Security Operations Manager

Job Details

Job Location: USA Remote Nashville, TN

Position Type: Full Time

Education Level: 4 Year Degree

Salary Range: Undisclosed

Travel Percentage: None

Job Shift: Day

Job Category: Information Security Services

Description

As the #1 advisor for developing and empowering people to deliver the highest quality care, HealthStream’s brands include bestinclass apps, software, and specialized solutions. Over the last 30+ years, our Company has remained committed to solving big problems and growing into new product lines, including VerityStream, scheduling and capacity management apps, and more. We are constantly innovating and finding new ways to positively impact healthcare organizations.

What does our valuesbased culture offer you?

• A collaborative work environment
• A missionoriented mindset
• Workfromhome flexibility
• A chance to grow your career

• All our HealthStreamers share a common vision: to improve the quality of healthcare by developing the people who deliver care. For over 30 years, we have remained committed to providing effective solutions through innovation and constant growth. Today, we offer a unified suite of products to streamline scheduling, credentialing, training and learning management, workforce development, and other key areas in the healthcare industry. We provide recurring value and, as a HealthStreamer, you will be at the forefront of healthcare technology innovation!

  We offer workfromhome flexibility as part of our hybrid workplace policy. Our three Resource Centers (located in Nashville, TN; Boulder, CO; and San Diego, CA) are available for scheduled inperson events or assigned workspaces for those who want to work in the office. Remote team members also have access to flexible space scheduling for occasional use.

  We encourage collaboration and commit to growth for our entire team. Our thriving culture allows our team members to continuously solve big problems, and we value these contributions. If you want to work for a company committed to its values and vision, HealthStream is the place for you!

  The Team You Will Be Supporting:

  At HealthStream we provide healthcare organizations:

  • Transformative credentialing
  • Enrollment
  • Privileging
  • Evaluation solutions

  • We make sure patients receive competent care from qualified people. As a HealthStream team member, you would help this vision come to life. We pride ourselves on being a community where you can both build your career and take time away to fulfill your life goals and commitments.

    Your Role As a HealthStreamer

    Position Summary

    We are seeking a strategic, handson, and technically proficient Security Operations Manager to lead our Threat and Vulnerability Management (TVM) and Application Security (AppSec) functions within a dynamic, highly regulated healthcare IT environment. This role will also oversee broader Security Operations Center (SOC) activities and act as the single point of contact for organizational security issues.

    The ideal candidate will be responsible for managing daytoday security operations, driving security initiatives, executing enterprisewide vulnerability management programs, and enabling secure software development practices. You will work closely with crossfunctional teams including engineering, DevOps, GRC, infrastructure, and compliance teams, while promoting a culture of securityfirst thinking across the organization.

    This leadership role requires advanced experience in incident response, architecture, security tools management, compliance frameworks, team management, and thought leadership in shaping enterprisewide security strategy.

    ---

    Key Responsibilities

    Leadership & Strategy

    • Lead, mentor, and develop security analysts, engineers, architects, and administrators across Threat & Vulnerability Management, Application Security, and Security Operations.
    • Build formal security programs by identifying security champions and embedding security into other departments and workflows.
    • Promote and help execute the longterm security roadmap, collaborating with executive leadership to align security initiatives with business objectives.
    • Participate in the development of an overarching Information Security Program and Security Operations Procedures.

    • Security Operations

      • Direct daily SOC operations including alert triage, monitoring, incident response, and escalation workflows.
      • Work with teams to optimize SIEM alerts, and ensure appropriate oncall coverage. Act as backup for 247 oncall rotation.
      • Manage daytoday security threats, tools, and response strategies across all platforms.
      • Facilitate the integration of security tools (e.g., firewalls, IDSIPS, endpoint protection, antivirus, encryption platforms).

      • Threat & Vulnerability Management

        • Oversee the endtoend vulnerability management lifecycle – from scanning and prioritization to remediation and reporting.
        • Participate in regular vulnerability assessments, thirdparty penetration testing, and red teamblue team exercises.
        • Mature the TVM program through automation, metrics, and crossfunctional remediation processes.
        • Provide vulnerability and risk assessment input to the GRC and Infrastructure teams.
        • Ensure timely and effective remediation through collaboration with system owners and application teams.

        • Application Security & DevSecOps

          • Lead Appsec team to help with integration of Secure SDLC practices and scanning tools (SAST, DAST, IAST) into CICD pipelines.
          • Conduct manual and automated code reviews and facilitate threat modeling and security architecture reviews.
          • Lead secure coding training and awareness efforts across development teams.
          • Manage API security reviews and mitigate applicationlevel vulnerabilities.

          • Incident Management & Risk Response

            • Own and enhance Incident Response (IR) processes, including playbooks, tabletop exercises, and afteraction reports (SIRs).
            • Manage the full incident lifecycle, including breach response and reporting to executive leadership.
            • Serve as a key contact for internal stakeholders and third parties during security incidents and audits.

            • Governance, Risk & Compliance

              • Ensure adherence to regulatory and industry standards (HIPAA, HITRUST, NIST CSF, ISO, CIS, COBIT, TXRAMP, FedRAMP).
              • Contribute to internal and external audits, risk assessments, and compliance initiatives.
              • Translate compliance and policy requirements into actionable security controls.
              • Develop and maintain documentation for training, auditing and reporting (adding to policies, procedures, reports, awareness materials).

              • Qualifications

                
                

                What You Will Need to Be Successful

                Education, Experience and Knowledge Required:

                • Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience).
                • 7+ years in cybersecurity, including at least 3 years in a management or leadership capacity.
                • Proven experience leading Threat and Vulnerability Management, Security Operations, andor Application Security teams.
                • Strong working knowledge of:
                  • Security frameworks (e.g., NIST, OWASP, CIS, COBIT, ISO, PCI).
                  • IAM, Zero Trust architecture, JIT access.
                  • Infrastructure security (onpremises, AWSAzure, containers).
                  • Security tools (SIEMs, vulnerability scanners, code analysis tools).
                  • Technical platforms: Microsoft, LinuxUnix, Infrastructure as Code (Terraform, etc.).
                  • • Experience managing and participating in incident response and recovery.

                    • Preferred:

                      • Relevant certifications such as CISSP, CISM, GWAPT, OSCP, or similar.
                      • Familiarity with HITRUST, TXRAMPFedRAMP security frameworks.
                      • Experience with endpoint detection and response (EDR), SSO, MFA, ESO integrations.
                      • Understanding of secure DevOps and cloudnative best security practices.

                      • ---

                        Skills and Competencies:

                        • Strong leadership and project management skills with the ability to deliver results across multiple teams.
                        • Excellent verbalwritten communication and stakeholder management skills.
                        • Proven ability to influence security culture through education and evangelism.
                        • Highly organized with exceptional time management, analytical thinking, and problemsolving skills.
                        • Ability to assess and address complex security problems using both strategic and tactical approaches.
                        • Continuous learner who stays current with evolving cybersecurity trends, threats, and technologies.
                          

                        • Benefits

                          HealthStream offers a comprehensive benefits package to eligible employees, including:

                          • Medical, Dental and Vision insurance
                          • • Paid Time Off
                            • Parental Leave
                            • • 401k and Roth
                              • Flexible Spending Account
                              • Health Savings Account
                              • Life Insurance
                              • Short and LongTerm Disability
                              • • Medical Bridge Insurance
                                • Critical Illness Insurance
                                • Accident Insurance
                                • Identity Protection
                                • Legal Protection
                                • • Pet Insurance
                                  • Employee Assistance Program
                                  • Fitness Reimbursement

                                  • Be a HealthStreamer!