Cyber Security Manager

We appreciate your interest in our organization and assure you that we are sincerely interested in your qualifications. A clear understanding of your background and work history will help us potentially place you in a position that meets your objectives and those of the organization. Qualified applicants are considered for positions without regard to race, color, religion, sex (including pregnancy, childbirth and breastfeeding, or any related medical conditions), national origin, ancestry, age, marital or veteran status, sexual orientation, gender identity, genetic information, gender expression, military status, or the presence of a non-job related medical condition or disability (mental or physical). KHS reasonably expects to pay starting compensation for the position of Cyber Security Manager in the range of $132,512 -172,265 annual "On-Site Position" About us Kern Health Systems is dedicated to improving the health status of our members through an integrated managed health care delivery system. About the role The Cybersecurity Manager is responsible for leading and managing the information security program to ensure the confidentiality, integrity, and availability of the organization's information assets. This role involves developing, implementing, and maintaining security policies, procedures, and standards, as well as overseeing the day to day activities of the Information Security program and team. In collaboration with Directors within Management Information Systems (MIS), the Cybersecurity Manager supports the development of cybersecurity strategies, governance frameworks, policies, procedures, reporting, and incident response capabilities across the organization. The Cybersecurity Manager monitors, reviews, and approves Information Security (InfoSec) decisions prior to implementation and provides security oversight and guidance for systems, networks, and technology solutions. Incumbents are expected to possess a strong understanding of systems, networks, and telecommunications architectures sufficient to assess risk, define security requirements, and ensure secure design and operation. This role requires strong organizational, planning, and leadership skills to manage distributed initiatives, coordinate cross functional efforts, and support security training and awareness activities as required. Essential Duties and Responsibilities Cybersecurity Program & Roadmap Management Lead and manage the enterprise information security program, ensuring alignment with organizational goals, regulatory requirements, and risk tolerance. Own and maintain the cybersecurity roadmap, translating strategy into prioritized initiatives, milestones, and measurable outcomes. Track execution progress, risks, and dependencies, and provide regular reporting on cybersecurity posture and maturity to executive leadership. Governance, Risk, and Compliance (GRC) Design, implement, and maintain the Information Security Management System (ISMS) aligned with

ISO/IEC 27001.

Lead planning, readiness, and execution activities for

ISO/IEC 27001

certification, including gap assessments, remediation efforts, and internal audits. Oversee HITRUST framework adoption and ongoing maturity, including control mapping, evidence management, and third party assessments. Ensure continuous HIPAA Security Rule compliance through risk assessments, control monitoring, remediation tracking, and audit readiness. Develop, maintain, and govern cybersecurity policies, standards, and procedures, ensuring regular review, version control, and organizational adoption. Conduct and oversee enterprise security risk assessments and support organizational risk management processes. Microsoft Security & Data Protection Drive continuous improvement of Microsoft Security Secure Score by prioritizing and overseeing implementation of recommended security controls. Provide oversight of Microsoft security platforms (e.g., Microsoft Defender) supporting identity, endpoint, email, and cloud security. Manage Microsoft Purview for information protection, data loss prevention (DLP), retention, and compliance policy enforcement. Utilize Microsoft Purview to support policy and procedure governance, documentation management, and compliance reporting. Security Operations Oversight Provide cybersecurity oversight and guidance to IT Operations teams responsible for infrastructure, networks, endpoints, and cloud services. Ensure security requirements are embedded into system design, configuration standards, and change management processes. Oversee vulnerability management, security monitoring, and incident response coordination. Lead or support security incident investigations, root cause analysis, and remediation planning. Vendor, Audit, and Stakeholder Management Evaluate, select, and manage cybersecurity related vendors, tools, and services. Coordinate external audits, assessments, and testing activities related to cybersecurity and compliance. Serve as the primary cybersecurity liaison with auditors, regulators, and internal oversight bodies. Partner with Privacy, Compliance, Legal, and business stakeholders to address findings, risks, and remediation efforts. Leadership & Program Management Lead, mentor, and develop cybersecurity staff and/or matrixed resources. Promote security awareness and training initiatives to strengthen organizational security culture. Support cybersecurity budgeting, resource planning, and prioritization activities.

Employment Standards:

Bachelor's degree in Information Security, Computer Science, Information Systems, or a related field or equivalent experience required. Minimum of 8 years of progressive experience in cybersecurity, information security, or risk management within a regulated environment (healthcare preferred). 4 of 8 years of progressive supervisory experience should include direct leadership of professional staff, leading cybersecurity programs, governance initiatives, and cross functional security efforts.

Preferred Certifications:

CISSP, CISM, CRISC, HCISPP, or equivalent. We are an equal opportunity employer, dedicated to a policy of non-discrimination in employment on any basis.