Manager, Information Security
Job ID 2023-5786
WebMD is the most recognized and trusted brand of health information and the leading provider of health information services, serving consumers, physicians, healthcare professionals, employers and health plans through our public and private online portals and WebMD the Magazine. The WebMD Health Network includes WebMD, Medscape, MedicineNet, eMedicine, RxList, theheart.org and Medscape Education. Our consumer portals and mobile health applications provide engaging, relevant and credible health and wellness information, personalized health assessment tools and access to online communities.
WebMD is an Equal Opportunity/Affirmative Action employer and does not discriminate on the basis of race, ancestry, color, religion, sex, gender, age, marital status, sexual orientation, gender identity, national origin, medical condition, disability, veterans status, or any other basis protected by law.
About WebMD Health Services:
WebMD Health Services, a part of WebMD Health Corp., has over 25 years of experience driving positive behavior changes. Consumers trust WebMD for reliable, accurate, and clear answers to their most pressing health-related questions. At WebMD Health Services, we tap into these valuable consumer insights to design and implement successful, engaging solutions to help individuals meet their well-being needs. We understand that there are numerous paths to reach well-being goals. Our expertise, combined with a variety of third-party partner integrations, enables us to deliver unique and personalized experiences across a wide range of industries. See how we support these diverse populations at webmdhealthservices.com.
We are currently seeking a Manager, Information Security, to support and lead our IT and Data Security initiatives. Working closely with the VP, Global Information & Data Security, CTO, and other IT and Legal leaders, the manager will support the evolution of the security and privacy roadmap and sustain, mentor, and help develop a high-functioning team. This position is based in the Portland office, fully supporting the WebMD Health Services (WHS) business and a part of the WHS Technology leadership team.
- Manage and monitor a strategic, comprehensive enterprise information security and IT risk management program
- Analyze IT security threats in real-time and mitigate these threats. Be part of a 24x7 rotation for security incidents.
- Partner with business units and functional areas to facilitate risk assessment and risk management processes
- Manage, mentor, and develop a team of security professionals
- Provide leadership to the WHS information security organization
- Regular reporting of current state and changes in security risk to leadership, inclusive of managing and leading a monthly WHS executive security steering committee meeting
- Provide direct client support in collaboration with client teams, legal, and WHS leadership in all security matters
- Manage all ISO, SOC 2 certifications, security reviews, penetration testing activities
- Raise awareness of risk management concerns across the company
- Participate in overall business technology planning, providing a current knowledge and future vision of technology and systems
- Ensure that newly-acquired technology complies with IT security best practices and regulations
- Stay current on cybersecurity threat trends and intelligence and new and evolving security technologies and services available in the market.
- Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of security
- Provide active monitoring and governance to ensure that third-party technology partners adhere and align to relevant security policies, standards, and practices
- Educate key stakeholders of new threats, industry trends, and applicable laws related to security, and manage security training for the organization
- Degree in computer science, business administration, or a technology-related field required
- Professional security management certification (CISM, CISSP) is a plus
- Minimum of three to five years of combined experience in risk management and information security
- Direct knowledge of industry best practices (NIST, ISO, SANS, COBIT, CERT), Legislative and Regulatory and Industry Compliance
- Requirements (SOX, PCI, HIPAA, HITECH, HITRUST, EHNAC)
- Technical expertise in data management and privacy (PHI, PII), enterprise DevSecOps / architecture, and B2B product DevSecOps / architecture.
- Experience with reviewing client contracts, 3rd party partner contracts, resellers; working with business, finance and legal teams to complete these security reviews.
- Experience working with clients who conduct enterprise level security reviews, audits, and 3rd party penetration tests
- Experience managing and leading the overall mitigation process of security incidents, inclusive of internal and external communications
- Strong interpersonal, verbal, and written communication and presentation skills with the ability to build trust at all levels in the organization
- Ability to focus on high-quality work while under pressure
- Logical, analytic, and rational
- Demonstrable innovative thinking and fostering an environment of continuous improvement
As a member of WebMD Health Services, you may have access to confidential and sensitive information (including Protected Health Information) that will require you to follow additional protocols to ensure the security of our data. As a core requirement, you must implement and act in accordance with the organization’s information security policies; protect assets from unauthorized access, disclosure, modification, destruction or interference; execute security processes or activities; and report security events or potential events or other security risks to the appropriate parties within the organization.