Manager - Security Program Management - Greenville, NC

Apply Now


Vidant Health

Full Time



About Vidant Health

Vidant Health, located in eastern North Carolina, is a comprehensive health system that is made up of 8 hospitals that serve 1.4 million people in 29 counties. Vidant Health includes Vidant Medical Center, community hospitals, physician practices and partners that collaborate with Vidant Health to enhance the quality of life of our patients.


 Information Services at Vidant Health

Vidant Health offers comprehensive Information Technology (IT) services and infrastructure to support and enable all aspects of organizational operations. Our IT division consists of a state-of-the-art data center located in Greenville, NC. The data center services all information technology needs of Vidant Health facilities. Vidant Health has been recognized as one of the 100 Most Wired healthcare organizations by Hospitals and Health Networks magazine. All Vidant Health owned or leased hospitals are on a common IT platform, including our electronic health record (EHR) that uses Epic's suite of applications. Vidant Health has achieved Meaningful Use Stage 1 recognition and is also approaching Stage 7 for HIMSS Analytics’ Electronic Medical Records Adoption Model (EMRAM) recognition. 


Responsible for strategy development, program and project management for Information Security at Vidant Health. The manager reports to the Director of Information Security and assist in developing of an Information Security Strategic framework - comprised of strategic principles, objectives, supporting domains & capabilities, and enablers (people, process, and technology). The manager will "operationalize" security strategy and rationalize security plans and goals into programs and projects that address system-wide risks, improve information security capability maturity, and support longterm strategic initiatives. The manager will develop the information security budget, track financials (planned vs. actual) and work closely with the Project Management Office to leverage existing process and protocols. The manager will develop risk management strategies for Identity & Access Management and Information Asset Management to protect the confidentiality, integrity and availability of electronic personal health information (PHI). This position is graded at a manager level, but the candidate is expected to be a very hands-on active member of the team helping to drive objectives forward as much or more than their team members. Applicants without direct experience with information technology governance as well as identity and access management need not apply.

