Henry Ford Health

GENERAL SUMMARY:

The Vulnerability Management Services (VMS) Manager oversees the personnel and security programs associated with the VMS team. The VMS security programs include application security, threat intelligence, security awareness, policy compliance, and vulnerability management.

The VMS Manager reports to the Deputy Information and Privacy Security Officer. In conjunction the VMS Manager in a collaborative effort with cross functional groups such as to ensure processes, services, and technologies are implemented and operationalized to meet both the needs of the business and regulatory requirements. Work closely with multiple teams across the organizations that include, Legal, Risk Compliance, IT, and others to improve and mature vulnerability management controls.

Provides functional leadership and supervision to direct reporting staff. (Including staff scheduling, performance, and development management). Manages the reporting employee lifecycle by maintaining a diverse, efficient, and effective workforce. Regularly meets with direct reports for feedback, mentoring, support, and career development including performance expectation to ensure continuous value. Maintains a culture of customer service, disciplined business conduct, and healthy communication.

PRINCIPLE DUTIES AND RESPONSIBILITIES:

• Continually assess and deliver a VMS Roadmap that both matures and operationalizes security by delivering in the following key VMS Programs:
  • Integrated Information Resilience Services (IIRS)
  • Security Awareness
  • Policy Compliance (Secure Configuration)
  • Threat Intelligence
  • Vulnerability Management
  • Application Security
  • Responsible for strategy and execution of vulnerability assessments and security baseline configuration compliance scans across workstation, network, PCI environments.
• Possess technical skills and extensive working experience with vulnerability management tools, static and dynamic testing, and threat intelligence.
• Excellent communication skills and can articulate vulnerabilities, threats, and risks to non-technical stakeholders.
• Ensure VMS related program roadmaps consider business initiatives, regulatory requirements, audit/gap assessment findings, and business risk appetite.
• Be a champion for vulnerability management and information security including broadening awareness and use of the team’s services, education of security best practices and integration with other business areas.
• Drive actionable metrics and reporting for operations and leadership transparency.
• Provide prompt attention and visibility into risks, vulnerabilities, and issues serving as an escalation path for team member effectiveness.
• Serve as subject matter expert related to vulnerability management, policy compliance, and related programs.
• Develop enterprise policy and technical standards with specific regard to VMS programs.
• Be able to successfully partner with other security and IT teams to assess potential impact from vulnerabilities with the intent to determine and implement mitigating controls.
• Identify and recommend appropriate measures to manage and remediate vulnerabilities and reduce potential impacts on information resources to a level acceptable to the business.
• Build strong partnerships with technical teams to promote best practices for managing vulnerabilities in an agile manner and within cloud solutions.
• Fully understand business requirements and to define appropriate security solutions objectives while meeting the business need.
• Providing mentorship, coaching, performance management and support to team members about vulnerability assessment, communication/rapport with other divisions and various levels of leadership, technical expertise, and career development.
• Establish and maintain vulnerability management SLAs.

EDUCATION AND EXPERIENCE:

• Master's degree in technology, business administration, information systems, computer science related field, required.
• Minimum 8 years of experience leading vulnerability management teams or related IT Security teams - health care industry preferred.
• Including relevant experience in the following key areas:
  • Vulnerability scanning
  • Managing others
  • Baseline configuration scanning
  • Qualys or other commercial vulnerability scanner tool
  • Threat intelligence, application security, and security awareness programs
• Familiar with the following:
  • Federal and state healthcare information regulations and requirements (e.g. HIPAA)
  • Information security best practices, NIST Cybersecurity Framework and common risk frameworks.
• A service focused team player who can lead and mentor team members.
• Excellent customer service and interpersonal skills demonstrated both over the phone and face-to-face to communicate technical information in non-technical terms.
• Consensus building and collaborative interpersonal skills.
• Good presentation skills.
• Ability to work under pressure, establish priorities and respond with urgency.
• Self-motivated with excellent verbal and written skills.

CERTIFICATIONS/LICENSURES REQUIRED:

• CISSP, CISM, or CISA is required.

Additional Information

• Organization: Corporate Services
• Department: Info & Network Security Srvcs
• Shift: Day Job
• Union Code: Not Applicable

Additional Details

This posting represents the major duties, responsibilities, and authorities of this job, and is not intended to be a complete list of all tasks and functions. It should be understood, therefore, that incumbents may be asked to perform job-related duties beyond those explicitly described above.

Overview

Henry Ford Health partners with millions of people on their health journey, across Michigan and around the world. We offer a full continuum of services – from primary and preventative care to complex and specialty care, health insurance, a full suite of home health offerings, virtual care, pharmacy, eye care and other health care retail. With former Ascension southeast Michigan and Flint region locations now part of our team, Henry Ford’s care is available in 13 hospitals and hundreds of ambulatory care locations. Based in Detroit, Henry Ford is one of the nation’s most respected academic medical centers and is leading the Future of Health: Detroit, a $3 billion investment anchored by a reimagined Henry Ford academic healthcare campus. Learn more at henryford.com/careers.

Benefits

The health and overall well-being of our team members is our priority. That’s why we offer support in the various components of our team’s well-being: physical, emotional, social, financial and spiritual. Our Total Rewards program includes competitive health plan options, with three consumer-driven health plans (CDHPs), a PPO plan and an HMO plan. Our team members enjoy a number of additional benefits, ranging from dental and eye care coverage to tuition assistance, family forming benefits, discounts to dozens of businesses and more. Employees classified as contingent status are not eligible for benefits.

Equal Employment Opportunity/Affirmative Action Employer

Equal Employment Opportunity / Affirmative Action Employer Henry Ford Health is

committed to the hiring, advancement and fair treatment of all individuals without regard to

race, color, creed, religion, age, sex, national origin, disability, veteran status, size, height,

weight, marital status, family status, gender identity, sexual orientation, and genetic information,

or any other protected status in accordance with applicable federal and state laws.