Information Security Manager

Job Type

Full-time

Description

At Wayspring, we are committed to furthering our value of Equity & Inclusion throughout our recruiting practices. We seek diversity of background and opinion, as we think these attributes improve the performance of our company and are the right thing to do for our communities. We recognize and remove barriers to success within our company and communities. We seek to build a recruiting process that is inclusive and fosters diversity.

Why Wayspring?

We are passionate about breaking barriers alongside those facing substance use disorder. Whether you're in the field or in the corporate office - our mission is felt, and your impact is recognized. There is no inner circle, and we all have a seat at the table. Leaders are accessible and silos are avoided. We respect your craft and love to be challenged. We invest not only in our mission, but in each other. Internal promotions and cross departmental trainings are the norm - you grow, we grow. At Wayspring, we don't just see you as an employee, we see you for who you are. a whole-person - with hobbies, pets, families, and lives outside of work. Our flexible schedule and flexible work environment options help you to create and maintain the work-life balance you need most.

Overview of the Information Security Manager

The Information Security Manager will mature and manage Wayspring's information security program. Your work in helping manage and build our information security efforts will enable Wayspring's continued commitment to the security and privacy of its client's and member's information. You will continue to drive Wayspring's existing culture of security awareness.

Wayspring is HITRUST CSF Certified.

Responsibilities of the Information Security Manager

• Manage and further develop Wayspring's information security program
• Maintain information security subject matter expertise in the healthcare industry
• Collaborate with internal business units on information security to inform, educate, and develop effective solutions to protect Wayspring's assets
• Identify administrative, technical, and physical security opportunities and challenges, researching and developing solutions to rectify them
• Maintain company security metrics and reporting
• Manage and further develop Vulnerability Management processes and reporting
• Manage and further develop the company's Threat Management program. Stay informed of threats to the company environment through company security solutions, public forums, etc.
• Manage the company Incident Response program including incident response plans and processes
• Ensure effective security monitoring is in place for company assets
• Provide application security control recommendations to company
• Manage role-based access initiatives and help define role-based access models for use in organization and access review processes
• Perform periodic reviews of key company assets (e.g., firewalls, M365, applications) to ensure appropriate security controls are in place
• Set physical and technological security requirements for office buildouts and remote environments
• Perform review of Information Security deliverables to ensure accuracy, consistency, and completeness, whether in contract, RFP, or questionnaires
• Manage the delivery of Wayspring's client information security assessments
• Coordinate and oversee third-party assessments and penetration testing exercises

Requirements

• Minimum of 4+ years of progressive work in information security
• A solid understanding of the IT security vulnerabilities of healthcare organizations and their service providers
• Hands-on technical security capabilities and expertise
• Working knowledge of information security frameworks and regulations (e.g., NIST CSF, ISO/IEC 27001:2022, SOC 2 Type II, HITRUST CSF, HIPAA, etc.)
• Strong knowledge of security strategy and risk management
• Excellent verbal and written communication and ability to conduct presentations to technical, non-technical, and mixed groups
• Ability to research and communicate advanced security issues to appropriate parties
• Detailed knowledge of security technologies and trends

Company and Benefit Summary

Wayspring has reimagined substance use disorder treatment. We provide individualized care, delivered with a peer-centered approach. We focus on making sure patients have their basic needs met, like access to care, economic stability, and connection to relationships and community. Then we help each person find their own way to wellness.

• Hybrid - remote/in-office options for the Nashville Office
• Medical, Dental and Vision Insurance Options
• Company funded HSA
• Monthly Gym Allowance
• Paid parental leave - all parents included!
• Company paid short term disability, long term disability and life insurance
• 401k matching
• Premium Employee Assistance Program, inclusive of counseling sessions
• Company Contributions to Future Minded Savings (think 529, HSA, Student Loan Reimbursement, and Emergency savings fund)
• Generous PTO package (accrual policy based on years of service) and an additional 10 paid company holidays

Research shows that while men apply to jobs when they meet an average of 60% of the criteria, women and other marginalized folks tend to only apply when they check every box. So, if you think you have what it takes, but don't necessarily meet every single point on one of our job openings, please still apply. We'd love to consider your application and see if you could be a great fit!