Job Description
Apply now
Job Title:  IT Security Manager
Posting Start Date:  27/08/2025
Job Description: 

IT Security Manager 

Location: US - Hybrid - NYC  

 

Job Summary 

OPEN Health Group is a tech-enabled organization delivering modular, AI-powered solutions across life sciences and healthcare. As the IT Security Manager, you will be responsible for ensuring the confidentiality, integrity, and availability of our systems and data across all global operations. This is a critical cross-functional role charged with managing information security governance, compliance, risk mitigation, and incident response across U.S., U.K., and international requirements. 

You will champion the adoption and continuous improvement of cybersecurity frameworks such as HIPAA, NIST (U.S.), and Cyber Essentials Plus / ISO 27001 (U.K.), while fostering a culture of proactive security awareness and collaboration. You’ll work across business and technical teams to embed security into every phase of solution development and delivery. 

This role plays a critical part in safeguarding corporate data, meeting regulatory obligations, and strengthening our enterprise-wide security resilience. 

 

Essential Duties & Responsibilities 

 

Leading Information Security Governance 

  • Developing, implementing, and managing IT security policies, procedures, and controls aligned with HIPAA, NIST CSF, ISO 27001, and Cyber Essentials. 
  • Maintaining security compliance with regulatory and client-specific requirements across U.S., U.K., and global operations. 

 

Netskope Management and Support 

  • Administering and maintaining the Netskope cloud security platform, ensuring policies are correctly applied across users, devices, and applications. 
  • Monitoring and responding to alerts related to anomalous behavior and shadow IT via Netskope’s CASB and SWG capabilities. 
  • Optimizing policy configurations to balance security, performance, and user experience across global operations. 
  • Supporting troubleshooting, root cause analysis, and resolution of issues related to secure web traffic, application access, and user experience. 

 

CSOC/MSP Security Vendor Management 

  • Managing the relationship with the Cyber Security Operations Center (CSOC)/MSP and support the IT Director in strategic planning, vendor alignment, and service optimization 
  • Overseeing vendor-delivered services including threat monitoring, detection, incident response, and remediation. 
  • Reviewing and validating security alerts, escalations, and recommendations from the CSOC/MSP to ensure timely and effective action. 
  • Conducting regular performance reviews of the vendor, ensuring compliance with SLAs, KPIs, and contractual obligations. 

 

Security Risk Management 

  • Conducting regular threat modeling & risk assessments. 
  • Owning the security risk register and ensuring risks are appropriately mitigated or escalated. 
  • Supporting regular audits and third-party security assessments. 

 

Incident Response & Cyber Defense 

  • Leading incident response planning and execution. 
  • Overseeing phishing simulations, penetration testing, SIEM/EDR monitoring, and intrusion detection systems. 

 

Security Awareness & Training 

  • Driving ongoing employee security training, communications, and simulations to foster a security-first mindset. 
  • Delivering targeted awareness programs for high-risk groups (e.g., executives, developers, client teams). 
  • Collaboration & Security Architecture Oversight 
  • Partnering with engineering, infrastructure, data, and delivery teams to integrate security controls across our systems and services. 
  • Evaluating new technology solutions and vendors from a cybersecurity and data protection perspective. 

 

Data Privacy & Regulatory Support 

  • Collaborating with legal and compliance teams to ensure alignment with data protection regulations such as GDPR and HIPAA. 
  • Supporting client security assessments, data processing agreements, and breach notification protocols. 
  • Reporting & Continuous Improvement 
  • Establishing metrics and dashboards to measure security posture and maturity. 
  • Providing regular updates to executive leadership on security performance, audit findings, and emerging risks. 

 

Experience, Skills, and Qualifications: 

  • 6–10 years of experience in cybersecurity, IT risk, or security engineering roles. 
  • Strong working knowledge of U.S. and U.K. regulatory frameworks including HIPAA, NIST, ISO 27001, Cyber Essentials, and GDPR. 
  • Experience working in Healthcare, Pharma, or an agency environment preferred  
  • Experience managing audits, risk assessments, and third-party security reviews. 
  • Proven ability to lead incident response planning and real-time cyber event management. 
  • Deep understanding of cloud security (Azure, AWS), data encryption, endpoint protection, and identity management. 
  • Familiarity with GRC tools, vulnerability management platforms, and SIEM/EDR solutions. 
  • Excellent communication skills, including experience presenting to senior leadership and external clients. 
  • Certifications preferred: CISSP or CISM  

 

Travel:  

  • 5%   
  • On-site office requirement – 1 Day a week – NYC  
Apply now

About OPEN Health

OPEN Health unites deep scientific knowledge with wide-ranging specialist expertise to unlock possibilities that improve health outcomes and patient wellbeing. Working in partnership with our clients, we embrace our different perspectives and strengths to deliver fresh thinking and solutions that make a difference. 

OPEN Health is a flexible global organization that solves complex healthcare challenges across HEOR and market access, medical communications and creative omnichannel campaigns. 

What we offer:

As a global organization, OPEN Health is committed to supporting our employees and their families through a comprehensive benefits program

·      Competitive pay, generous paid vacation, holidays and more, across all our locations

·      Ongoing training and development opportunities which foster and shape your individual career path

An active and growing commitment to bettering the communities our employees call home through our Corporate Social Responsibility program

The opportunity to thrive in a global, collaborative environment while working every day to improve health outcomes and patient well being

Diverse, inclusive culture that encourages you to bring your whole self to work

If we sound like the sort of business environment in which you would thrive, then we would love to hear from you.

OPEN Health does not discriminate on the basis of race, sex, colour, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.