Cyber Security Manager jobs in United States
cer-icon
Apply on Employer Site
company-logo

Tuesday Health · 19 hours ago

Cyber Security Manager

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level
date5+ years exp

Tuesday Health is a value-based palliative care provider group dedicated to transforming serious illness and end-of-life care. The Security Manager safeguards the confidentiality, integrity, and availability of systems and data, leads security governance, risk management, and compliance efforts, and oversees security operations and incident response.

Health CareHospitalWellness
Hiring Manager
Madison Zimmerman
linkedin

Responsibilities

Lead the enterprise security program aligned to HIPAA Security Rule, SOC 2 Type II, HITRUST CSF, and internal policies
Own risk assessments, risk register, treatment plans, and executive reporting
Maintain security policies and standards (access control, encryption, vendor risk, vulnerability management, incident response, acceptable use, AI/GenAI usage)
Coordinate audits, evidence collection, corrective actions, and ongoing compliance monitoring
Oversee daily security operations: SIEM monitoring, EDR, vulnerability scanning, patch management, and email security/anti-phishing
Implement and tune detection rules, playbooks, and escalation paths; manage MDR/SOC vendors as applicable
Ensure Azure security posture through Defender for Cloud, Sentinel, and RBAC enforcement
Validate security configurations for .NET APIs, Blazor WASM, MAUI apps, and PostgreSQL —working with engineering to confirm adherence to secure coding guidelines
Collaborate with third-party penetration testing vendors: schedule tests, review findings, and track remediation
Define and enforce secure coding standards for .NET, Blazor, and MAUI applications
Ensure CI/CD pipelines include security checks (SAST, DAST, dependency scanning)
Provide oversight for infrastructure-as-code security (ARM/Bicep templates) and zero-trust principles
Advise engineering on OWASP best practices and secure API design
Lead incident response lifecycle (prepare, detect, contain, eradicate, recover, lessons learned) with documented runbooks
Coordinate with Privacy/Legal on reportable events; align to HIPAA breach requirements and internal incident procedures
Maintain and test Business Continuity and Disaster Recovery plans; run tabletop exercises at least twice annually
Enforce least-privilege, role-based access control (RBAC), and periodic access reviews for PHI/PII and critical systems
Manage Entra ID, privileged access management (PAM)
Implement data loss prevention (DLP) and encryption standards (in transit and at rest), including key management in Azure Key Vault
Oversee third-party risk management for all vendors handling PHI, PII, or critical systems
Conduct security due diligence, including reviewing SOC 2/ISO certifications, penetration test results, and security questionnaires
Ensure Business Associate Agreements (BAAs) are in place for vendors processing PHI and verify compliance with HIPAA Security Rule
Maintain a vendor risk register and track remediation of identified gaps
Monitor vendor adherence to contractual security obligations, including data residency, retention, and model training restrictions for AI tools
Collaborate with Procurement and Legal to include security requirements in contracts and enforce breach notification timelines
Periodically reassess vendor security posture and update risk ratings based on audits or incidents

Qualification

Cyber Security ManagementGovernanceRisk & ComplianceCloud SecurityIncident ResponseAzure Security ServicesSecure Coding PracticesRisk AssessmentsCommunication SkillsTeam Collaboration

Required

Bachelor's degree in Information Security, Computer Science, or related field—or equivalent experience
5–8+ years in security roles with 2–3+ years leading security operations or GRC initiatives
Hands-on experience with cloud security
Working knowledge of HIPAA Security Rule, PHI/PII handling, SOC 2 Type II, and incident response practices
Hands-on experience with Azure security services (Defender for Cloud, Sentinel, Key Vault, RBAC)
Familiarity with secure development practices for .NET, Blazor WASM, MAUI, and PostgreSQL (oversight, not coding)
Proven ability to run risk assessments, develop policies, and manage audits
Strong communication skills; ability to influence cross-functional leaders and train non-technical audiences

Benefits

Comprehensive benefits including medical, dental, vision, and life insurance
Paid time off and holidays
Employer 401(K) match

Company

Tuesday Health

twittertwitter
company-logo
Tuesday Health empowers lives through supportive care by easing the symptoms and stress of serious illness.
dateFounded in 2023
location
Nashville, Tennessee, USA
people-size11-50 employees
web-link
https://www.tuesdayhealth.com

Funding

Current Stage
Early Stage
Total Funding
$60M
2024-05-21Series A· $60M

Leadership Team

leader-logo
Jim Wieland
Chief Executive Officer
linkedin
Company data provided by crunchbase