The Sr. Manager of Information Security Operations is responsible for building and operating a team dedicated to the operational aspects of the information security program at athenahealth. Scope includes the confidentiality, integrity, and availability of information in our cloud service network and internal business networks. The operations team is responsible for monitoring, responding to, and escalating security incidents to other members of the security team.
Specific responsibilities may include, but are not limited to:
Develop, document, and teach operational procedures to an information security operations team; specific areas of responsibility may include:
Perform daily and other periodic checks of information security reports and logs Respond to alerts received from detection systems and health monitoring systems Respond to tickets and emails reporting security issues or requesting information security assistance Define and manage service levels Write and enhance technical articles for internal knowledge base Participate in 24x7 security on-call rotation Participate in security incident response team Document, and teach incident response procedures and capabilities; specific areas of responsibility may include:
Coordinate technical response to information security incidents Ensure technical readiness to respond to major security incidents Conduct reviews and rehearsals of incident response scenarios Enhance operational capabilities through pane-of-glass monitoring in a security/network operations center, automation of operational processes, and identification of tools and solutions required to enhance operational effectiveness Define roles and responsibilities within team, and across peers Identify and hire strong performers to build organizational capabilities Conduct quarterly business reviews with stakeholders Define and manage service levels Ensure technical readiness to respond to major security incidents Define and measure key performance indicators (KPIs) for team and report progress to management Required Skills
Ability to understand, model, and optimize business processes Enthusiastic and driven to learn and further career in Information Security Excellent attention to detail and organizational skills Working knowledge of software vulnerability classes, common exploitation techniques, and common countermeasures Working knowledge of malware detection systems, web gateways, IPS/IDS, SIEM, and authentication systems Comfortable executing in a fast-paced and dynamic environment Team-oriented with ability to build, organize, and motivate a team Experience Requirements
Minimum of 10 years of experience in NOC, SOC, or IT infrastructure engineering, with at least 5 years focused on IT management CISSP or other high level security certification Background in systems and/or network administration desirable Prior e-commerce or high-volume transactional web site experience highly desired Bachelor’s degree in Computer Science, Information Assurance, or equivalent work experience
athenahealth, Inc. - 23 months ago
athenahealth knows that managing physician practices can result in a splitting headache, especially when patients are late paying bills or...