Information Security Manager
Who You Are
You are an experienced IT security professional with a proven track record in developing and implementing robust information security policies and practices. With a passion for protecting sensitive data and ensuring regulatory compliance, you thrive in dynamic, fast-paced environments. You excel at collaborating cross-functionally with teams across quality, regulatory, and engineering, ensuring the organization’s security framework remains strong. Your strategic mindset, attention to detail, and methodical approach allow you to assess risks, enhance processes, and maintain compliance, positioning you as a key driver in safeguarding our overall security posture.
What You Will Do
As the Information Security Manager, you will own the Turing Information Security Program. This includes both the creation of policies, procedures, and guidelines as well as the implementation and improvement of the program. Your focus will be on core organizational security needs, including data protection, incident response, disaster recovery, and risk management. You will regularly assess the company’s security posture, develop training programs to educate employees on best practices, and coordinate cybersecurity audits and compliance initiatives. You will also own the corporate IT function, including the enterprise IT infrastructure, employee laptop management, IT helpdesk, and overall IT improvement roadmap.
Key responsibilities include:
- Developing, implementing, and maintaining information security and IT policies and procedures
- Ensuring compliance with relevant regulatory frameworks and standards, starting with HIPAA compliance for patient privacy and security
- Collaborating with DevOps and cloud infrastructure engineers to align security strategies
- Leading risk assessments, vulnerability management, and incident response
- Managing internal and external security audits
- Developing and delivering security awareness programs for employees
- Identifying, assessing, and mitigating security risks to protect company data and intellectual property
- Leading continuous improvement initiatives in information security processes
- Developing and executing the corporate IT roadmap, including employee laptop management, helpdesk support, and enterprise software administration
- Ensuring the reliability and performance of IT systems to minimize downtime and enhance productivity.
What You Need - 5+ years in Healthcare Information Security or another highly regulated industry
- Demonstrated experience as an IT Specialist with a willingness to get your hands dirty
- Expertise in achieving and maintaining SOC 2 certification and compliance with standards like HIPAA and GDPR
- Experience implementing and maintaining centralized device management and IT asset management
- Demonstrated history of creating and executing and IT Roadmap & Strategy
- Experience implementing Zero Trust best practices
- Expertise in Windows network management and support
- Bachelor’s degree in computer science or information technology, or equivalent work experience
- Excellent verbal and written communication skills with exceptional attention to detail
Nice to have - Experience with Software as a Medical Device (SaMD), including IEC 62304, FDA 21 CFR Part 820, HIPAA, GDPR, and other relevant medical cybersecurity regulations and standards
- Strong understanding of cloud security best practices (AWS preferred)
- Basic proficiency in Python and SQL
- Masters degree in computer science or information systems