AnewHealth is one of the nation's leading pharmacy care management companies that specializes in caring for people with the most complex, chronic needs-wherever they call home. We enable better outcomes for patients and the healthcare organizations who support them. Established in 2023 through the combination of ExactCare and Tabula Rasa HealthCare, we provide a suite of solutions that includes comprehensive pharmacy services; full-service pharmacy benefit management; and specialized support services for Program of All-Inclusive Care for the Elderly. With over 1,400 team members, we care for more than 100,000 people across all 50 states.
Job Details The Information Security Manager will provide technical leadership for the managed services provider's day-to-day security operations, perform security architecture reviews, driving the implementation of controls, addressing information security vulnerabilities, creating and maintaining documentation. They will play a key role in the governance and risk management activities of the Information Security Team.
ESSENTIAL JOB FUNCTIONS:Primary Functions: - Manage daily interactions with our managed service provider to ensure risks, vulnerabilities and other security items are addressed and acted upon.
- Manage the execution and adherence of security strategy to ensure ANH is continually prepared in terms of their security posture, and that it aligns with the company's risk appetite and external regulatory requirements.
- Lead risk assessment activities for critical assets, and manage risks throughout the Risk Management Process.
- Be a key contributor in the overall governance with the Information Security Program.
- Manage the information security policies and ensure that it aligns with the security strategy and any regulatory requirement (e.g., SOX, HIPAA) and external frameworks (e.g., HITRUST) used.
- Manage Third-Party Security Risk Management practices and procedures to ensure T-P security risk is managed and maintained within company standards and regulatory requirements.
- Perform audits of third parties such as vendors, services providers, consulting organizations etc. as part of Third-Party Risk Management.
- Manage and perform security architectural review of acquired application (e.g., IT Tools, SAAS) and internal Products to ensure they are designed and operating in a secure manner as required by security policy and external regulations.
- Participate in the Information Security Incident process.
- Participate and support internal and external audits as required.
- Provide guidance and support to IT and business areas to ensure security posture is in place and maintained to meet the various mandates.
- Participate in education and mentoring of technical teams on security requirements.
- Ensure that appropriate documentation in the form of policies, standards and procedures is created and managed to drive behaviors and set expectations for securing the environment.
- Must be able to build relationships with technology and business teams across the company.
- Interact routinely with managed service providers, vendors, consultants/advisers and professional organizations.
- Occasional travel to company divisions outside of the corporate office location may be required.
QUALIFICATION REQUIREMENTS: These represent the desired qualifications of the ideal candidate. They are not meant to limit consideration for candidates who do not meet all of the standards listed. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
EDUCATION: Bachelor's or Master's degree in a computer or information management or related field EXPERIENCE: 3-5 years' experience in an information security operations management, 1-3 experience working with or managing a managed-service provider is a plus. 2-4 years' experience in security architecture and/or security strategy role.
OTHER QUALIFICATIONS: - At least one of CISSP, CISM or CRISC preferred.
- Strong attention to detail, influencing and problem resolution skills.
- An outgoing personality is a MUST for this position.
AnewHealth offers a comprehensive benefit package for full-time employees that includes medical/dental/vision, flexible spending, company-paid life insurance and short-term disability as well as voluntary benefits, 401(k), Paid Time Off and paid holidays. Medical, dental and vision coverage are effective 1st of the month following date of hire.
AnewHealth provides equal employment opportunity to all qualified applicants regardless of race, color, religion, national origin, sex, sexual orientation, gender identity, age, disability, genetic information, or veteran status, or other legally protected classification in the state in which a person is seeking employment. Applicants are encouraged to confidentially self-identify when applying. Local applicants are encouraged to apply. We maintain a drug-free work environment. Applicants must be eligible to work in this country.