Sr. Manager, Threat And Vulnerability Management

As the #1 advisor for developing and empowering people to deliver the highest quality care, HealthStream’s brands include best-in-class apps, software, and specialized solutions. Over the last 30+ years, our Company has remained committed to solving big problems and growing into new product lines. We are constantly innovating and finding new ways to positively impact healthcare organizations. 

What does our values-based culture offer you? 

• A collaborative work environment 

• A mission-oriented mindset 

• Work-from-home flexibility 

• A chance to grow your career 

All our HealthStreamers share a common vision: to improve the quality of healthcare by developing the people who deliver care. For over 30 years, we have remained committed to providing effective solutions through innovation and constant growth. Today, we offer a unified suite of products to streamline scheduling, credentialing, training and learning management, workforce development, and other key areas in the healthcare industry. We provide recurring value and, as a HealthStreamer, you will be at the forefront of healthcare technology innovation! 

We offer work-from-home flexibility as part of our hybrid workplace policy. Our three Resource Centers (located in Nashville, TN; Boulder, CO; and San Diego, CA) are available for scheduled in-person events or assigned workspaces for those who want to work in the office. Remote team members also have access to flexible space scheduling for occasional use.   

We encourage collaboration and commit to growth for our entire team. Our thriving culture allows our team members to continuously solve big problems, and we value these contributions. If you want to work for a company committed to its values and vision, HealthStream is the place for you! 

We make sure patients receive competent care from qualified people. As a HealthStream team member, you would help this vision come to life. We pride ourselves on being a community where you can both build your career and take time away to fulfill your life goals and commitments. 

Your Role As a HealthStreamer 

Position Summary

Under the direction of the Senior Director Information Security, the Sr. ManagerThreat and Vulnerability Manager is responsible for overseeing the design and implementation of all facets of HealthStream’s TVM program. Primary role will be supporting the duties of the Information Security Department, specifically vulnerability scanning and monitoring, and mentoring security analysts/admins/engineers to increase security knowledge and skills. Candidate should be familiar with fundamental concepts of security architecture and design, identity management, risk assessment, compliance, application security and security awareness training. Will provide guidance for the governance, risk, and compliance (GRC) and Application Security teams as needed. 

Essential Duties and Responsibilities

You will be responsible for adhering to all HeathStream security policies, procedures, and assigned training.

Expected to assist in projects, conduct vulnerability assessments and represent the logical and physical security interests for HealthStream’s information systems and electronic information assets in a variety of settings.

What You Will Need to be Successful

Education, Experience and Knowledge Required

• Manages day to day security operations including monitoring of all security tools and response to all security threats

• Manages security projects/architecture to ensure appropriate security levels for organization and maintains functionality and operation for business

• Drives security initiatives and goals to completion through identifying security champions, developing relationships and building formal programs to promote information security in other departments and teams

• Participates in developing, recommending, and delivering information security training

• Participates in the development of an Information Security Program and Security Operations Procedures

• Participates in development of security strategy for the organization

• You will play a key role in building and maintaining this culture as our organization grows

• Single point of contact for all security issues – needs to be able to provide leadership across multiple environments

• Security Controls & Risk Management – Ability to work with teams across the organization and 3rd parties to deliver results

• Data Protection – work closely with operations and development teams to implement and maintain appropriate security controls

• Incident Management – managing potential data breaches and presenting incident reports to senior leadership

• Participate in maturing the Threat and Vulnerability Risk Management Program

• Project Management on various security projects such as conducting scans on applications, or converting applications to SSO/ESO/MFA, or executing third party audits and penetration tests

• Thought leadership – Review security policies and standards and suggest improvements

Skills and Abilities Required

• Ability to identify and assess complex problems for area of responsibility and create solutions in situations that require in-depth analysis and knowledge of organizational objectives

• Ability to keep up to date with the latest security trends

• Understand company policies and standards and be able to translate to business users

• Leadership skills to allow the individual to interact well with customer leadership, as well as internal leadership

• Ability to interface with customers and suppliers via strong written and verbal communications skills

• Excellent organization/time management and problem-solving skills

• Project Management Skills

• Minimum of 7 years of experience in a technology / security related position

• 3 years' management experience leading teams

• Experience working with compliance frameworks and SIEM (Security Information and Event Management) systems

• Comprehensive knowledge of compliance frameworks such as Sarbanes-Oxley, PCI, or ISO. HITRUST knowledge is a plus.

• Comprehensive knowledge of firewalls, intrusion detection systems, anti-virus software, data encryption, and other industry-standard techniques and practices

• Comprehensive technical knowledge of network, PC, and platform operating systems, including Cisco, Microsoft, and Linux

• Advanced ability to conduct research into security issues, standards, and products as required

• Advanced ability to work on Information Security sponsored projects, which includes providing necessary documentation, establishing and meeting timelines

• Advanced ability to promote Security Awareness training

• Advanced ability to create and/or maintain documentation including policies, procedures, security awareness tips, and compliance reports

Benefits 

HealthStream offers a comprehensive benefits package to eligible employees, including: 

• Medical, Dental and Vision insurance 

• Paid Time Off 

• Parental Leave 

• 401k and Roth 

• Flexible Spending Account 

• Health Savings Account 

• Life Insurance 

• Short- and Long-Term Disability 

• Medical Bridge Insurance 

• Critical Illness Insurance 

• Accident Insurance 

• Identity Protection 

• Legal Protection 

• Pet Insurance 

• Employee Assistance Program 

• Fitness Reimbursement 

If you have a passion for improving healthcare outcomes and empowering healthcare workers, come join the HealthStream team! We hope you join us and be a HealthStreamer!