Manager, Identity & Access Management
Summa Health
Full-Time / Benefit Eligible
Remote Opportunity
Summa Health System is recognized as one of the region's top employers by a number of third party organizations, including NorthCoast 99. Exceptional candidates gravitate to Summa because of its culture, passion for delivering excellent service to our patients and families commitment to our philosophy of servant leadership, collegial working relationships at every level of the organization and competitive pay and benefits.
Summary:
Under general direction of the Chief Information Security Officer, the Manager, Identity & Access Management (IDAM) is responsible for translating the organization's cybersecurity strategy into team level mission, objectives, and tasks. The Manager is responsible for carrying out day-to-day operations to ensure the capabilities under their span-of-control achieve intended outcomes. In alignment with the organization's cybersecurity risk management strategy, the Manager leads their team to deliver capabilities and services that reduce the organization's cybersecurity risk to acceptable levels.
The Manager supports the Chief Information Security Officer in development and delivery of the department's strategy and manages ongoing process improvement for their respective cybersecurity team(s). The Manager provides thought leadership and decision support to business, clinical, and operational partners across the organization. The Manager is responsible for hiring, training, and evaluating their team(s). The Manager, is responsible for directly leading the Identity & Access Management team and related capabilities for Summa Health. The role is responsible for managing access to the Epic EHR platform.
This role will leverage best practices like ITIL and the NIST Cybersecurity Framework to establish standards and processes that will reduce organizational risk and support efficient and effective delivery of value across Summa Health.
Formal Education Required:
a. Bachelor's Degree or equivalent in Computer Science, Cybersecurity, IT, Business, Education, or Engineering or equivalent combination of education and/or experience.
Experience and Training Required:
a. Seven (7) years of increasingly responsible information security or IT related experience that has provided leadership skills to include;
i. Experience working in a complex healthcare environment.
b. Certifications required:
i. CompTIA Security+ (or equivalent)
ii. ITIL Foundation (or equivalent)
iii. ISC2 CISSP (or equivalent)
c. Certifications preferred:
i. ISC2 HCISSP
ii. ISACA CISM
Other Skills, Competencies and Qualifications:
a. Advanced analytical, design, and problem-solving skills to troubleshoot system defects and mitigate the risk issues they cause.
b. Advanced knowledge of cybersecurity principles.
c. Advanced knowledge of organizational information technology (IT) user security policies (e.g., account creation, password rules, access control).
d. Advanced knowledge of user identification, authentication, authorization, and other related Identity & Access Management principles.
e. Advanced knowledge of resource management principles and techniques.
f. Advanced knowledge of the organization's enterprise information technology (IT) goals and objectives.
g. Advanced skill in creating team processes that reflect system security objectives.
h. Advanced skill in evaluating the trustworthiness of the supplier and/or product.
i. Advanced skill in utilizing feedback to improve processes, products, and services.
j. Intermediate knowledge of cybersecurity and privacy principles.
k. Intermediate knowledge of information assurance (IA) principles and organizational requirements to protect confidentiality, integrity, availability, authenticity, and non-repudiation of information and data.
l. Intermediate knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
m. Intermediate knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
n. Intermediate knowledge of network, host, and user access control mechanisms.
o. Intermediate knowledge of Personally Identifiable Information (PII), Payment Card Industry (PCI), Personal Health Information (PHI) data security standards.
p. Intermediate knowledge of the NIST Cybersecurity Framework, NIST 800-53, HIPAA, and PCI DSS.
q. Intermediate knowledge of the organization's foundational business processes and operations.
r. Intermediate skill in identifying gaps in technical capabilities.
s. Basic knowledge of computer networking concepts and protocols, and network security methodologies.
t. Basic knowledge of cyber threats and vulnerabilities.
u. Basic knowledge of information security program management and project management principles and techniques.
v. Basic knowledge of performance tuning tools and techniques.
w. Basic knowledge of principles and methods for integrating system components.
x. Basic knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
y. Basic knowledge of specific operational impacts of cybersecurity lapses.
z. Basic knowledge of systems administration concepts.
aa. Basic knowledge of the enterprise information technology (IT) architecture.
bb. Basic knowledge of the type and frequency of routine hardware maintenance.
cc. Ability to develop productive working relationships with a broad range of business, clinical, and operational professionals.
dd. Ability to effectively communicate, verbally and in writing, with all levels of employees to include physicians, senior management, technical and non-technical staff.
ee. Ability to effectively interact with populations of patients/customers with an understanding of their needs for self-respect and dignity.
ff. Ability to establish an environment that motivates teams to high levels of performance.
gg. Ability to manage technical and non-technical staff.
hh. Ability to negotiate resolutions for conflicting security and business objectives.
ii. Ability to successfully handle multiple high priority initiatives simultaneously, with minimal direction.
jj. Ability to understand the business impact of critical incidents.
kk. Ability to exemplify Summa Health's core values.
Level of Physical Demands:
a. Sedentary: Exerts up to ten pounds of force occasionally and/or a negligible amount of force frequently.
b. Minimal, may occasionally move computer equipment (desktop, laptop, monitor, printer, and peripherals) when necessary.
Equal Opportunity Employer/Veterans/Disabled
$49.78/hr - $74.68/hr
The salary range on this job posting/advertising is base salary exclusive of any bonuses or differentials. Many factors, such as years of relevant experience and geographical location are considered when determining the starting rate of pay. We believe in the importance of pay equity and consider internal equity of our current team members when determining offers. Please keep in mind that the range that is listed is the full base salary range. Hiring at the maximum of the range would not be typical.
Summa Health offers a competitive and comprehensive benefits program to include medical, dental, vision, life, paid time off as well as many other benefits.