Manager, IT Security (Vulnerability Assessment and Offensive Security)
UPMC
**UPMC is looking for an IT Security Manager to lead their Vulnerability Management and Offensive Security teams. This position will be a Hybrid role in which you will work both ON-SITE as well as having opportunity to work from home.**
**Description**
The Manager, IT Security provides leadership to the day to day operation, support, development, installation, and delivery of security products and services within Information Assurance Services. The Manager, IT Security is further responsible for the identification and development of talent and for managing performance to ensure business goals and objectives are met, if not exceeded.
**Responsibilities:**
+ Provides leadership and strategic direction to ensure that the team consistently meets, if not exceeds deliverables aligned with organizational security policies and standards. This individual develops and executes annual goals and actionable plans that support the broader Governance, Risk, and Compliance (GRC) mission, while also setting individual goals for team members to drive their growth and contributions.
+ Oversee Vulnerability Assessments: Manage regular vulnerability scans, both host and application, identify and mitigate security risks. Prioritize remediation efforts based on the severity of vulnerabilities and potential impact on the organization.
+ Lead Offensive Security Operations: Direct and manage Red Team activities, including simulated attacks and penetration testing, to identify and exploit vulnerabilities. Ensure continuous improvement of offensive security tactics and techniques
+ Manages performance of direct reports through performance evaluations, coaching, and mentoring.
+ Manages a team of operations and/or development security professionals.
+ Provides input on budget planning. Responsible for managing to budget.
+ Establish and build relationships with vendors, partners, third parties, and internal teams or groups.
+ Provide recommendations on enhancements and new initiatives.
+ Communicates effectively with team, peers, department leaders, and executive leadership. Responsible for keeping team informed on all relevant organizational information.
+ Leads and facilitates meetings.
+ Articulate business values to the team, leadership, and partners.
+ Escalate issues to the next level of management as appropriate.
**Qualifications**
· Bachelor's degree required with a master's degree preferred.
· 5 years of additional successive experience in a technology field in a multi-faceted user environment, with at least two years' experience in a senior or lead capacity
o OR Nine years of total related experience, including five years of successive experience in a technology field in a multi-faceted user environment, with at least two years' experience in a senior or lead capacity.
· Understanding of security best practices, architecture, and framework.
· Preferences: Experience managing an information security function using the HITRUST Common Security Framework or the NIST 800-83 cyber security framework.
· Security industry organization participation/leadership (HITRUST, ISACA, InfraGard, ISC2, ISSA, etc.).
· Certified Information Systems Security Professional (CISSP) preferred.
· Certified Information Security Manager (CISM).
· Knowledge of regulatory requirements such as Health Insurance Portability and Accountability Act (HIPPA), Payment Card Industry Data Security Standards (PCI DSS).
**Licensure, Certifications, and Clearances:**
Act 34
**UPMC is an Equal Opportunity Employer/Disability/Veteran**
Confirm your E-mail: Send Email