TVM Program Lead

INTEGRIS Health • Oklahoma City, OK, US • 18h ago

Job Description

INTEGRIS Health Two Corporate Plaza Bldg, Oklahoma’s largest not-for-profit health system has a great opportunity for a TVM Program Lead in Oklahoma City, OK. In this position, you’ll be a part of our IT Standards team providing exceptional work supporting the INTEGRIS Health caregivers and the community at large. If our mission of partnering with people to live healthier lives speaks to you, apply today and learn more about our recently enhanced benefits package for all eligible caregivers such as, front loaded PTO, 100% INTEGRIS Health paid short term disability, increased retirement match, and paid family leave. We invite you to join us as we strive to be The Most Trusted Partner for Health.

The TVM (Threat & Vulnerability Management) Program Lead will be responsible for strategizing and leading the TVM Program for the organization.

Responsibilities

Research, design, and implement cyber security solutions for organization systems and products that comply with all applicable security policies and standards
Develops, implements, and oversee the company’s Vulnerability & threat management programs to protect Central Hudson’s assets and critical infrastructure
Overall responsibility for Vulnerability Assessment and Management
Leads the design, implementation, and management of the organization’s vulnerability management program
Conducts regular vulnerability assessments and scans to identify potential security weaknesses in IT & OT systems and networks
Prioritizes vulnerabilities based on risk, impact, and exploitability
Provides clear remediation guidance to IT teams
Risk Analysis and Mitigation
Analyzes vulnerability data to identify trends and develop strategies for mitigating risks
Develops and maintain a vulnerability risk register and track remediation efforts to closure
Assist in the investigation and response to security incidents, leveraging vulnerability data to understand attack vectors and prevent future occurrences
Generates and delivers regular reports on vulnerability management activities and risk posture to senior management and relevant stakeholders
Develops metrics and KPIs to measure the effectiveness of the vulnerability management program.
Continually develops and manages roadmaps, strategy and maturity of the cybersecurity vulnerability management program by partnering with key stakeholders across The Company
Develops and implements cybersecurity policies and procedures
Leads and manages the day-to-day vulnerability governance
Leads a team to defend against threats, reduce risk, and mitigate vulnerabilities across the Company
Works closely with software development, DevOps, and IT teams to integrate security into the software development lifecycle (SDLC)
Drives application security program, policies, and procedures
Establishes and enforce secure coding standards and practices across development teams
Integrates security tools and processes into the CI/CD pipeline to automate security checks
Conducts regular security assessments, including static and dynamic application security testing (SAST/DAST), to identify vulnerabilities in software applications
Performs threat modeling, code reviews, and penetration testing to uncover potential security weaknesses
Provides detailed reports on findings and work with development teams to remediate identified vulnerabilities
Identifies and implement automation opportunities
Implements continuous improvement over people, process, and technologies
Participates in incident response and investigation activities, ensuring timely resolution
Conducts regular risk assessments and vulnerability management processes
Leads teams in threat hunting measures
Collaborates with IT and other departments to ensure a cohesive and effective security posture
Stays updated on emerging cybersecurity threats and technologies
Coordinates with external vendors and stakeholders on security matters
Develops and deliver security awareness training programs for employees
Monitors and reports on key security metrics to executive leadership
Manages and guides third party vendor relationships related to the cybersecurity operations program
Supports the escalation of risks, issues, actions, & decisions within the program
Conducts risk assessments and develop strategies to mitigate potential threats and vulnerabilities
Collaborates with cross-functional teams to integrate security measures into business processes and technology solutions
Stays up to date with the latest cybersecurity trends, threats, and technologies to continuously improve the vulnerability management program
Establishes and maintains relationships with key stakeholders, communicating security policies, incidents, and mitigation strategies.
Ensures compliance with relevant regulations and standards
Provides storm/emergency response support

Qualifications

Bachelor’s degree in Computer Science, Information Technology or related field of study and 5 years of relevant experience. In lieu of a bachelor’s degree, an associate’s degree with 7 years of relative experience or a high school diploma or equivalency degree and 9 years of related experience will be considered.
At least 5 years of vulnerability management experience
At least 5 years in a security related role
Proven leadership, facilitation, and organizational skills
Experience with incident response
Experience with creating and maintaining external and internal relationships with key stakeholders
Understanding of cybersecurity frameworks, standards, and best practices
Excellent knowledge of vulnerability management, and risk assessment
Strong leadership skills, with the ability to manage and mentor a team
Excellent communication skills, with the ability to collaborate effectively with diverse teams
Familiarity with regulatory requirements and compliance frameworks
Analytical mindset with the ability to assess complex situations and make informed decisions
Ability to present at all levels of the organization
A strong background with an understanding of the intersection between business and cybersecurity to improve security practices
Ability to influence business decision-making by providing quantitative/qualitative data analytics, metrics, and analysis
A results-oriented mindset with the ability to solve problems and make decisions
Ability to work with limited direct supervision and professionally respond to constructive feedback

Knowledge and Skills

Candidates will be evaluated based on their ability to perform the duties listed above while demonstrating the skills and competencies necessary to be highly effective in the role. These skills and competencies include:

Ability to work both independently and as part of a team to implement new and mature existing security infrastructure and tools.
Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
An ability to effectively influence others to modify their opinions, plans, or behaviors.
Strong problem-solving and trouble-shooting skills
Strong knowledge of common vulnerabilities and exploitation techniques
Strong documentation skills, especially with architecture diagrams and tool roadmap development.

Preferred

Experience in the Healthcare industry
Experience with threat hunting and threat modeling
Experience with application security
Knowledge of application security tools and technologies (e.g., SAST, DAST, RASP, WAF)
Proficiency in programming and scripting languages (e.g., Java, C#, Python, JavaScript)
Understanding of common security vulnerabilities (e.g., OWASP Top Ten) and how to mitigate them
Experience with Microsoft PowerBI
Experience with data visualization tools
Relevant certifications such as CISSP, CISM, or comparable