Search
Header navigation
IT Security Manager-FT-Information Services-Provo

IT Security Manager-FT-Information Services-Provo

Revere Health
locationProvo, UT, USA
PublishedPublished: 11/18/2025
Public Services
Full Time

At Revere Health, we believe there is a better path to healing and healthcare maintenance, and we’re working on this mission—one patient at a time. We’re a national leader in a movement called value-base care which aims to improve treatment outcomes and keep costs down. Our internal culture is one that promotes respect and consistently recognizes the impact that individual employees have on the mission of the organization.

Position Summary

As the IT Security Manager, you will play a central role in protecting our patients, providers, and business by turning our security strategy into day-to-day execution. Working under the direction of the Director of IT & Security and in close collaboration with external vCISO/MSSP partners, you will operationalize our security program and help mature our capabilities across identity and access management (IAM), data protection, third-party risk, business continuity and disaster recovery (BC/DR), secure SDLC, incident response, and technical security controls. You will join a highly collaborative ITS team that is continuously striving to increase operational maturity and effectiveness. This role is ideal for a confident, self‑motivated professional with strong curiosity, learning agility, initiative, communication skills, and organizational discipline. You will also have the opportunity to mentor and develop the next generation of IT and security professionals at Revere Health.

Essential Job Functions

In this role, you will:

  • Execute the Security Program
    • Translate security program plans into actionable projects and workstreams.
    • Develop realistic schedules, track milestones, risks, and deliverables.
    • Run regular working sessions and provide clear, concise status reporting.
  • Drive Risk Management and Support Compliance
    • Maintain the risk register in partnership with the Security Compliance function.
    • Coordinate risk treatments with system and business owners and ensure follow-through.
    • Support internal/external audits and respond to security questionnaires from partners and customers.
  • Operationalize Policies, Standards, and Procedures
    • Manage the rollout and adoption of security policies and standards.
    • Ensure practical procedures and runbooks are documented, communicated, and followed.
    • Identify gaps and propose pragmatic improvements to increase operational maturity.
  • Lead Identity and Access Management (IAM) Operations
    • Operationalize joiner/mover/leaver processes, RBAC, quarterly access reviews, and privileged access management.
    • Coordinate MFA/SSO integrations with IT Operations and application owners.
    • Continuously refine IAM processes to support secure, efficient access for clinicians and staff.
  • Advance Data Protection
    • Implement data classification and handling practices that protect PHI and sensitive information.
    • Enforce encryption and key management standards across in-scope systems.
    • Deploy and tune DLP baselines, working closely with business and technology stakeholders.
  • Coordinate Security Operations and Incident Response
    • Serve as the day-to-day liaison to MDR/MSSP partners for monitoring and incident response.
    • Maintain and refine IR playbooks, escalation paths, and contact lists.
    • Coordinate tabletop exercises and after-action reviews to strengthen readiness.
  • Lead Vulnerability and Patch Management Cadence
    • Own the vulnerability management rhythm—scanning, triage, prioritization, and reporting.
    • Partner with Infrastructure and Application teams to drive timely remediation and track SLA adherence.
    • Verify fixes and help teams understand the risk context behind remediation priorities.
  • Support Third-Party Risk Management
    • Partner with Compliance, Procurement, and Legal on vendor intake, tiering, and security due diligence.
    • Help define security requirements for third-party relationships and track remediation follow-up.
    • Ensure our partners’ security practices align with Revere Health’s expectations and obligations.
  • Coordinate BC/DR Exercises
    • Maintain the BC/DR test calendar and related playbooks for critical systems and processes.
    • Coordinate exercises with system owners, capture evidence, and track follow-up actions.
    • Contribute to the resilience of critical clinical and business services.
  • Enable Secure Software Development Lifecycle (SSDLC)
    • Introduce and track minimum security gates (e.g., SAST/DAST/dependency scanning).
    • Partner with development and application leads on remediation SLAs and secure design practices.
    • Help teams build security into solutions that support value-based care and organizational growth.
  • Promote Security Awareness and Develop Talent
    • Coordinate phishing simulations and role-based training in collaboration with Compliance and HR.
    • Define and report KPIs/KRIs to leadership that show progress and highlight focus areas.
    • Mentor and develop the IT Security Analyst and other team members, modeling curiosity, initiative, and professional growth.

Qualifications

Required Qualifications:

  • 5–8+ years of experience in information security, IT risk, or closely related roles.
  • 2–4+ years leading security projects, operational workstreams, or coordination efforts.
  • Experience executing processes in several of the following areas:
    • Identity and access management (IAM)
    • Vulnerability management and patching
    • Incident response and security operations
    • Third-party risk management
    • Business continuity and disaster recovery (BC/DR)
    • Data protection (including PHI)
    • Secure SDLC practices
  • Understanding of the HIPAA Security Rule and PCI DSS; familiarity with frameworks such as NIST CSF or ISO 27001.
  • Strong project management skills, including -planning, dependency management, risk tracking, and active issue resolution.
  • Clear written and verbal communication skills, with the ability to work effectively across IT, clinical, and business stakeholders.

Preferred Qualifications:

  • Bachelor’s degree in Information Security, Information Systems, Computer Science, or a related field.
  • Professional certifications such as CISM, CISSP, CRISC, GCIH, PMP (or equivalent experience).
  • Experience with:
    • MDR/MSSP operating models and partner coordination
    • Healthcare environments or other regulated industries
    • Microsoft 365/Azure security capabilities
    • Cisco security solutions

Core Competencies:

  • Execution and Ownership – Takes initiative, follows through, and delivers.
  • Process Enablement – Turns policy and strategy into workable processes and runbooks.
  • Vendor/Partner Orchestration – Coordinates internal and external resources to achieve shared outcomes.
  • Data-Driven Metrics – Uses KPIs/KRIs to guide prioritization and communicate impact.
  • Clear Communication and Documentation – Explains security concepts in accessible terms and maintains high-quality documentation.
  • Curiosity and Continuous Learning – Seeks to understand how the organization operates and how security can enable its mission.
  • Coaching and Mentorship – Invests in developing the skills and careers of less experienced team members.

Hours

  • Hybrid work model with significant onsite presence to support key initiatives, collaborate with other teams, and participate in critical meetings or exercises.
  • Occasional after-hours coordination may be required to support incident response, maintenance windows, and time-sensitive project work.