IT Security Program Manager

Recovery Centers of America

Devon, PA(remote)

JOB DETAILS
SKILLS
Analysis Skills, Auditing, Business Continuity Planning (BCP), CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Campaigns, Communication Skills, CompTIA Security+, Computer Science, Computer Security, Continuous Improvement, Corrective Action, Cross-Functional, Cryptography, Detail Oriented, Documentation, Endpoint Security, Environmental Health, External Audit, Firewalls, HIPAA (Health Insurance Portability and Accountability Act), Healthcare, Identify Issues, Incident Management, Incident Response, Information Technology & Information Systems, Information/Data Security (InfoSec), Intelligence Analysis, Internal Audit, Internet Security, Interpret Regulations, Leadership, Legal, Legal Support Skills, Maintain Compliance, Manufacturing Data Management, Medical Records, Metrics, Microsoft Product Family, Multitasking, Operations, Operations Management, Organizational Skills, Phishing, Presentation/Verbal Skills, Privacy Controls, Problem Solving Skills, Process Improvement, Project Management Certification, Project Management Professional (PMP), Project/Program Management, Purchasing/Procurement, Regulatory Compliance, Regulatory Requirements, Reporting Dashboards, Risk, Risk Analysis, Risk Management, Risk Management Framework (RMF), Security Analysis, Security Auditing, Security Information and Event Management (SIEM), Security Monitoring, Systems Analysis, Teleconferencing, Time Management, Training Program, Trend Analysis, U.S. National Institute of Standards and Technology (NIST), Vendor/Supplier Evaluation, Vendor/Supplier Management, Vendor/Supplier Selection, Videoconferencing, Willing to Travel, Writing Skills
LOCATION
Devon, PA
POSTED
1 day ago

Position Overview:

The IT Security Program Manager is responsible for executing and managing the day-to-day operations of Recovery Centers of America's cybersecurity program. Reporting to the manager of infrastructure under the IT OPS director and ensures that RCA's security posture remains compliant with HIPAA, HITECH, and NIST 800-53 standards while continuously improving the effectiveness of the organization's security controls and risk management framework.

This role will coordinate and perform audits, oversee third-party risk management, manage RCA's security awareness and phishing programs, drive policy governance, and ensure the timely resolution of open risk items and vulnerabilities. The ideal candidate is an organized, hands-on leader with a strong understanding of healthcare security and compliance who can align security initiatives with RCA's mission of saving one million lives.

Essential Duties and Responsibilities

Program Management & Governance

  • Manage the daily operations of RCA's cybersecurity program under the guidance of the CISO.
  • Coordinate and track the completion of internal and external security audits, including HIPAA, SOC 2, and NIST-based assessments.
  • Maintain and monitor the Information Security Risk Register, ensuring timely resolution of identified issues and mitigation of critical findings.
  • Lead tabletop exercises and incident response simulations to test and improve RCA's preparedness and business continuity planning.
  • Collaborate with RCA leadership and department heads to ensure that security policies and controls are understood and effectively implemented across all business units.

Third-Party Risk & Vendor Management

  • Manage the third-party risk assessment program, ensuring that all vendors with access to PHI or critical systems undergo security evaluation and periodic reassessment.
  • Review BAAs, security questionnaires, and compliance attestations; ensure corrective action for identified gaps.
  • Partner with Procurement and Legal to integrate security requirements into new and existing vendor contracts.

Policy, Compliance, and Reporting

  • Work with the CISO to review, update, and publish information security policies, standards, and procedures in accordance with HIPAA, HITECH, and NIST frameworks.
  • Develop dashboards and recurring reports to track security metrics, compliance posture, and program maturity for presentation to the CISO and executive leadership.
  • Monitor and interpret changes to regulatory requirements, ensuring timely updates to RCA's compliance program.

Security Awareness & Training

  • Administer and optimize RCA's KnowBe4 Security Awareness and Phishing Training Program.
  • Track user engagement and training completion rates, and provide metrics and recommendations to leadership.
  • Develop creative awareness campaigns to strengthen RCA's security culture.

Vulnerability & Infrastructure Management

  • Identify and track critical infrastructure vulnerabilities, working with IT and Infrastructure teams to ensure remediation and continuous monitoring.
  • Oversee MDM security, ensuring appropriate device controls, encryption, and enforcement of mobile security policies.
  • Support the CISO in analyzing threat intelligence, vulnerability trends, and endpoint security performance (e.g., CrowdStrike, firewall alerts).

Risk and Compliance Leadership

  • Ensure continuous compliance with HIPAA, HITECH, and NIST 800-53 / 800-171 requirements.
  • Coordinate with Compliance, Legal, and Clinical leadership to ensure consistent risk management practices.
  • Participate in post-incident reviews, documenting lessons learned and recommending process improvements.

Education

  • Bachelor's degree in Information Security, Computer Science, Information Technology, or related field required.

Experience

  • Minimum of 5-7 years of progressive experience in cybersecurity, IT risk management, or audit within a regulated environment (preferably healthcare).
  • At least 2 years in a program management or leadership role overseeing information security functions.
  • Strong working knowledge of HIPAA, NIST 800-53, HITRUST, and security risk management frameworks.

Certifications (preferred but not required)

  • Security +, CISSP, CISM, CRISC, HCISPP, or equivalent security certification.
  • PMP or similar project management certification is a plus.

Technical Skills

  • Understanding of endpoint protection, SIEM tools, MDM platforms (e.g., Intune), and vulnerability management solutions.
  • Experience with vendor risk tools, audit tracking systems, and compliance reporting.
  • Familiarity with Microsoft 365 Security Suite, KnowBe4, and GRC platforms.

Core Competencies

  • Strong analytical and problem-solving skills.
  • Excellent written and verbal communication skills, with the ability to translate technical risks for non-technical stakeholders.
  • Highly organized and detail-oriented, with the ability to manage multiple priorities simultaneously.
  • Demonstrated ability to build cross-functional relationships and drive accountability.
  • Passionate about RCA's mission and maintaining the privacy and security of patient information

Travel

  • Limited travel is required for this position
  • This position is primarily a remote position

This job description is not designed to cover or contain a comprehensive listing of all activities, duties, or responsibilities required of the employee. Duties, responsibilities, and activities may change at any time, with or without notice, to meet the evolving needs of the organization. Nothing in this job description alters the at-will nature of employment, and either RCA or the employee may terminate the employment relationship at any time, with or without cause or notice.

RCA is committed to providing reasonable accommodations to qualified individuals with disabilities to enable them to perform the essential functions of their role. Employees or applicants requiring accommodation should contact Human Resources to initiate the interactive accommodation process.

This position primarily involves sedentary work, including extended periods of sitting and computer use. The employee must be able to communicate effectively via phone, video conferencing, and written correspondence.

About the Company

R

Recovery Centers of America