Manager - Cybersecurity

US Anesthesia Partners is the highest-quality single-specialty anesthesia practice in the United States, with over 5,000 employees distributed across 12 states. Our clinical and non-clinical staff support each other as they work toward a common vision: Empowering people to advance exceptional care.

The Cybersecurity Manager is responsible for managing the development, assessment process, and tracking of cybersecurity policies, procedures, and controls to ensure compliance with relevant regulations and standards. This role involves collaborating with internal stakeholders across various departments to assess, monitor, and mitigate cybersecurity risks.

Salary range: $120,000 - $150,000 base + 15% annual bonus target 

• Develops and maintains cybersecurity governance, risk management, policies, procedures, and standards in compliance with regulatory requirements (e.g. HIPAA, PCI DSS) and industry best practices (e.g., NIST Cybersecurity Framework, ISO/IEC 27001, HITRUST).
• Conducts regular risk assessments to identify cybersecurity vulnerabilities and gaps in compliance.
• Coordinates and facilitates audits, assessments, and compliance reviews conducted by external auditors or regulatory agencies.
• Monitors changes in regulatory requirements and industry standards and ensure that cybersecurity programs are updated accordingly.
• Monitors and reports on key performance indicators (KPIs) and metrics related to governance, risk, and compliance activities to senior management and stakeholders.
• Collaborates with internal stakeholders to implement cybersecurity controls and measures to mitigate identified risks.
• Provides guidance and support to business units on cybersecurity compliance matters.
• Develops and delivers cybersecurity training and awareness programs for employees.
• Maintains Third Party Risk Management program to include performing risk assessments of new and existing vendors and communicates results of assessments to stakeholders.
• Participates in incident response activities, including investigating security breaches and implementing corrective actions.
• Prepares and maintain documentation related to cybersecurity compliance efforts, including policies, procedures, and audit reports.
• Stays informed about regulations, frameworks, emerging cybersecurity threats, trends, and technologies to continuously improve the organization's cybersecurity posture.

• Required: Minimum of 10 years IT experinece with at least 4 of those years managing or leading GRC or IT Compliance programs. 
• Required: At least one professional level certification in a related subject area such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems (CRISC).
• In-depth knowledge of cybersecurity regulations, standards, and frameworks (e.g. HIPAA, HITRUST, PCI DSS, NIST Cybersecurity Framework, ISO/IEC 27001).
• Experience conducting risk assessments, audits, and compliance reviews.
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills, with the ability to effectively collaborate with stakeholders at all levels of the organization.
• Ability to work independently and manage multiple priorities in a fast-paced environment.
• Expertise with Governance, Risk, and Compliance (GRC) tools.
• Familiarity with cybersecurity tools and technologies used for monitoring, detection, and prevention.

*The physical demands described here are representative of those that may need to be met by an employee to successfully perform the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Occasional Standing

• Occasional Walking

• Frequent Sitting

• Frequent hand, finger movement

• Use office equipment (in office or remote)

• Communicate verbally and in writing