Security Program Manager

Overview

University of Colorado Medicine (CU Medicine) is the region’s largest and most comprehensive multi-specialty physician group practice. The CU Medicine team delivers business operations, revenue cycle and administrative services to support the patients of over 4,000 University of Colorado School of Medicine physicians and advanced practice providers. These providers bring their expertise at the forefront of medicine to deliver trusted, compassionate health care services at primary and specialty care clinics as well as facilities operated by affiliate hospitals of the University of Colorado.

We are seeking a highly motivated ITS Security Program Manager to join our ITS team.

Preference will be given to candidates that reside in Colorado, although out of state candidates will be considered.

The ITS Security Program Manager will provide program oversight and analysis for Security which includes the development, maintenance, and administration of the CU Medicine Information Security program.

• Oversee the development, implementation, administration, and continuous maturity of the enterprise Information Security Program in support of organizational and healthcare regulatory requirements.
• Lead and coordinate management-directed information security initiatives, including but not limited to HIPAA, SOC 2, PCI-DSS, phishing awareness, and security training programs.
• Serve as a primary liaison for security audits, risk assessments, and certifications, coordinating with internal stakeholders, external auditors, and regulatory bodies.
• Develop, maintain, and enforce Information Security policies, procedures, standards, and controls to ensure compliance with applicable laws, regulations, and industry frameworks.
• Identify, assess, and document Information Security risks and vulnerabilities, recommending mitigation strategies aligned with business objectives.
• Collaborate with IT, compliance, legal, and business teams to implement risk mitigation strategies and improve the organization’s security posture.
• Participate in and support the enterprise Security Risk Assessment process, including evaluating the effectiveness of existing controls and recommending enhancements.
• Evaluate the adequacy of controls and corrective actions; identify alternative safeguards when necessary to reduce residual risk.
• Prepare and present security program updates, metrics, and risk information to internal audiences at all organizational levels, including leadership.
• Assist with the development and maintenance of disaster recovery and business continuity policies and standards, ensuring alignment with organizational resilience goals.
• Research, evaluate, and recommend technologies and processes for the prevention, detection, containment, and remediation of data security incidents and breaches.
• Stay current on emerging threats, healthcare security trends, regulatory changes, and industry best practices, adjusting program strategies as needed.
• Provide guidance and consultation to users and teams regarding security requirements, procedures, and best practices.
• Assist in prioritizing security initiatives, managing workload, and providing PMO support when required.

• Bachelor’s degree required; MBA or Graduate Degree highly preferred.
• 5+ years of experience in an IT Security or Information Technology Services (ITS) environment, preferably within a healthcare or regulated industry.
• Cybersecurity and/or Project Management certification preferred (e.g., PMP, CISSP, CISM, CISA, etc.)
• Strong working knowledge of information security principles, frameworks, regulations, and best practices, including HIPAA, SOC 2, PCI-DSS, and NIST.
• Broad understanding of IT systems, applications, infrastructure, and cloud technologies.
• Strong project and program management skills, with the ability to manage multiple initiatives simultaneously.

All applications MUST be submitted via our website. In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.

CU Medicine is an Equal…