Who you are:
The IT Security Manager plays a vital role in safeguarding the integrity of USHG's IT infrastructure. This role involves continuously monitoring cybersecurity alerts and events across the security stack to identify, analyze, and escalate potential cyber threats. These threats may stem from external cybercriminals or malicious insiders, posing risks to critical infrastructure and sensitive data. Utilizing advanced security tools and thorough business process reviews, the IT Security Manager collaborates closely with the technology team, vendors, and business units to strengthen USHG's security posture. Specializing in key domains within cybersecurity, the security manager provides both proactive and reactive support to detect, mitigate, and advise on security threats. Their expertise is crucial in ensuring the protection of USHG's digital assets and in driving forward the organization's security initiatives.
What you'll do:

• Cultivate a culture of Enlightened Hospitality for all stakeholders that supports our business objectives and growth.
• Monitor and analyze security events using a range of security tools and technologies to detect and respond to potential threats.
• Investigate and address security incidents, conducting thorough root cause analysis and implementing effective threat mitigation strategies.
• Conduct regular vulnerability assessments, penetration testing, and security audits to identify, evaluate, and remediate potential security risks and gaps.
• Maintain security frameworks and lead compliance initiatives, including NIST, ISO 27001, and PCI DSS, with the expertise to effectively interpret and customize these standards to align with the organization's specific needs.
• Develop, implement, and maintain comprehensive security policies, procedures, and guidelines to safeguard sensitive information and ensure compliance with industry standards.
• Review and approve configurations for critical network components such as firewalls, IDS/IPS, VPN gateways, load balancers, WAFs, SSL certificates, and more.
• Deliver targeted security awareness training to employees and stakeholders, fostering a culture of security mindfulness throughout the organization.
• Collaborate closely with IT and other departments to seamlessly integrate security measures across all business operations, ensuring a cohesive security strategy.
• Prepare detailed reports and documentation to support security initiatives.
• Stay informed of the latest security trends, emerging vulnerabilities, and industry best practices, proactively enhancing USHG's security posture.
• Perform additional responsibilities as needed and other duties as assigned to support team objectives and operational success.

What we need from you:

• A minimum of 5 years in an IT Security Operations Lead or Sr. Security Analyst role.
• Proficiency in Endpoint Detection and Response tools like Crowdstrike is preferred.
• Solid understanding of cloud technologies, such as AWS, with strategies for securing both cloud infrastructure and applications.
• Experience with IAM tools and technologies, such as Okta and Microsoft Entra ID is preferred.
• Skilled in supporting and optimizing Microsoft Defender is preferred.
• Active participation in vulnerability and penetration testing engagements.
• Expertise in managing and analyzing logs from various networking technologies, including Firewalls, Network Switches/Routers, DNS Servers, WAFs, etc.
• Technical knowledge and experience with a variety of network protocols.
• Familiarity with multiple computing platforms, such as Windows, OSX, Linux, and the ability to secure networks and endpoints across these platforms.
• Familiarity with change and project management frameworks, like ITIL, to manage security changes effectively.
• Demonstrates ability to stay current with the evolving threat landscape, adapting to new threats as they arise.
• Strong critical thinking skills to facilitate informed and secure decisions, leveraging a data-driven approach to security.
• Highly effective communication skills, with the ability to influence business units and effectively communicate business risk related to information security.
• CISSP, CISM, or other advanced security certifications are highly desirable.

What you'll get from us:

• Annual salary of $90,000 plus bonus potential
• Comprehensive Medical, Dental, and Vision insurance
• Paid Time Off to support you with an active life outside of work
• Paid Parental Leave
• Life Insurance
• Flexible Spending Options (health care, dependent care, transit & parking)
• Employee Assistance Program to support overall mental wellbeing Exclusive access to primary care, mental health, and other healthcare services
• Annual dining credit and 51% dining discount throughout the USHG family of restaurants
• Matched 401(k) to help you invest in your future
• Access to the USHG HUGS Employee Relief Fund