GENERAL SUMMARY: The Information Security Manager works closely with the Director of Security Operations and Incident Response on the development, documentation, implementation, and monitoring of policies, procedures, and practices that ensure the confidentiality, integrity, and availability of Henry Ford Health System patient, employee, and company confidential information. The Information Security Services Manager is the primary resource for security incident management and leads tactical improvement by designing enterprise plans and standards to ensure services meet current and future requirements. The position is responsible for participating in the Information Privacy and Security Office's planning and managing of budgets, project prioritization, strategy, execution, policies, procedures, and guiding practices. The Information Security Services Manager reports to the Deputy Information Security Officer. This position collaborates closely with cross functional enterprise groups to ensure processes and services are implemented and operationalized to meet both the needs of the business and regulatory requirements. The position will manage all aspects of the system-wide cybersecurity incident management plan, processes, and associated staff. Provide cybersecurity incident management leadership, administrative management of staff (performance, scheduling/on-call rotation, professional development, etc.), adherence to incident response processes, service level agreements, implementation and operational management of security event monitoring technologies, threat intelligence processes, and associated reporting. PRINCIPLE DUTIES AND RESPONSIBILITIES: Provides leadership, vision, managerial oversight, development, implementation, and execution of Henry Ford Health System’s Enterprise-Wide Cybersecurity Incident Management Program. The Information Security Services Manager maintains policies and processes that enable HFHS to establish consistent, efficient, and appropriate controls. The Information Security Services Manager will set performance expectations for direct reports and provide constructive performance feedback on a regular basis. This position is responsible for enterprise-wide security incident event communications and reporting. Information Security Services Management + Evaluate and update Information Security Services operational processes and procedures as appropriate and ensure compliance. + Keep abreast with industry alerts, technology trends and best practices related to information security. + Partner with peer department groups to foster an atmosphere of collaboration and cooperation. + Ensure and monitor security compliance with regulatory requirements, industry best practices, and organizational policies. (HIPAA, HITECH, PCI, Federal/State laws, etc.) + Provide oversight of and support for response processes related to detected security incidents and potential threats. + Manage departmental vendor/partner/support relationships. + Contributes to the development of a multi-year IT Security roadmap and strategic planning activities, as well as budgeting and forecasting activities to provide a measurable value to the organization. + Central authority of security incident events through identification, protection, detection, response, and recovery + Manage the development and implementation of information security policies, processes, standards, and guidelines as related to enterprise-wide information security incident management. + Program management of departmental initiatives, projects, and implementation and monitoring of information security controls. + Responsible for ensuring that appropriate resources are allocated to projects and that the timelines, commitments, and service levels from the team are met. + Responsible for the design, maintenance, and monitoring of Security Information and Event Management (SIEM) and Security Operations Center processes and configurations. + Liaison for departmental process and incident escalations to leadership. Operational Management + Provides functional leadership and supervision to Information Security Services staff. Including staff scheduling, performance, and development management. + Manage the reporting employee lifecycle by maintaining a diverse, efficient and effective workforce. + Regularly meet with direct reports for feedback, mentoring, support, and career development including performance expectations to ensure continuous value. + Foster a culture of customer service, disciplined business conduct, and healthy communication. + Ensure each team member understands their role, responsibilities, and are accountable for their performance. EDUCATION AND EXPERIENCE: + Bachelor's Degree in Information Systems, Computer Science or equivalent certifications, required. + CISM/CISSP or equivalent certification required. + Must have a minimum of 6 years of cybersecurity experience, to include a minimum of 2 years of direct leadership experience. + Demonstrates strong and effective verbal, written, and interpersonal communication skills, with experience in all at the executive level. + Ability to prioritize and multi-task in a dynamic, fast paced, and challenging environment. + Experience with federal and state healthcare information regulations and requirements (e.g. HIPAA). + Advanced knowledge of IT systems and functions, process development, change management, and service and implementation lifecycle. + Knowledge of information security best practices, NIST Cybersecurity Framework, and common risk frameworks. + Can conform to shifting priorities, demands and timelines through analytical and problem-solving capabilities. + Demonstrates experience in the development and management of a comprehensive information security program that balances risk along with the organizational goals and objectives. + Demonstrates the ability to influence without direct control and/or authority. + A value focused team player who has the ability to lead and mentor team members. + Excellent customer service and interpersonal skills demonstrated through all forms of communication in order to convey technical concepts in non-technical terms. + Consensus building and collaborative interpersonal skills. + Ability to work under pressure, establish priorities, and respond with appropriate urgency. CERTIFICATIONS/LICENSURES REQUIRED: + CISM/CISSP or equivalent certification required. Additional Information + Organization: Corporate Services + Department: Cybersecurity Incident Respons + Shift: Day Job + Union Code: Not Applicable Additional Details This posting represents the major duties, responsibilities, and authorities of this job, and is not intended to be a complete list of all tasks and functions. It should be understood, therefore, that incumbents may be asked to perform job-related duties beyond those explicitly described above. Overview Henry Ford Health partners with millions of people on their health journey, across Michigan and around the world. We offer a full continuum of services – from primary and preventative care to complex and specialty care, health insurance, a full suite of home health offerings, virtual care, pharmacy, eye care and other health care retail. With former Ascension southeast Michigan and Flint region locations now part of our team, Henry Ford’s care is available in 13 hospitals and hundreds of ambulatory care locations. Based in Detroit, Henry Ford is one of the nation’s most respected academic medical centers and is leading the Future of Health: Detroit, a $3 billion investment anchored by a reimagined Henry Ford academic healthcare campus. Learn more at henryford.com/careers . Benefits The health and overall well-being of our team members is our priority. That’s why we offer support in the various components of our team’s well-being: physical, emotional, social, financial and spiritual. Our Total Rewards program includes competitive health plan options, with three consumer-driven health plans (CDHPs), a PPO plan and an HMO plan. Our team members enjoy a number of additional benefits, ranging from dental and eye care coverage to tuition assistance, family forming benefits, discounts to dozens of businesses and more. Employees classified as contingent status are not eligible for benefits. Equal Employment Opportunity/Affirmative Action Employer Equal Employment Opportunity / Affirmative Action Employer Henry Ford Health is committed to the hiring, advancement and fair treatment of all individuals without regard to race, color, creed, religion, age, sex, national origin, disability, veteran status, size, height, weight, marital status, family status, gender identity, sexual orientation, and genetic information, or any other protected status in accordance with applicable federal and state laws.