Apply on Employer Site

CareOregon · 2 hours ago

IS Security Manager

United States

Full-time

Remote

Senior Level

$152K/yr - $186K/yr

6+ years exp

CareOregon is a healthcare organization focused on improving the health of communities. They are seeking an IS Security Manager to lead the development and implementation of their information security program, partnering with organizational leaders to enhance security governance and compliance. This role involves overseeing security operations, managing a high-performing security team, and providing strategic guidance on security architecture and emerging threats.

Health Care

H1B Sponsor Likely

Responsibilities

Implement and oversee a comprehensive Information Security Program aligned with organizational goals and industry best practices

Partner with IS and executive leadership to define security objectives, maintain the Information Security Roadmap, and report on program performance

Advise senior leadership on security risks, emerging threats, and strategic cybersecurity needs

Establish and maintain a security metrics framework and key performance indicators aligned with organizational priorities and standards

Prepare and deliver clear, actionable reports for senior leadership, including key risk indicators, program status, and operational metrics

Recommend updates to security policies and standards to align with HIPAA, HITRUST, NIST, and other frameworks

Coordinate implementation of security programs, policies, and configuration standards across IS

Lead risk assessments, vulnerability analyses, remediation planning, and the administration of a GRC platform

Manage third‑party risk processes, including vendor assessments and ongoing monitoring

Oversee penetration tests, program maturity assessments, and risk assessments

Ensure ongoing compliance with regulatory, contractual, and audit requirements

Lead the response to audit requests and efforts to remediate adverse results

Build and lead operational security capabilities to monitor, detect, analyze, and respond to threats

Utilize threat intelligence, monitoring, incident management, behavioral analysis, and advanced detection technologies

Maintain SOPs, runbooks, and playbooks supporting incident investigation, containment, recovery, and post‑incident review

Lead the Information Security Incident Response Plan, including training, exercises, and cross‑team readiness initiatives

Aggregate and analyze security data using SIEM technologies to identify patterns, evaluate alerts, and prioritize responses

Conduct proactive threat hunting and enhance monitoring to detect emerging threats

Provide guidance on secure architecture and operations for on‑premises and Azure cloud environments

Manage core security domains such as Vulnerability Management, Identity and Access Management, and Privileged Access Management

Collaborate with other IS teams to ensure robust security configuration management for systems, hardware, and firmware

Perform security reviews and risk assessments for software acquisitions and technology initiatives

Lead periodic testing and improvement of the IS Disaster Recovery Plan

Lead, mentor, and develop a high‑performing cybersecurity team, fostering innovation, learning, and operational excellence

Act as a subject matter expert for IS and business teams, providing guidance on secure architecture, risk mitigation, and best practices

Maintain strong partnerships with key vendors, partners, and external stakeholders

Facilitate security governance meetings and deliver clear, actionable updates to executive leadership

Develop, maintain, and continuously improve the organization‑wide information security awareness program

Ensure training content is current, engaging, and effective in reducing human‑related risk and supporting compliance

Manage team and recommend team direction and goals in alignment with the organizational mission, vision, and values

Identify work and staffing needs to meet work expectations; recruit and hire, using an equity, diversity, and inclusion lens

Plan, organize, schedule, and monitor work; ensure employees have information and resources to meet job expectations

Lead the development, communication, and oversight of team and individual goals; ensure goals, expectations, and standards are clearly understood by staff

Train, supervise, motivate, and coach employees; provide support toward employee development

Incorporate guidance from CareOregon equity tools into people leadership, planning, operations, evaluation, and decision making

Ensure team adheres to department and organizational standards, policies, and procedures

Evaluate employee performance and provide regular feedback to support success; recognize strong performance and address performance gaps and accountability (corrective action)

Qualification

Information Security ProgramGovernanceRiskComplianceSecurity OperationsIncident ManagementVulnerability ManagementCloud SecurityData Loss PreventionProject ManagementAnalytical SkillsLeadershipCommunication SkillsTeam Collaboration

