Information Security Manager

Responsibilities

• Leadership & Strategy:
  Driving cybersecurity maturity with continuous improvement of controls, continuously evaluating and managing the cyber and technology risk posture of the organization, leading internal and outsourced security teams to execute on the roadmap defined by the CISO, leading team response to security incidents and breaches, leading security awareness and training programs for clinical staff handling PHI.
• Technical Execution:
  Managing prospect, client, and third‑party security assessment fulfillment, identifying and managing vulnerabilities, developing and implementing comprehensive risk treatment plans, monitoring compliance with information security policies, keeping up to date with IT security standards and emerging threats, maintaining knowledge of emerging technologies, architecting, prioritizing, coordinating, and communicating the choice of security technologies.
• Governance & Compliance:
  Maintaining and continuously improving SOC 2/HITRUST CSF certification, ensuring security control ownership, evidence collection, and audit readiness, managing comprehensive information security program covering IAM, vulnerability management, endpoint protection, network security, incident response, and third‑party risk.
• Collaboration & Cross‑Functional Delivery:
  Working with cross‑functional teams (Technology, Legal, Privacy, Finance, Internal and External Auditors) to achieve corporate objectives; partnering with legal and compliance teams to support a security culture and engaging business leaders; monitoring compliance with HIPAA, SOC 2, state data privacy regulations, and contractual security requirements across all clients.
• Team Development:
  Providing technical leadership, guidance, mentoring to Security Analysts, conducting performance reviews, training, and career development planning, and promoting knowledge sharing and best practices.

• Bachelor’s degree in computer science, information systems, cybersecurity or related field and a minimum of 2 years’ experience in people leadership within security, including hiring, development, and performance management.
• Experience in healthcare technology, health systems, or digital health, with working knowledge of HIPAA, PHI governance, and clinical system dependencies.
• Experience owning or co‑owning HITRUST CSF certification (or equivalent compliance framework such as SOC2, ISO
  27001).
• HITRUST Certified Common Security Framework Practitioner (CCSFP) or equivalent HITRUST training.
• One or more professional security certifications: CISSP, CISM, or CISA.
• AWS Security Specialty or equivalent cloud security certification.
• CRISC (Certified in Risk and Information Systems Control).
• AI governance or responsible AI certifications (e.g., ISACA AI Audit certificate, Certified AI Governance Professional).
• Travel required up to 15% for team meetings, clinic visits, and audit support.

• Demonstrated ability to translate technical infrastructure and security concepts into business risk and value narratives for executive and board audiences.
• Experience driving vulnerability management across organizations.
• Experience in value‑based care, employer‑sponsored healthcare, or population health management organizations.
• Proven track record operating in multi‑site, distributed environments; ideally 500+ locations; with complex endpoint and network management needs.
• Hands‑on experience deploying or governing AI tools in a healthcare or clinical environment, including PHI risk controls for AI systems.
• Experience with AIOps platforms or AI‑augmented IT operations tooling.
• Familiarity with AWS (or comparable cloud) architecture, including security posture management in cloud‑native environments.

Pay Range: $115,000–$145,000/yr. The actual offer may vary based on geographic location and the candidate’s years of experience and/or skill level. This position is also eligible for an annual incentive.

Marathon Health provides equal employment opportunities to all teammates and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. Marathon Health is committed to providing access and reasonable accommodation in its employment for individuals with disabilities.

To request disability accommodation in the application process, contact recruitinglth.