Title: Cybersecurity Program Manager

Location: San Diego, CA

Length: 6 months, likely extension

Primary Duties & Responsibilities –

• Stakeholder Management – ability to build positive relationships with stakeholders, mapping of stakeholder motivators and sentiments, ability to translate stakeholder feedback into actions, ability to align goals and strategy across a matrixed environment.
• Executive Level Presentation Skills – ability to prepare presentation material for an executive audience, confident presentation and communications, ability to facilitate executive stakeholders, ability to drive results from executive meetings.
• Accountability – willingness to own a strategy and execution, including the need to drive continuous improvement and advancement.
• Business Acumen – understanding of healthcare as a business, ability to define and monitor metrics, deep understanding of hospital procurement processes, basic understanding of hospital finances, ability to tie program metrics to hospital metrics.
• Translation of Data into Strategy – ability to develop core components of a robust strategy with minimal direction, connection of data evidence & outcomes to progress towards a defined goal, adjust strategy based on data, identify opportunities for improvement or pivot.
• Audit & Performance Improvement – familiarity with technical audit protocols and best-practices, ability to effectively manage audit process, translation of audit findings into overall audit results, ability to assess audit artifacts and evidence, communication of audit results, development of corrective action plans.

Responsibilities:

• Oversees the implementation and sustainment of a highly complex cybersecurity program in alignment with the Sodexo enterprise cybersecurity strategy.
• Leads stakeholder engagement through various hospital leaders such as IT, Security, Clinical Executives, Quality, and Internal Audit.
• Is accountable for meeting and reporting on program metrics and KPIs as defined by the customer and the enterprise cybersecurity strategy.
• Maintains clear alignment to the Director of Cybersecurity and escalates risks or blockers as appropriate. May be responsible for assembling teams, assigning individual responsibilities, identifying appropriate resource needs, and developing schedules to ensure timely completion of program initiatives.

Program Management - 60%

• Leads regular engagement with key hospital leaders in IT and Information Security.
• Sets expectations with hospital leaders through formal Stakeholder Management.
• Manages changes to process and workflow through formal Change Management.
• Engages with enterprise Director of Cybersecurity to align on central cybersecurity strategy.
• Provides thought leadership in the development of enterprise cybersecurity strategy.
• Builds roadmap for implementing cybersecurity strategy within their account or facility.
• Manages KPIs in alignment with customer expectations and central cybersecurity strategy.
• Leads the monitoring and reporting of program performance against defined KPIs.
• Identifies risks and blockers for escalation to enterprise cybersecurity teams.
• Leads resource (HR) management and team development to achieve program objectives.

Technical Support - 20%

• Maintains familiarity with emerging cybersecurity trends.
• Advises on cybersecurity strategies for the hospital as it pertains to medical devices.
• Provides support of urgent cybersecurity activities such as response to zero-day vulnerabilities.

Training - 10%

• Leads HTM cybersecurity education & awareness for hospital leadership as needed.
• Evaluates cybersecurity competencies of HTM staff and identifies gaps.
• Participates in industry cybersecurity workgroups and forums as representative of Sodexo.
• Completes mandatory technical and non-technical training.

Regulatory and Compliance - 10%

• Leads the completion of local cybersecurity audits using enterprise cybersecurity guidelines.
• Supports hospital audits involving cybersecurity, including HIPAA and Joint Commission.
• Supports enterprise cybersecurity audits in alignment with enterprise leadership.
• Develops remediation plans for any audit findings related to cybersecurity.
• Oversees completion of remediation plans within a timely manner.