  • Strategic and Tactical IS Support. Demonstrates a commitment to supporting the business needs of Vidant Health by collaborating with business stakeholders in the selection and implementation of new technologies and adaptation of existing systems.
  • Participates and consults with business operating units to identify the IS implications of their strategic and operating plans.
  • Identify and recommend opportunities to leverage existing systems and/or new and emerging technologies where appropriate.
  • Contributes to the development of a multi-year roadmap for the Information Security Program and processes that is inclusive of system upgrades, enhancements, and implementation activities that address Vidant business plans, vendor product developments and support Vidant policy and applicable regulatory requirements.
  • Ensures utilization of Vidant's IS project management methodology to improve processes to select, prioritize and implement IS enabled business initiatives so they are delivered on-time, within budget and meet the stated business objectives. Contributes to the on-going development of Vidant's IS project management methodology.
  • Manages IS resource requirements to ensure appropriate balance between operational and project demands. Resolves resource conflicts to satisfy organizational priorities by reallocating and/or supplementing IS resources.
  • Service Delivery. Demonstrates a commitment to customer service by providing responsive and effective support, developing solid working relationships with end user customers, and delivering high quality, value-added services that exceed customer expectations.
  • Promotes the philosophical direction of Vidant IS in the adoption of IT Service Management (ITSM) by managing team compliance with IS governance and ITSM processes and ensuring ITSM subject matter expertise within the team.
  • Direct Identity & Access management related initiatives including but not limited to: account provisioning, role-based access control definitions, access entitlement reviews, and authentication and authorization policy and process efforts.
  • Direct Information Asset Management related initiatives including but not limited to: information asset management standards, information classification scheme, identification of information assets and associated ownership.
  • Interface with Information Technology, clinical, and business areas to identify upstream and downstream dependencies and impacts, specifically to support Identity & Access management and Information Asset Management.
  • Manages day-to-day support of Information Services with other IS Directors/Managers to consistently perform at or better than defined service level commitments. Performs root cause analysis (SBAR) on incidents to identify opportunities to prevent future occurrences.
  • Maintains systems to industry standards and vendor contractual requirements to minimize business disruptions associated with incidents and/or unscheduled downtime. Manage all stages of system upgrade processes including design, testing, training requirements, procedures, new support requirements, documentation, and production turnover.
  • Applies rigorous testing and quality assurance techniques to all system changes and strictly adhere to Change Control processes.
  • Conducts and/or coordinates post-implementation audits to ensure that application systems and technologies are fully and appropriately utilized. In collaboration with business partners, design and implement system enhancements to meet dynamically changing business requirements and take advantage of on-going vendor supplied system enhancements.
  • Develops and maintains a culture that promotes service excellence and employee empowerment to act in the best interest of IS customers who are directly caring for our patients.
  • Participates in the annual external financial audit of security and controls and annual IS risk assessment across the health system. Participates in internal audits, as appropriate, as identified in the annual audit plan. Develops and implements action plans to address any gaps identified during the audit process.
  • Participates in the development and annual testing of Vidant Health's disaster recovery plan to ensure the plans are current and effective.
  • Talent Management. Demonstrates a commitment to employee professional development by providing opportunities for assuming new and varied responsibilities, training and development, and coaching and mentoring by management and staff.
  • Recruits and develops IS staff to create a high-performing organization capable of supporting current systems while developing new skills needed to transform the IS organization and leverage next generation technologies.
  • Provides promotional and career development opportunities for IS employees within a system that includes career paths, succession planning, and on-the-job training opportunities.
  • Conducts regular performance appraisals and recommends appropriate personnel actions.
  • Provides effective on-boarding and on-going coaching, mentoring, and feedback to improve performance, foster personal growth, and let employees know they are valued.
  • Creates a team oriented, professional work environment providing the requisite challenges to retain talented IS professionals.
  • Contributes to the design of recognition systems that reward employees for their contributions.
  • Demonstrates a commitment to personal development by maintaining professional knowledge of current trends and developments in the information technology and health care industries through related seminars, independent study, professional associations, and conferences.
  • Financial Management. Demonstrates a commitment to the effective utilization of IS human and financial resources by developing and monitoring capital and operating budgets and a multi-year financial plan to support the IS Strategic Plan.
  • Identifies opportunities to leverage economies of scale and drive efficiencies to manage overall operating costs balancing business requirements with Vidant Health financial targets.
  • Develops a total cost of ownership (TCO) for all new and replacement systems securing business commitment to the onetime and on-going costs and identifying budgetary implications in the current and future fiscal years.

Minimum Requirements

  • Bachelor's degree in healthcare, computer technology, information management or related field required. Master's degree desirable.
  • Major certification such as: CISSP, CISM, CISA, GIAC, CBCP, or CGEIT is required.
  • Technical vender engineering level certifications are desired.


  • Three to five years of experience in IS security program management, with a strong operational background and proven track record of accomplishments in Information Services within a large, complex, multi-location organization.
  • Must have a mastery of IS control requirements and be able to leverage their experience to work through technical issues to help mitigate business risks.
  • Demonstrated track record implementing and uccessfully leading (often through work products) an IS security program to align with such frameworks as ISO27002, COBIT, or HITRUST program is required.
  • Extensive experience in building and supporting complex Identity and Access Management and Governance programs is required.
  • Seasoned professional with health care experience that has a deep understanding of health care operations as well as the current business issues and trends influencing health care providers is desired, but not required.

General Statement

It is the goal of Vidant Health and its entities to employ the most qualified individual who best matches the requirements for the vacant position.

Offers of employment are subject to successful completion of all pre-employment screenings, which may include an occupational health screening, criminal record check, education, reference, and licensure verification.

We value diversity and are proud to be an equal opportunity employer.   Decisions of employment are made based on business needs, job requirements and applicant’s qualifications without regard to race, color, religion, gender, national origin, disability status, protected veteran status, genetic information and testing, family and medical leave, sexual orientation, gender identity or expression or any other status protected by law. We prohibit retaliation against individuals who bring forth any complaint, orally or in writing, to the employer, or against any individuals who assist or participate in the investigation of any complaint.


Share This: