MGR IT CYBERSECURITY

Manager of Cybersecurity, IT CybersecurityFull-Time, Day Shift, 80 hours per pay periodCovenant Health Overview:Covenant Health is the region’s top-performing healthcare network with 10hospitals,outpatient and specialtyservices,andCovenant Medical Group, our area’s fastest-growing physician practice division. Headquartered in Knoxville, Covenant Health is a community-owned integrated healthcare delivery system and the area’s largest employer. Our more than 11,000 employees, volunteers, and 1,500 affiliated physicians are dedicated to improving the quality of life for the more than two million patients and families we serve every year. Covenant Health is the only healthcare system in East Tennessee to be named a Forbes “Best Employer” seven times.Position Summary:TheManager of Cybersecurityreports to the Chief Information Security Officer (CISO) and is responsible for overseeing cybersecurity team and operational strategy within Covenant Health. This role ensures Confidentiality, Integrity, and Availability of information assets, particularly sensitive data (PHI). This role also involves driving operational performance while executing on the vision and direction for cybersecurity services. It includes implementing standards and security policies that are maintained, proactive leadership on managing cybersecurity tools and systems, and managing technical implementation projects. The Manager of Cybersecurity has financial and budgetary responsibilities, manages a wide range of vendors and external partners, and personnel management within the cybersecurity area. This position leads and ensures performance management and career development for an extended team of cybersecurity professionals. The role also involves working with the CISO and IT leadership on strategic cybersecurity roadmaps and enhanced collaboration with IT and clinical technology teams (ensuring the security of sensitive data and compliance with HIPAA regulations).Recruiter: Susanna Mcguinn || and provide leadership to all cybersecurity staff, including Security Engineers, Analysts, Incident Responders, and Compliance SpecialistsChange Agent:Support and lead the efforts to change team cultures, dynamics, processes, and technologies that provide modern solutions to the organizationTeam Management:Lead cybersecurity team to ensure performance management and career development. Provide technical leadership and direction, delegate responsibilities appropriately, and identify technical and management development opportunities. Works closely with other leaders throughout IT and the organization to education, inform, and assist their understand and acceptance of Cybersecurity efforts and controls Staff Development:Provide leadership, development, coaching, and guidance to ensure the appropriate departmental developmental goals are set and achievedOngoing Continuous Development:Champion innovative efforts and stay abreast of leading-edge solutions for recruitment, development, and retention of the cybersecurity workforceCybersecurity OperationsOperations Oversight:Oversee the day-to-day operations of cybersecurity measures, including monitoring, detection, and response to security incidentsIncident Response:Lead the incident response team in managing and resolving security breaches and incidentsCompliance:Ensure compliance with HIPAA and other relevant regulations and standardsTechnical Implementation:Lead technical implementation projects related to cybersecurity, creating plans and strategies to meet the needs of the organizationContinuous Improvement:Stay informed about emerging technologies and industry trends, making recommendations for improvementStrategic Planning & Implementation Strategic Planning:Work with the CISO and IT leadership to maintain strategic cybersecurity roadmaps, provide tactical action plans, and ensure optimum planning of cybersecurity projects and resourcesResource Planning:Conduct proactive resource planning based on anticipated demandMilestone Establishment:Establish deliverables and projected milestones for solution delivery in partnership with business leaders and Senior ExecutivesTechnical Roadmap:Lead the development of cybersecurity strategies and technical roadmap, ensuring integration with overall IT and organizational strategiesVendor & Budget Management Vendor Management:Manage relationships with cybersecurity vendors, ensuring that contracts and agreements are in place and that vendor performance meets organizational standardsBudget Management:Develop annual operating budgets and long-term capital budgets for cybersecurity projectsOperational Efficiency Performance Monitoring:Monitor network and systems performance, ensuring availability and reliability. Perform capacity planningService Management:Oversee operational and service management processes to ensure performance of all technology subcontractorsCollaboration & Relationship Building Collaboration:Collaborate with other IT teams and clinical IT teams to ensure alignment and integration of cybersecurity services within the health systemRelationship Building:Develop relationships with key business leaders to identify service gaps and propose solutions. Maintain credibility with key individuals at hospitals and corporate offices, along with Legal, HR, and Privacy/Compliance.Security Awareness & Training Programs Training Programs:Develop and implement security awareness and training programs for employees to ensure they understand and adhere to cybersecurity policies and procedures.Third-Party Risk Management Risk Management:Oversee the assessment and management of cybersecurity risks associated with third-party vendors, partners, and bio-medical devices.Policy Development & Enforcement Policy Development:Develop, implement, and enforce cybersecurity policies, standards, and procedures to ensure compliance with regulatory requirements and industry best practices.Security Architecture & Design Architecture and Design:Lead the design and implementation of secure network architectures and systems to protect sensitive data and ensure the integrity of IT infrastructure.Incident Management & ForensicsIncident Management:Oversee incident management and forensic investigations to identify root causes, mitigate risks, and prevent future incidents.Regulatory Compliance Regulatory Compliance:Ensure compliance with relevant regulations such as HIPAA, HITECH, and other healthcare-specific cybersecurity requirements.Business Continuity & Disaster Recovery Continuity and Recovery:Develop and maintain business continuity and disaster recovery plans to ensure the organization can quickly recover from cybersecurity incidents.Local travel required. Follows policies, procedures, and safety standards. Completes required education assignments annually. Works toward achieving goals and objectives, and participates in quality improvement initiatives as requested.Performs other duties as assigned.Minimum Education: Bachelor's degree or equivalent experience in cybersecurity, information technology, or a related field is required.Minimum Experience: Minimum of five (5) years of technology /IT/security experience with five (5) years leading cybersecurity, within an enterprise-sized organization, is required.Licensure Requirement: None.

Created: 2026-01-16