Information Security Manager

Position Summary

The Information Security Manager supports The George Washington University Medical Faculty Associates (GW MFA) by identifying, assessing, and mitigating risks to data, systems, and technology environments that enable clinical care, academic medicine, research, and administrative operations. This role partners closely with internal teams, leadership, vendors, and affiliates to strengthen IT governance, risk management, and compliance practices across the organization.

This is a hands-on role requiring experience implementing, configuring, optimizing, and maintaining security tools, as well as collaborating with technical and business stakeholders to design and support secure solutions across evolving technologies. The position plays a critical role in protecting patient data, supporting regulatory compliance, and advancing MFA's security posture in a complex healthcare environment.

Key Responsibilities

• Conduct comprehensive security and third-party risk assessments to ensure initiatives align with MFA policies, standards, and regulatory requirements, including HIPAA, HITRUST, HITECH, and other applicable healthcare regulations
• Identify risks and recommend remediation strategies using risk-based prioritization, mitigating controls, and continuous improvement methodologies
• Evaluate, develop, and recommend information security assessment tools, processes, and techniques
• Develop and deliver HIPAA security training and awareness programs
• Collaborate with internal stakeholders to identify, track, manage, and report security risks
• Build, enhance, and support security operations capabilities, including monitoring and response
• Develop, implement, and maintain security policies, standards, and procedures to support enterprise-wide risk mitigation
• Contribute to and maintain best practices, methodologies, documentation, and templates
• Support and coordinate compliance-focused programs and initiatives across the organization
• Mentor and support team members on information security practices and standards
• Support environments that include hybrid on-premises infrastructure, cloud platforms, and SaaS solutions
• Participate in a 24x7 on-call rotation for Information Security
• Perform other duties as assigned that are consistent with the role and organizational needs

Qualifications

Education

• Bachelor's degree in Computer Science, Information Security, or a related field preferred
• Equivalent combination of education and relevant experience will be considered

Certifications (Preferred)

• CISSP
• CISM
• CISA
• SANS certifications
• Security+

Experience

• Working knowledge of HIPAA Security Rule, NIST Cybersecurity Framework, and PCI requirements
• Understanding of information security frameworks and industry best practices
• Experience supporting enterprise security operations
• Experience working in virtualized and cloud environments
• Familiarity with Electronic Health Record (EHR) systems, PACS, and connected medical devices
• Hands-on experience implementing, operating, and maintaining security tools and technologies
• Ability to independently manage security assessments and security-related projects
• Change management and project management experience preferred

Core Competencies

• Strong understanding of IT infrastructure, including hardware, software, networking, and security concepts
• Proven ability to handle sensitive and confidential information with discretion and integrity
• Self-motivated, proactive, and able to work independently with minimal supervision
• Excellent verbal and written communication skills, including the ability to document technical concepts clearly
• Strong interpersonal skills with the ability to collaborate across diverse teams and backgrounds
• Demonstrated adaptability, flexibility, and sound judgment in dynamic environments
• Commitment to professionalism, respect, and inclusion in all working relationships

Why GW MFA

GW Medical Faculty Associates is a mission-driven academic medical organization committed to advancing patient care, education, and research. Joining MFA means contributing to a collaborative environment where technology and security directly support patient outcomes, innovation, and public trust.