Information Security Manager - Security Operations Center

Join a worldclass academic healthcare system UChicago Medicine as an Information Security Manager Security Operations Centerin our Information Security department. This position will be primarily a work from home opportunity with the requirement to come onsite once a week to our Darien office. You will need to be based in the greater Chicagoland area.

This position will oversee and enhance security operations by managing the Security Information and Event Management (SIEM) and Security Orchestration and Automation Response (SOAR) system managing threat hunting efforts managing the relationship with an outsourced security services provider and helping to build and manage an internal security operations center. This role will be responsible for ensuring our security monitoring detection and response capabilities are robust efficient and continuously evolving to meet emerging threats.

Essential Job Functions

• Lead the administration tuning and optimization of the Security Information Event Monitoring and Security Orchestration and Automation Response tool to ensure effective threat detection and response.

• Monitor the performance of the vendor providing Security Operations Center services and ensure proper integration of security data sources and data integrity.

• Assist in building an internally based Security Operations Center.

• Manage and support staff on response to incidents and threathunting activities to detect advanced persistent threats and hidden adversaries.

• Work with security teams to investigate security incidents identify root causes and recommend the implementation of mitigations.

• Develop and implement SIEM and SOAR use cases correlation rules and log management strategies.

• Serve as an escalation point team mentor and advisor to leadership on threatbased activities response to incidents and vendor performance.

• Scrutinize enhance and improve current processes and their associated procedures and playbooks.

• Manage between 310 people.

• Other duties as assigned.

Required Qualifications

• Bachelors degree from an accredited college or university

• 5 years of experience in security operations threat detection and/or incident response

• Minimum of at least 2 years of work experience in an Information Security Operations Center or equivalent experience

• Prior experience managing a security team and/or mentoring security analysts

• Experience working with managed security service providers (MSSPs) or thirdparty security vendors

• Security certifications or ability to obtain within 2 years such as CISSP GIAC (GCIH GCIA GCFA) CEH or equivalent

• Deep understanding of the Google Chronicle or similar SIEM and SOAR platform including rule creation log ingestion tuning and alert triage

• Handson experience with EDR XDR SOAR platforms vulnerability scanners and endpoint protection

• Proficiency in scripting (e.g. PowerShell Python) for automation and custom alerting/playbook development

• Familiarity with security monitoring in cloud environments (preferably Microsoft Azure) including log sources and native tools

• Knowledge of threat hunting methodologies anomaly detection and familiarity with threat intel feeds

• Skilled in managing and coordinating response to security incidents including containment eradication and recovery

• Ability to analyze logs from firewalls endpoints IDS/IPS and cloud environments to identify threats

• Strong knowledge of threat intelligence adversary tactics and cybersecurity frameworks (MITRE ATT&CK NIST CIS etc.)

• Excellent written and verbal communication skills and the ability to collaborate across teams

Preferred Qualifications

• Masters degree

• Knowledge of HIPAA and other health related regulations

• Academic medical center and/or health care consulting experience

Position Details

• Job Type/FTE:Full Time (1.0 FTE)

• Shift: Days

• Location: Flexible (Darien)

• Unit/Department: Information Security Office

• CBA Code: NonUnion

Weve been at the forefront of medicine since 1899. We provide superior healthcare with compassion always mindful that each patient is a person an individual. To accomplish this we need employees with passion talent and commitment with patients and with each other. Were in this together: working to advance medical innovation serve the health needs of the community and move our collective knowledge forward. If youd like to add enriching human life to your profile UChicago Medicine is for you. Here at the forefront were doing work that really matters. Join us. Bring your passion.

UChicago Medicine is growing; discover how you can be a part of this pursuit of excellence at:UChicago Medicine Career Opportunities.

UChicago Medicine is an equal opportunity employer. We evaluate qualified applicants without regard to race color ethnicity ancestry sex sexual orientation gender identity marital status civil union status parental status religion national origin age disability veteran status and other legally protected characteristics.

Must comply with UChicago Medicines COVID19 Vaccination requirement as a condition of employment. If you have already received the vaccination you must provide proof as part of the preemployment process. This is in addition to your compliance with the Flu Vaccination requirement as well. Medical and religious exemptions will be considered consistent with applicable law. Lastly a preemployment physical drug screening and background check are also required for all employees prior to hire.

Compensation & Benefits Overview

UChicago Medicine is committed to transparency in compensation and benefits. The pay range provided reflects the anticipated wage or salary reasonably expected to be offered for the position.

The pay range is based on a fulltime equivalent (1.0 FTE) and is reflective of current market data reviewed on an annual basis. Compensation offered at the time of hire will vary based on candidate qualifications and experience and organizational considerations such as internal equity. Pay ranges for employees subject to Collective Bargaining Agreements are negotiated by the medical center and their respective union.

Review the full complement of benefit options for eligible roles at Benefits UChicago Medicine.