Job Information
Essentia Health Information Security Operations Manager in Duluth, Minnesota
Building Location:
Peerless Building
Department:
47530 Information Security
Job Description:
The Security Operations Manager is responsible for overseeing all security operations to protect the organization’s assets and infrastructure. This role includes managing the SecOps team, ensuring effective collaboration with third-party Security Operations Centers (SOC), and ensuring the organization’s security tools, policies, and incident response capabilities are fully operational and aligned with industry best practices.
Education Qualifications:
Key Responsibilities:
Manage Security Operations Team: Lead and mentor a team of security operations analysts, ensuring optimal performance, professional development, and alignment with organizational goals
Managed Security Service Provider Management: Act as the primary liaison with the organization’s MSSP, ensuring service-level agreements (SLAs) are met, and facilitating seamless communication for threat detection and response
Incident Response: Develop and maintain the organization's incident response plan, ensuring timely detection, analysis, containment, and remediation of security incidents. Ensure visibility of technology for incident detection and response purposes
Security Toolset Operation: Oversee the operation and integration of security technologies, including SIEM, endpoint detection, vulnerability scanners, and firewalls, ensuring tools are up-to-date and functioning effectively
Secure System Configuration: Ensure systems are configured securely by working closely with IT teams to enforce secure design, build, and maintenance practices
Policy Implementation and Enforcement: Collaborate with the GRC team to ensure security policies, procedures, and standards are effectively implemented and adhered to across the organization
Threat Intelligence and Monitoring: Ensure continuous monitoring and analysis of the organization's systems to detect any potential security threats, vulnerabilities, or breaches
Compliance and Audit Support: Work with compliance teams to ensure security operations align with regulatory requirements and industry standards, providing necessary documentation for audits and assessments
Risk Management: Assess and mitigate risks by identifying and addressing vulnerabilities and implementing corrective actions or security controls as needed
Training and Awareness: Provide training and guidance to internal teams on secure practices and emerging threats to foster a culture of security awareness
Educational Requirements:
- Bachelor’s degree in Information Security, Computer Science, or a related field (or equivalent experience)
Required Qualifications:
5+ years of experience in security operations or related field, with 2+ years in a managerial or lead role
Strong knowledge of security frameworks, incident response processes, and security tools (e.g., SIEM, IDS/IPS, firewalls)
Excellent leadership, communication, and problem-solving skills
Ability to work in a fast-paced, dynamic environment and respond to changing threats
Preferred Qualifications:
Relevant certifications such as CISSP, CISM, or GIAC
Experience working with third-party MSSPs and managing SLAs
Healthcare IT Experience: Experience working in the healthcare industry, with a strong understanding of HIPAA compliance, electronic health record (EHR) systems, and the unique security challenges in healthcare environments
Licensure/Certification Qualifications:
FTE:
1
Possible Remote/Hybrid Option:
Remote
Shift Rotation:
Day Rotation (United States of America)
Shift Start Time:
Shift End Time:
Weekends:
Holidays:
No
Call Obligation:
No
Union:
Union Posting Deadline:
It is our policy to afford EEO to all individuals, regardless of race, religion, color, sex, pregnancy, gender identity, national origin, age, disability, family medical history, genetic information, sexual orientation, marital status, military service or veteran status, culture, socio-economic status, status with regard to public assistance, and other factors not related to qualifications, including employees or applicants who inquire about, discuss, or disclose their compensation or the compensation of other employees or applicants, or membership or activity in a local human rights commission, or any other category as defined by law.