Position Overview:
The IT Security Program Manager is responsible for executing and managing the day-to-day operations of Recovery Centers of America's cybersecurity program. Reporting to the manager of infrastructure under the IT OPS director and ensures that RCA's security posture remains compliant with HIPAA, HITECH, and NIST 800-53 standards while continuously improving the effectiveness of the organization's security controls and risk management framework.
This role will coordinate and perform audits, oversee third-party risk management, manage RCA's security awareness and phishing programs, drive policy governance, and ensure the timely resolution of open risk items and vulnerabilities. The ideal candidate is an organized, hands-on leader with a strong understanding of healthcare security and compliance who can align security initiatives with RCA's mission of saving one million lives.
Essential Duties and Responsibilities
Program Management & Governance
Third-Party Risk & Vendor Management
Policy, Compliance, and Reporting
Security Awareness & Training
Vulnerability & Infrastructure Management
Risk and Compliance Leadership
Education
Experience
Certifications (preferred but not required)
Technical Skills
Core Competencies
Travel
This job description is not designed to cover or contain a comprehensive listing of all activities, duties, or responsibilities required of the employee. Duties, responsibilities, and activities may change at any time, with or without notice, to meet the evolving needs of the organization. Nothing in this job description alters the at-will nature of employment, and either RCA or the employee may terminate the employment relationship at any time, with or without cause or notice.
RCA is committed to providing reasonable accommodations to qualified individuals with disabilities to enable them to perform the essential functions of their role. Employees or applicants requiring accommodation should contact Human Resources to initiate the interactive accommodation process.
This position primarily involves sedentary work, including extended periods of sitting and computer use. The employee must be able to communicate effectively via phone, video conferencing, and written correspondence.