Information Security Manager

About the role

The Manager, Information Security, is responsible for leading a team of security analysts to protect enterprise systems and PHI, ensuring compliance with HITRUST, HIPAA, SOC 2 and related regulatory frameworks while maturing detection, response, and governance capabilities. This role will handle day-to-day management of security operations and continuous compliance monitoring. The manager information security is a hands-on technical role that should be proficient in incident response, threat hunting, vulnerability management, creating automation, and integrating systems into SIEM. ESSENTIAL DUTIES & RESPONSIBILITIES Leadership & Strategy Driving cybersecurity maturity with continuous improvement of controls Continuously evaluating and managing the cyber and technology risk posture of the organization Lead Marathon Health's internal and outsourced security teams to execute on the roadmap defined by our CISO Lead the security team response to security incidents and breaches. Lead security awareness and training programs across the organization, with tailored content for clinical staff handling PHI Technical Execution Manage the prospect, client and 3rd party security assessment fulfillment process. Identify and manage vulnerabilities Developing and implementing comprehensive risk treatment plans to protect Marathon's assets Monitoring compliance with the information security policies Keeping up to date with IT security standards and emerging threats Maintain up-to-date knowledge of emerging technologies and services that will help Marathon maintain its technical edge and evolution Architect, prioritize, coordinate, and communicate the choice of security technologies necessary to ensure a highly secure yet frictionless computing environment Assists in the evaluation of overall risk for IT systems and the data they contain and process, accounting for the people, processes, and technologies that provide security controls Maintain and continuously improve SOC2/HITRUST CSF certification; ensure security control ownership, evidence collection, and audit readiness are operationalized across all responsible domains Manage and enforce a comprehensive information security program covering identity and access management, vulnerability management, endpoint protection, network security, incident response, and third-party risk Collaboration & Cross-Functional Delivery Work with cross-functional teams including Technology, Legal, Privacy, Finance, Internal and External Auditors to achieve corporate objectives relating to information and data security Partner with legal and compliance teams to create and support a security culture through education and awareness programs designed to reduce the risks to the enterprise while also engaging key business leaders to ensure business unit involvement Monitor compliance with HIPAA, SOC 2, state-level data privacy regulations, and contractual security requirements across all employer and health plan clients Team Development Provide technical leadership, guidance and mentoring to Security Analysts. Conduct regular performance reviews, training, and career development planning. Promote knowledge sharing and best practices across the team.

Requirements

• Experience owning or co-owning HITRUST CSF certification (or equivalent compliance framework such as SOC 2, ISO 27001).
• HITRUST Certified Common Security Framework Practitioner (CCSFP) or equivalent HITRUST training
• One or more professional security certifications: CISSP, CISM, or CISA.
• AWS Security Specialty or equivalent cloud security certification
• CRISC (Certified in Risk and Information Systems Control)
• AI governance or responsible AI certifications (e.g., ISACA AI Audit certificate, Certified AI Governance Professional)
• Travel is required for up to 15%, team meetings, clinic visits, audit support
• DESIRED ATTRIBUTES
• Demonstrated ability to translat

Benefits

Additional Information

Marathon Health is a leading advanced primary care provider, partnering with employer and union plan sponsors to improve health for millions of Americans. With nationwide onsite, nearsite, and network health centers, and virtual primary care, Marathon delivers a value-based model that enhances the healthcare experience for members and providers, while driving meaningful cost savings for plan sponsors. Marathon is proud to be certified as a Great Place to Work®, reflecting the company's commitment to building an inclusive, high-trust culture where all employees can thrive. Learn more at marathon.health

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at marathonhealth? Share your experience