Required

Minimum 6 years' experience in information security systems, solutions or related services

Experience must include most of the following: Leading teams, including developing and mentoring staff and supporting change management

Leading complex systems projects

Managing vendors and contracts

Influencing others

Developing policy and strategy roadmaps with business partners and aligning work efforts and solutions accordingly

Developing and implementing information or cyber security programs

Strong understanding of information security best practices and secure design principles

Knowledge of ITIL frameworks and their application within IS environments

Knowledge of cross‑team alignment practices and organizational calibration processes

Understanding of governance standards and adherence to established processes

Ability to apply core managerial disciplines, including project and change management, cross‑functional collaboration, innovation, and organizational effectiveness

Experience across multiple information security domains, including governance risk and compliance, attack surface management, identity and access management, network security, data protection, disaster recovery, security operations, incident response, and threat modeling

Experience managing Intrusion Detection and Prevention systems such as Rapid7, InsightIDR and Defender ATP

Experience with Data Loss Prevention and data classification

Ability to promote continuous learning, empowerment, engagement, and development opportunities for employees

Strong oral and written communication skills, including meeting facilitation and presentations

Ability to clearly convey complex or controversial topics to diverse audiences

Ability to form an independent perspective, collaborate in decision‑making, and motivate others—especially during challenging situations

Ability to propose solutions and articulate business value

Ability to elevate strategic concerns to senior leadership clearly, accurately, and promptly

Ability to build strong working relationships with internal leaders and external partners

Ability to collaborate effectively with coworkers, staff, leaders, and executives across all departments

Ability to maintain a high degree of professionalism and a positive attitude

Ability to develop and monitor policies, risks, and solutions

Sound judgment with the ability to develop, implement, and reinforce policy and strategy

Ability to see the broader context behind requests and apply holistic, systems‑thinking approaches

Advanced project management skills

Advanced vendor management skills

Advanced budget management skills

Strong analytical and research skills

Ability to identify patterns in data and draw accurate conclusions

Ability to work effectively with diverse individuals and groups

Ability to learn, focus, interpret information, and determine appropriate actions

Ability to accept direction and feedback, and manage stress effectively

Ability to see, read, and perform repetitive finger and wrist movement for at least 6 hours/day

Ability to hear and speak clearly for at least 3-6 hours/day

Preferred

Minimum 2 years' experience in a supervisory position or minimum 1 year experience in a supervisory position with completion of CareOregon's Aspiring Leaders Program

Benefits

Medical

Dental

Vision

Life

AD&D

Disability insurance

Health savings account

Flexible spending account(s)

Lifestyle spending account

Employee assistance program

Wellness program

Discounts

Multiple supplemental benefits (e.g., voluntary life, critical illness, accident, hospital indemnity, identity theft protection, pre-tax parking, pet insurance, 529 College Savings, etc.)

Strong retirement plan with employer contributions

PTO

Paid State Sick Time

Paid holidays

Volunteer time

Jury duty

Bereavement leave

Company

CareOregon

Everyone deserves great health care.

Founded in 1994

Portland, Oregon, USA

501-1000 employees

https://www.careoregon.org/

H1B Sponsorship

CareOregon has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (3)

2024 (10)

2023 (3)

2022 (6)

2021 (3)

2020 (2)

Funding

Current Stage

Late Stage

Leadership Team

Eric C. Hunter

President and Chief Executive Officer

Amy Dowd

COO

Recent News

Behavioral Health Business

Why Tougher Payer Negotiations in 2025 Signal Maturation for Behavioral Health

2025-09-13

Seattle TechFlash

This low-cost clinic can help pick up the slack from CareOregon policy change

2025-08-29

oregonlive.com

Thousands must find new mental health providers as CareOregon restricts out-of-network care

2025-08-13

Company data provided by crunchbase