Sr. Manager, Information Security

About the position AnewHealth is one of the nation's leading pharmacy care management companies that specializes in caring for people with the most complex, chronic needs—wherever they call home. We enable better outcomes for patients and the healthcare organizations who support them. Established in 2023 through the combination of ExactCare and Tabula Rasa HealthCare, we provide a suite of solutions that includes comprehensive pharmacy services; full-service pharmacy benefit management; and specialized support services for Program of All-Inclusive Care for the Elderly. With over 1,400 team members, we care for more than 100,000 people across all 50 states. The Information Security Manager will provide technical leadership for the managed services provider's day-to-day security operations, perform security architecture reviews, driving the implementation of controls, addressing information security vulnerabilities, creating and maintaining documentation. They will play a key role in the governance and risk management activities of the Information Security Team.

Responsibilities

• Manage daily interactions with our managed service provider to ensure risks, vulnerabilities and other security items are addressed and acted upon.
• Manage the execution and advancement of security strategy to ensure ANH is continually prepared in terms of their security posture, and that it aligns with the company's risk appetite and external regulatory requirements.
• Lead risk assessment activities for critical assets, and manage risks throughout the Risk Management Process.
• Be a key contributor in the overall governance with the Information Security Program.
• Manage the information security policies and ensure that it aligns with the security strategy and any regulatory requirement (e.g., SOX, HIPAA) and external frameworks (e.g., HITRUST) used.
• Manage Third-Party Security Risk Management practices and procedures to ensure third-party security risk is managed and maintained within company standards and regulatory requirements.
• Perform audits of third parties such as vendors, services providers, consulting organizations etc. as part of Third-Party Risk Management.
• Manage and perform security architectural review of acquired applications (e.g., IT Tools, SAAS) and internal Products to ensure they are designed and operating in a secure manner as required by security policy and external regulations.
• Participate in the Information Security Incident process.
• Participate and support internal and external audits as required.
• Provide guidance and support to IT and business areas to ensure security posture is in place and maintained to meet the various mandates.
• Participate in education and mentoring of technical teams on security requirements.
• Ensure that appropriate documentation in the form of policies, standards and procedures is created and managed to drive behaviors and set expectations for securing the environment.
• Build relationships with technology and business teams across the company.
• Interact routinely with managed service providers, vendors, consultants/advisers and professional organizations.
• Occasional travel to company divisions outside of the corporate office location may be required.

Requirements

• Bachelor's or Master's degree in computer or information management or related field.
• 3-5 years' experience in an information security operations management.
• 1-3 years' experience working with or managing a managed-service provider is a plus.
• 2-4 years' experience in security architecture and/or security strategy role.
• At least one of CISSP, CISM or CRISC preferred.
• Strong attention to detail, influencing and problem resolution skills.
• An outgoing personality is a MUST for this position.

Benefits

• Medical, dental, and vision coverage effective 1st of the month following date of hire.
• Flexible spending.
• Company-paid life insurance and short-term disability.
• Voluntary benefits.
• 401(k).
• Paid Time Off.
• Paid holidays.

Apply tot his job Apply To this Job