University of Colorado Medicine (CU Medicine) is the region’s largest and most comprehensive multi-specialty physician group practice. The CU Medicine team delivers business operations, revenue cycle and administrative services to support the patients of over 4,000 University of Colorado School of Medicine physicians and advanced practice providers. These providers bring their unparalleled expertise at the forefront of medicine to deliver trusted, compassionate health care services at primary and specialty care clinics as well as facilities operated by affiliate hospitals of the University of Colorado.

We are seeking a highly motivated ITS Security Program Manager to join our ITS team.

Preference will be given to candidates that reside in Colorado, although out of state candidates will be considered.

The ITS Security Program Manager will provide program oversight and analysis for Security which includes the development, maintenance, and administration of the CU Medicine Information Security program.

Essential Duties

• Oversee the development, implementation, administration, and continuous maturity of the enterprise Information Security Program in support of organizational and healthcare regulatory requirements.
• Lead and coordinate management-directed information security initiatives, including but not limited to HIPAA, SOC 2, PCI-DSS, phishing awareness, and security training programs.
• Serve as a primary liaison for security audits, risk assessments, and certifications, coordinating with internal stakeholders, external auditors, and regulatory bodies.
• Develop, maintain, and enforce Information Security policies, procedures, standards, and controls to ensure compliance with applicable laws, regulations, and industry frameworks.
• Identify, assess, and document Information Security risks and vulnerabilities, recommending mitigation strategies aligned with business objectives.
• Collaborate with IT, compliance, legal, and business teams to implement risk mitigation strategies and improve the organization’s security posture.
• Participate in and support the enterprise Security Risk Assessment process, including evaluating the effectiveness of existing controls and recommending enhancements.
• Evaluate the adequacy of controls and corrective actions; identify alternative safeguards when necessary to reduce residual risk.
• Prepare and present security program updates, metrics, and risk information to internal audiences at all organizational levels, including leadership.
• Assist with the development and maintenance of disaster recovery and business continuity policies and standards, ensuring alignment with organizational resilience goals.
• Research, evaluate, and recommend technologies and processes for the prevention, detection, containment, and remediation of data security incidents and breaches.
• Stay current on emerging threats, healthcare security trends, regulatory changes, and industry best practices, adjusting program strategies as needed.
• Provide guidance and consultation to users and teams regarding security requirements, procedures, and best practices.
• Assist in prioritizing security initiatives, managing workload, and providing PMO support when required.

Requirements

• Bachelor’s degree required, MBA or Graduate Degree highly preferred

• 5+ years of experience in an IT Security or Information Technology Services (ITS) environment, preferably within a healthcare or regulated industry.
• Strong working knowledge of information security principles, frameworks, regulations, and best practices, including HIPAA, SOC 2, PCI-DSS, and NIST.
• Broad understanding of IT systems, applications, infrastructure, and cloud technologies.
• Strong project and program management skills, with the ability to manage multiple initiatives simultaneously.

All applications MUST be submitted via our website. In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.

CU Medicine is an Equal Opportunity Employer and complies with all applicable federal, state, and local laws governing non-discrimination in employment. We are committed to creating a workplace where all individuals are treated with respect and dignity, and we encourage individuals from all backgrounds to apply, including protected veterans and individuals with disabilities.

CU Medicine is dedicated to ensuring a safe and secure environment for our staff and visitors. To assist in achieving that goal, we conduct background investigations for all prospective employees prior to their employment.

The listed pay range (or hiring rate) represents CU Medicine’s good faith and reasonable estimate of the range of possible compensation at the time of posting and is based on evaluation of competitive market data.

A variety of factors, including but not limited to, internal equity, experience, and education will be considered when determining the final offer.

CU Medicine provides generous leave, health plans and retirement contributions which take your total compensation beyond the number on your paycheck.  Find information about our benefits here.

CU Medicine will post all jobs for a minimum of 7 days or until 250+ applicants have been received (whichever comes first).

CU Medicine supports a Tobacco Free Workplace Environment which prohibits smoking and the use of tobacco products on CU Medicine property, Anschutz Medical Campus and adjacent business locations.