HealthStream, Inc

Apply for this job

Security Operations Manager (Finance)



As the #1 advisor for developing and empowering people to deliver the highest quality care, HealthStream's brands include best-in-class apps, software, and specialized solutions. Over the last 30+ years, our Company has remained committed to solving big problems and growing into new product lines, including VerityStream, scheduling and capacity management apps, and more. We are constantly innovating and finding new ways to positively impact healthcare organizations.

What does our values-based culture offer you?

  • A collaborative work environment
  • A mission-oriented mindset
  • Work-from-home flexibility
  • A chance to grow your career

All our HealthStreamers share a common vision: to improve the quality of healthcare by developing the people who deliver care. For over 30 years, we have remained committed to providing effective solutions through innovation and constant growth. Today, we offer a unified suite of products to streamline scheduling, credentialing, training and learning management, workforce development, and other key areas in the healthcare industry. We provide recurring value and, as a HealthStreamer, you will be at the forefront of healthcare technology innovation!

We offer work-from-home flexibility as part of our hybrid workplace policy. Our three Resource Centers (located in Nashville, TN; Boulder, CO; and San Diego, CA) are available for scheduled in-person events or assigned workspaces for those who want to work in the office. Remote team members also have access to flexible space scheduling for occasional use.

We encourage collaboration and commit to growth for our entire team. Our thriving culture allows our team members to continuously solve big problems, and we value these contributions. If you want to work for a company committed to its values and vision, HealthStream is the place for you!

The Team You Will Be Supporting:

At HealthStream we provide healthcare organizations:

  • Transformative credentialing
  • Enrollment
  • Privileging
  • Evaluation solutions

We make sure patients receive competent care from qualified people. As a HealthStream team member, you would help this vision come to life. We pride ourselves on being a community where you can both build your career and take time away to fulfill your life goals and commitments.

Your Role As a HealthStreamer

Position Summary

We are seeking a strategic, hands-on, and technically proficient Security Operations Manager to lead our Threat and Vulnerability Management (TVM) and Application Security (AppSec) functions within a dynamic, highly regulated healthcare IT environment. This role will also oversee broader Security Operations Center (SOC) activities and act as the single point of contact for organizational security issues.

The ideal candidate will be responsible for managing day-to-day security operations, driving security initiatives, executing enterprise-wide vulnerability management programs, and enabling secure software development practices. You will work closely with cross-functional teams including engineering, DevOps, GRC, infrastructure, and compliance teams, while promoting a culture of security-first thinking across the organization.

This leadership role requires advanced experience in incident response, architecture, security tools management, compliance frameworks, team management, and thought leadership in shaping enterprise-wide security strategy.

Key Responsibilities

Leadership & Strategy

  • Lead, mentor, and develop security analysts, engineers, architects, and administrators across Threat & Vulnerability Management, Application Security, and Security Operations.
  • Build formal security programs by identifying security champions and embedding security into other departments and workflows.
  • Promote and help execute the long-term security roadmap, collaborating with executive leadership to align security initiatives with business objectives.
  • Participate in the development of an overarching Information Security Program and Security Operations Procedures.

Security Operations
  • Direct daily SOC operations including alert triage, monitoring, incident response, and escalation workflows.
  • Work with teams to optimize SIEM alerts, and ensure appropriate on-call coverage. Act as backup for 24/7 on-call rotation.
  • Manage day-to-day security threats, tools, and response strategies across all platforms.
  • Facilitate the integration of security tools (e.g., firewalls, IDS/IPS, endpoint protection, anti-virus, encryption platforms).

Threat & Vulnerability Management
  • Oversee the end-to-end vulnerability management lifecycle - from scanning and prioritization to remediation and reporting.
  • Participate in regular vulnerability assessments, third-party penetration testing, and red team/blue team exercises.
  • Mature the TVM program through automation, metrics, and cross-functional remediation processes.
  • Provide vulnerability and risk assessment input to the GRC and Infrastructure teams.
  • Ensure timely and effective remediation through collaboration with system owners and application teams.

Application Security & DevSecOps
  • Lead Appsec team to help with integration of Secure SDLC practices and scanning tools (SAST, DAST, IAST) into CI/CD pipelines.
  • Conduct manual and automated code reviews and facilitate threat modeling and security architecture reviews.
  • Lead secure coding training and awareness efforts across development teams.
  • Manage API security reviews and mitigate application-level vulnerabilities.

Incident Management & Risk Response
  • Own and enhance Incident Response (IR) processes, including playbooks, tabletop exercises, and after-action reports (SIRs).
  • Manage the full incident lifecycle, including breach response and reporting to executive leadership.
  • Serve as a key contact for internal stakeholders and third parties during security incidents and audits.

Governance, Risk & Compliance
  • Ensure adherence to regulatory and industry standards (HIPAA, HITRUST, NIST CSF, ISO, CIS, COBIT, TX-RAMP, FedRAMP).
  • Contribute to internal and external audits, risk assessments, and compliance initiatives.
  • Translate compliance and policy requirements into actionable security controls.
  • Develop and maintain documentation for training, auditing and reporting (adding to policies, procedures, reports, awareness materials).

Qualifications

What You Will Need to Be Successful

Education, Experience and Knowledge Required:

  • Bachelor's degree in Information Security, Computer Science, or related field (or equivalent experience).
  • 7+ years in cybersecurity, including at least 3 years in a management or leadership capacity.
  • Proven experience leading Threat and Vulnerability Management, Security Operations, and/or Application Security teams.
  • Strong working knowledge of:
    • Security frameworks (e.g., NIST, OWASP, CIS, COBIT, ISO, PCI).
    • IAM, Zero Trust architecture, JIT access.
    • Infrastructure security (on-premises, AWS/Azure, containers).
    • Security tools (SIEMs, vulnerability scanners, code analysis tools).
    • Technical platforms: Microsoft, Linux/Unix, Infrastructure as Code (Terraform, etc.).
  • Experience managing and participating in incident response and recovery.

Preferred:
  • Relevant certifications such as CISSP, CISM, GWAPT, OSCP, or similar.
  • Familiarity with HITRUST, TX-RAMP/FedRAMP security frameworks.
  • Experience with endpoint detection and response (EDR), SSO, MFA, ESO integrations.
  • Understanding of secure DevOps and cloud-native best security practices.

Skills and Competencies:

  • Strong leadership and project management skills with the ability to deliver results across multiple teams.
  • Excellent verbal/written communication and stakeholder management skills.
  • Proven ability to influence security culture through education and evangelism.
  • Highly organized with exceptional time management, analytical thinking, and problem-solving skills.
  • Ability to assess and address complex security problems using both strategic and tactical approaches.
  • Continuous learner who stays current with evolving cybersecurity trends, threats, and technologies.

Benefits

HealthStream offers a comprehensive benefits package to eligible employees, including:
  • Medical, Dental and Vision insurance
  • Paid Time Off
  • Parental Leave
  • 401k and Roth
  • Flexible Spending Account
  • Health Savings Account
  • Life Insurance
  • Short- and Long-Term Disability
  • Medical Bridge Insurance
  • Critical Illness Insurance
  • Accident Insurance
  • Identity Protection
  • Legal Protection
  • Pet Insurance
  • Employee Assistance Program
  • Fitness Reimbursement

Be a HealthStreamer! Apply

Apply Here done