Member Security Program Manager

Position Description

The Member Security Program Manager is responsible for the staff and vendor management associated with the OPTN Member Information Security program. This program encompasses access management, security awareness, risk and compliance oversight and incident response reporting for all OPTN member organizations. This individual ensures the daily operations of the services supporting these capabilities are operating and optimized including implementation and monitoring of metrics ensuring the program is effective.  This individual shall work closely with the member community and with the OPTN Network Operations Oversight Committee (NOOC) to ensure the program is adding value to the OPTN community.

Security risk management is a high priority for this position as the manager in this role will be responsible for the risk assessment program, audit processes, risk document and oversight of remediation actions associated with members.  The program will initially begin using staff augmentation resources and it is the responsibility of the manager to ensure deliverables are managed and oversight of the program via the vendor.

This individual will be responsible for ensuring security concerns, events or incidents are appropriately handled from the initiation of the action through response and closure as reported by the members.  This individual will be responsible for leading the Member Computer Security Incident Response Team and work closely with the member to ensure member incidents are contained and there is no contamination with the UNOS systems.  This individual will ensure prompt response to incidents in an efficient, process driven approach to minimize downtime and prevent or minimize service interruptions. 

The manager of this program will ensure the following requirements are addressed for all OPTN member organizations who use the OPTN Computer System:

• Security framework and controls is in place for all OPTN members
• Access management controls and processes are functioning as intended to ensure appropriate access is maintained throughout the member community as well as control processes are maintained.
• Readiness assessment and self-attestation from members on the security framework is in place
• Periodic auditing and compliance monitoring for security requirements is completed.
• Security requests for information (data calls) are sent to the member community with appropriate responses.
• Development of an incident management response plan for OPTN Members.
• Security training for all individuals with access to the OPTN Computer System.

This individual will lead the daily operational work of the UNOS staff performing the access management function as well as interface with the UNOS Incident Response teams to ensure responses to member incidents via the internal staff or contracted out to the vendor. 

This individual needs to be highly skilled in finding a risk-balanced approach to security and be able to educate and communicate with the UNOS staff as well as the OPTN member community in order for them to fully understand the implications of opening risk to the environment and being able to effectively find alternative solutions to mitigate risk and reduce the threat landscape through compensating controls before acceptance of risk.

Key Responsibilities:

• Responsible for the technical and process direction.
• Serve as team leader and mentor in developing team goals as well as individual performance and development goals
• Provide technical leadership and oversight as the team develops processes and technologies that provide support for member incidents.
• Develop and publish measurements and metrics to track performance of the program and systems and that help reflect the security posture and risk of the member community.
• Foster a team environment of curiosity and continuous improvement
• Recruit, mentor, coach and develop team members
• Partner with all IT teams as well as other business partners to develop standard processes to ensure successful operations and responses to security and system events and proper escalations
• Partner across the organization to ensure the development and implementation of comprehensive services and solutions to meet business requirements
• Assist in the development and management of budgets for capital and operating expenses
• Communicate both verbally and in writing, to explain how the various technical pieces work to provide useful solutions to the business.
• Participate in security and system incident response including providing initial triaging of incidents and resolution. 

Minimum Requirements

• 8 years of IT Risk Management, system assessment or security auditing experience required.
• 2 years overall people management experience strongly preferred.

Critical Skills

• Experience in providing vendor management preferred. 
• Ensure information security compliance with regulatory control frameworks including, but not limited to NIST, HIPAA and other.
• Experience leading or participating in Information Security Auditing
• Experience in Incident Management with preference at a leadership level
• Experience with network and/or security operations centers
• Experience using ITIL practices for change, incident and problem management
• Being an effective leader for change, incident and problem management
• History of demonstrating excellent technology leadership and decision making
• Experience building dashboards to accurately reflect the user experience
• Experience developing metrics that demonstrate success of team and processes
• Experience leading and directing teams, including performance management
• Experience leading multiple large projects, leading definition, selection and implementation of security tools, technologies and processes
• Hands-on experience implementing and administering information security, infrastructure and software systems.
• Experience evaluating potential solutions, selecting and recommending the best solution
• Experience producing design documents that are used by others to effectively implement solutions
• Ensure all risks are handled and stake holders are able to make informed decisions concerning risk acceptance. 
• Identify opportunities for continuous improvement and drive efficiencies in departmental process and procedures
• Be an extremely effective communicator understanding the significance and appropriate use of various communication channels and tone based on circumstances and audience
• Makes effective independent decisions relating to day-to-day issues that do not require team discussion, input or agreement.
• Involve fellow team members in collaborative decisions based upon member/customer feedback.

Additional Skills & Qualifications

• Experience managing a team of remote employees
• Demonstrated ability to understand the information security controls and tools in order to understand the environment and requirements for securing the environment as well as responding to any events or incidents quickly.
• Ability to strategically analyze and articulate risks, benefits and opportunities associated with a proposed design or solution.
• Ability to multi-task and handle numerous assignments simultaneously.
• Strong leadership skills and the ability to take initiative.
• Familiarity with cloud-based platforms (AWS, Azure)
• Ability to review and mentor the work of others
• Ability to estimate total costs of proposed solutions, including effort, acquisition costs and on-going costs
• A bias for action and a curious nature that is comfortable questioning the status quo
• The ability to instill trust and confidence in business partners and team members

Education

•  4-year degree in Computer Science/Engineering, Information Systems or related field of study, or equivalent professional IT work experience required
•  One or more of the following certifications are strongly preferred (CISA, CISSP, CISM, etc)

Physical Requirements

General office demands

About Us

UNOS Benefits

Authorization

Agency Statement

UNOS provide equal employment opportunity for all applicants and employees. It will not unlawfully discriminate or permit harassment against any employee or applicant on the basis of race, ethnicity, color, religion, national origin, gender, age, disability, familial or marital status, military or veteran status, sexual orientation, gender identity and expression, genetic information, or any other characteristics or classification protected under applicable law (“protected categories”). This policy applies not only to hiring, but also to working conditions, benefits and privileges of employment, training, appointments for advancement, transfers, layoffs, recalls, terminations of employment and all other terms and conditions of employment.

UNOS is also an affirmative action employer. It takes affirmative action to recruit and provide opportunities for advancement to qualified females and minorities, individuals with disabilities, special disabled veterans and other protected veterans. It hires and promotes based on job-related requirements and individual qualifications. Action is taken to ensure the fulfillment of this policy as to all phases of the employment process including hiring, placement, training, upgrading, transfers and/or demotions, recruiting, layoffs and termination of employment.

UNOS invites individuals with disabilities and protected veterans to identify themselves, if they wish to do so. Such communication will be kept as confidential as possible and will be used only in accordance with the law. Candidates may contact the EEO/AA Officer at human.resources@unos.org to self-identify or request an accommodation.

EEO is the Law | EEO is the Law Supplement | E-Verify Participation English/Spanish | Right to Work | Right to Work Spanish | Pay Transparency