Information Security Manager (EPIC)

New York, NY

Full Time
Planned Parenthood logo
Planned Parenthood
Apply now Apply later

Posted 1 month ago

Planned Parenthood Federation of America (PPFA) is the national umbrella organization for the nation’s leading network of women’s health care providers, educators, and advocates, serving women, men, teens and families. Planned Parenthood Action Fund is the advocacy and political arm of PPFA. For over 100 years, Planned Parenthood has done more than any other organization in the United States to improve women’s health and safety, prevent unintended pregnancies, and advance the right and ability of individuals and families to make informed and responsible health care decisions.
Planned Parenthood Federation of America (PPFA) seeks a dynamic and effective InformationSecurity Manager. This job reports directly to the Sr. Director of Security Architecture in theInformation Security division of PPFA. The Office of Information Security provides the strategyand implementation of the information security program that safeguards the data entrusted toPlanned Parenthood by its patients, supporters, donors, and staff.


  • The Epic InfoSec Manager is responsible for PP Epic Systems Information Security with the goal of protecting the data entrusted to PPFA. This position provides InfoSec monitoring, event investigation, and analysis while reporting to PPFA management on appropriate mitigations to reduce risk.


  • The Epic InfoSec Manager will identify, implement, and maintain InfoSec toolsets to appropriately protect PP.
  • Collaborate with the various Epic support teams to report on the health of the PP Epic environment
  • Routinely performs control self-assessments on the Epic Software Environment
  • Attests to the function of the information security controls on an annual basis.
  • Manage special information security projects such as planning upgrades, enhancements, and testing.
  • Ensure systems security and integrity of the PP data complies with federal and local laws
  • Security Monitoring - working with the MSSP, provide security monitoring oversight through threat/risk analysis in a 24/7 environment
  • Event Investigation & Assignment – Monitor & ensure established processes are followed for collecting relevant data and performing the necessary levels of analysis on that data occur. Ensure events are assigned appropriately.
  • Assist in creating and maintaining InfoSec Standard Operating Procedures and provide recommendations on information security process improvements
  • Assist in Vulnerability Assessments prioritization, reporting and remediations working with Operations staff and corporate vendors as needed in correcting errors and alerts as found with the IT infrastructure systems.
  • Report weekly KPI/KRI to management on the health of the environment


  • The Epic Security Engineer will engage with InfoSecOps, the MSSP, and staff within both PPFA and Affiliates.
  • Strong communication skills to provide support directly to all levels of management and staff.
  • Comfortable interacting with both executive and general staff, and communicating with both technical and non-technical audiences.
  • Comfortable interacting directly and supporting Affiliate management and staff
  • Work closely with the PPFA InfoSec team to establish prevention, detection and mitigation techniques
  • Work closely with the MSSP proactively in day-to-day SOC operations and SIEM oversight
  • Independent decision-making capabilities, especially in identifying analysis tracks for escalated events, analysis assignments, and escalation decisions ranging from a base
  • Tier I event to Incident Response level remediations.

Knowledge, Skills and Abilities (KSAs)

  • (Required) 2+ years of Epic Security experience
  • Bachelor’s degree
  • Preferred Industry Certification: Epic Security Certification, CISM, CISSP
  • Experience in compliance requirements and industry standards like PCI, HIPAA, ISO 27001, NIST, CSF, ITIL, COBIT, Sarbanes Oxley and SANS 20.
  • UNIX, AIX & Solaris, Linux, Windows Server Operating Systems
  • Security Information and Event Management (SIEM)
  • Vulnerability scanner/Penetration testing systems
  • Switches/Routers, Firewalls (basic configuration)
  • TCP/IP networking, VPN, VLAN, NAT and security concepts
  • Software & Hardware Asset Management
  • Security threat and attack countermeasures
  • Ability to assist in IR incidents as assigned by management
  • Ability to conduct forensic analytical studies and investigations
  • Ability to work in a matrixed environment
Travel : 0-25% as needed
PPFA participates in the E-Verify program. We are an equal opportunity employer and are committed to maintaining a non-discriminatory work environment. PPFA does not discriminate against any employee or applicant for employment on the basis of race, color, religion, sex, national origin, age, disability, veteran status, marital status, sexual orientation, gender identity, or any other characteristic protected by applicable law.  We're committed to creating a dynamic work environment that values diversity and inclusion, respect and integrity, customer focus, and innovation.
Job tags: Architecture CISM CISSP CoBIT Incident response ISO 27001 Linux NIST PCI Penetration testing SANS SIEM Solaris TCP/IP Unix Windows