IT Security Operations. Collaborates with all IT teams and promotes ongoing and continuous security improvements.
10. Develops written documents to provide detailed practices required for operational excellence and security. Ensures users, service delivery, and systems will adhere to documented standards.
11. Rigorously assess and develops talent to enable succession and builds bench strength. Plans IT Security Team staff training and development requirements.
12. Performs all other duties that may be assigned in the best interest of the Shirley Ryan AbilityLab.

REPORTING RELATIONSHIPS

1. Reports directly to the Director, IT Operations

Required Experience

KNOWLEDGE, SKILLS & ABILITIES REQUIRED

1. Bachelor’s degree in Cyber Security/Information Technology (or a related field) or equivalent industry experience required.
2. Minimum ten (7) years of experience in cybersecurity with minimum three (3) to five (5) years in a security operations and leadership management roles.
3. Expertise managing, maintaining and operating Security Incident and Event Management (SIEM) solutions. Expertise in log management, SIEM alert and parser tuning and dashboard design.
4. Robust experience with Antivirus and encryption tools, endpoint detection and response security tools, CASB (cloud access security broker) tools, DLP (data loss prevention) solutions, intrusion detection & prevention systems, systems patching and vulnerability management tools and processes.
5. Knowledge of security configuration and monitoring for Windows and Linux OS, AWS/Azure cloud, container environments, applications, and network devices and systems.
6. Experience in the design, implementation, configuration and maintenance of IT security technologies, processes, and products.
7. Project management experience for full security system lifecycle and security tool upgrades, including business case development and budgets. Ability to manage expectations, bring together and align different points of view.
8. Develop and present comprehensive reports and presentations for leadership including KPI metrics. Strong business acumen, communication skills, and process-oriented thinking.
9. Effective communication and meticulous documentation skills required.
10. Experience with REGEX and scripting using Perl, WSH, PowerShell, etc. Experience with forensics and tools such as Forensic Toolkit, or FTK, FTK, Wireshark, EnCase, Autopsy, Sleuth Kit, etc.
11. Familiarity and knowledge of core security frameworks: HIPAA (Healthcare Insurance Portability and Accountability Act), PCI DSS (Payment Card Industry's Data Security Standard), NIST (National Institute of Standards and Technology), HITRUST (Health Information Trust Alliance), ISO 27000 Series (International Organization of Standardization), etc.
12. Certifications such as CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), or CISM (Certified Information Security Manager) preferred. SANS/GIAC (SysAdmin, Audit, Network, and Security/ Global Information Assurance Certification) or other vendor certifications in digital forensics and incident response, management preferred.
13. CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or other advanced security certifications are a plus.
14. Experience with delivery of superior customer service.
15. General understanding of Cerner and Financial System and their integration a plus.
16. Ability to transport and move PCs, printers, and related hardware weighing up to 30 pounds.

WORKING CONDITIONS

1. Normal office environment with little or no exposure to dust or extreme temperature.

The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.

Shirley Ryan AbilityLab is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law.

Principal Responsibilities

The Manager, IT Security Operations:

1. Leads the cybersecurity operations and response team, including operational security for patching and remediation of vulnerabilities, systems monitoring, threat analysis, defense operations, organizational education and training, and incident response.
2. Provides guidance to tier 1, 2, 3 and other first responders, analysts and engineers, for proper handling of cybersecurity incidents. Contributes to a team of cyber security staff in a leadership, coach, and mentor capacity while working on threats, briefing event details to leadership, and coordinating remediation with key personnel.
3. Leads daily security operations for all on-premises, hosted, and cloud infrastructure, storage, applications, systems, and networks. Performs oversight of internal teams and managed service providers that support IT security operations.
4. Develops strategies and plans to adapt security operations best practices, administers training and security awareness programs, leads the creation and delivery of formal measures for infrastructure security health and performance.
5. Leads analysis of potential impact of new threats, exploits and integrates protective measures into current controls and platforms.
6. Analyzes digital forensic evidence using forensic tools to identify the severity, exposure and threat of exploitation.
7. Performs in-depth analysis in support of complex Incident Response operations and provides enhancement and recommendations.
8. Performs post-incident root cause analysis and makes recommendations for changes and process improvement.
9. Builds formal and informal relationships within SRAlab and among business partners and customers to improve the effectiveness of IT Security Operations. Collaborates with all IT teams and promotes ongoing and continuous security improvements.
10. Develops written documents to provide detailed practices required for operational excellence and security. Ensures users, service delivery, and systems will adhere to documented standards.
11. Rigorously assess and develops talent to enable succession and builds bench strength. Plans IT Security Team staff training and development requirements.
12. Performs all other duties that may be assigned in the best interest of the Shirley Ryan AbilityLab.

Reporting Relationships

1. Reports directly to the Director, IT Operations