Mgr-Cybersecurity Operations

York, PA | Information Systems and Technical Support | Tracking Code: 65039

General Summary:

Under the general supervision of the Director-Information Security, provides strategic direction and guidance for the overall cybersecurity operations. Oversees and manages day to day output and functions, develops life cycle planning for protection, detection analysis and incident response for all enterprise cybersecurity technology operations. Provides and manages all sustainment functions to support the existing security infrastructure in order to maintain critical services in a safe and secure manner. Oversees and manages operational cybersecurity staff, whose role it is to monitor security capabilities, perform detection analysis, event management, tech support and incident response.  Is also responsible for the Information Assurance staff, whose roles include the identification, documentation, and mitigation of risks associated with losses related to patient safety, finance, strategy/reputation, technology, regulatory/legal, and fortuitous loss associated with ongoing operations.   Works closely with the Director-Information Security to identify non-compliance with information security policies and directives and to support information security strategy. Works collaboratively with the Manager-Cybersecurity Engineering to identify, develop and implement security solutions to mitigate threats and to take action in a tactical situation to increase defenses.  Enforces IS security controls, safeguards and policies and procedures in accordance with regulatory requirements.  Coordinates with peers in organizations outside of WellSpan to form relationships to share incident activity and enhance strategic and tactical protection posture.

Duties and Responsibilities:


  1. Coordinate, measure and report on the technical aspects of security management.
  2. Manage and coordinate operational components of incident management, including detection, response and reporting.
  3. Maintain a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.
  4. Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
  5. Performs project management functions and leads diverse operational teams in provision of a new service.
  6. Responsible for developing and maintaining the cybersecurity incident response plan.
  7. Leads and performs incident command responsibilities during an IS Security incident.
  8. Oversees all monitoring, analysis, event management and escalation.
  9. Oversees third party risk management program responsibilities.
  10. Oversees IS policy review and creation, as needed.
  11. Oversees cybersecurity training and awareness efforts.
  12. Provides all sustainment functions to maintain security infrastructure to include break/fix, emergency services, engineering support, performance and availability monitoring, capacity and reliability analysis, provisioning and sustainment project planning and execution.
  13. Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.
  14. Assist and guide the disaster recovery planning team in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plans.
  15. Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
  16. Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks.



Note:                                      Other combinations of formal education, training and experience may be considered.


Minimum Education               Bachelor's Degree in Information Technology Engineering Science (e.g., Security, Networking, IT, etc.) or Computer Science


Minimum Experience              5+ years IS or cybersecurity experience with 2+ years of supervisory experience.


Preferred Experience            Prior experience in banking, government or healthcare cybersecurity procedures, matrix management and cross-project or cross-functional integration


Pref Cert/Registration           CISSP and/or other certifications


James Kane
James Kane
Sr. Talent Acquisition Consultant
Similar Opportunities

Why WellSpan Health?

WellSpan Health is an integrated health system that serves the communities of central Pennsylvania and northern Maryland. The organization comprises a multispecialty medical group of more than 1,600 physicians and advanced practice providers, a regional behavioral health organization, a home care organization, eight respected hospitals, more than 20,000 employees and 200 patient care locations. WellSpan is a charitable, mission-driven organization committed to exceptional care for all, lifelong wellness and healthy communities. We are committed to transforming the health of the communities we serve and to educating the next generation of clinicians, staff and leaders.

Employment Benefits

  • Sign-on incentives for new employees (click here for details)
  • Medical, dental and vision insurance
  • Life and accidental death insurance
  • Supplemental life insurance
  • Retirement savings plan
  • Paid time off (PTO)
  • PTO bridging
  • Short-term disability
  • Educational assistance
  • Forgivable loan
  • Flexible spending
  • Credit union
  • Employee recreational activities
  • Childcare
  • Complimentary medicine discounts

Diversity & Inclusion

Welcome. Respect. Value.

Wellspan Health believes that diversity includes all the human characteristics that make each of us similar as well as different. We strive to make every person feel welcomed, respected, and valued while creating a safe and inclusive environment where we all have the individual freedom to express our uniqueness in a respectful manner.

WellSpan Health is an equal opportunity employer. Employment selection and related decisions are made without regard to sex, race, age, disability, religion, national origin, color or any other protected class. WellSpan Health does, however, have a tobacco-free/nicotine-free hiring policy.

Quality of Life

Founded in 1741, the city of York is considered by many as the first capital of the United States. The Articles of Confederation were signed by the Second Continental Congress here in 1777. Its beautifully restored historic district is an architectural treasure. While York retains its farming and manufacturing heritage, at its heart York is a thriving cultural community that has attracted creative talent and innovative entrepreneurial investors from across the nation.

Life in York County offers affordable housing, options for higher education, a thriving arts and cultural community, historical attractions, parks and recreational resources, semi-professional baseball team, fine dining and more — within an easy drive of major East Coast cities.

York County residents can find local employment in healthcare, manufacturing, technology, agricultural and service sectors. (Patient population: 445,000)