Cyber Security Incident Response Manager

Mosaic Health is a national care delivery platform focused on expanding access to comprehensive primary care for consumers with coverage across Commercial, Individual Exchange, Medicare, and Medicaid health plans. The Business Units which comprise Mosaic Health are multi-payer and serve nearly one million consumers across 19 states, providing them with access to high quality primary care, integrated care teams, personalized navigation, expanded digital access, and specialized services for higher-need populations. Through Mosaic Health, health plans and employers have an even stronger care provider partner that delivers affordability and superior experiences for their members and employees, including value-based primary care capacity integrated with digital patient engagement and navigation. Each of the companies within Mosaic Health provide unique offerings that together promise to improve individuals' health and wellbeing, while helping care providers deliver higher quality care. For more information, please visit www.mosaichealth.com or follow Mosaic Health on LinkedIn.

Formed in 2008 and headquartered in Fort Myers, Florida, with offices in Florida, North Carolina, and Texas, Millennium Healthcare is the largest independent physician group in the state of Florida and one of the largest in the United States. At Millennium Physician Group, our employees are the foundation of our success. Our promise is to provide you with the tools to do your job successfully, as well as providing a team atmosphere that empowers you to seek better ways to deliver care to our patients and their families. We also promise to care for you as an individual and help you grow in your role.

The Cyber Security Incident Response Manager will support all business units within Mosaic Health and is responsible for overseeing the organization's response to cyber security incidents, ensuring the effective detection, containment, remediation, and recovery of systems following security events. This role involves leading a team of Incident Response Specialists, coordinating with other security teams, and driving incident response efforts to minimize the impact of breaches while maintaining regulatory compliance. The Cyber Security Incident Response Manager is responsible for developing, implementing, and continuously improving the incident response strategy to protect the organization's data, systems, and reputation.

This position requires strong leadership, expert knowledge of incident response methodologies, and the ability to manage high-stakes situations while ensuring effective communication across internal teams and external stakeholders.

Responsibilities

1. Lead and manage the incident response team, including Incident Response Specialists, to ensure prompt and effective handling of cyber security incidents and breaches.
2. Develop, implement, and continuously improve the organization's incident response plans, playbooks, and protocols, ensuring they align with industry standards and best practices.
3. Coordinate cross-functional response efforts, working closely with IT, legal, compliance, risk management, communications, and executive teams during cyber security incidents.
4. Oversee the identification, analysis, containment, and remediation of security incidents, ensuring timely recovery and minimum impact on business operations.
5. Conduct post-incident reviews to evaluate the effectiveness of response efforts, document lessons learned and identify opportunities for improving incident management strategies and security posture.
6. Monitor and evaluate emerging cyber threats and develop strategies to mitigate risks, ensuring that the incident response team is prepared for evolving attack vectors.
7. Ensure compliance with regulatory requirements (e.g., HIPAA, PCI-DSS) during incident response, reporting, and documentation processes.
8. Establish metrics and KPIs for incident response activities, tracking and reporting on response times, incident volumes, and improvements in security posture over time.
9. Lead the development of training programs and simulation exercises (e.g., tabletop exercises) to keep incident response personnel prepared for various types of security incidents.
10. Oversee security monitoring tools and incident detection systems (e.g., SIEM, IDS/IPS, firewalls), ensuring they are configured correctly and tuned to detect and respond to potential threats.
11. Act as the primary point of contact for high-priority incidents and escalations, ensuring prompt and efficient resolution.
12. Foster a security-aware culture within the organization by working with HR, internal communications, and training teams to raise awareness of security best practices and ensure that all staff understand their role in incident detection and reporting.
13. Collaborate with the Executive Team and other business units to align incident response strategies with business continuity plans and risk management efforts.
14. Maintain relationships with external vendors, law enforcement, and third-party incident response firms, ensuring effective collaboration during major security incidents.
15. Stay up to date with cyber security threats, trends, and emerging technologies to enhance the organization's response capabilities and tools.
16. Lead forensic investigations (in collaboration with incident response specialists and forensic experts) to determine the root cause of security incidents and help mitigate future risks.
17. Report on the status of incident response efforts, provide regular updates to senior leadership, and document and share post-incident reports.
18. Demonstrate excellent guest service to internal team members and patients.
19. Perform other related duties as assigned.

Qualifications

1. Bachelor's degree in cyber security, Information Technology, Computer Science, or a related field.
2. 5+ years of experience in cyber security, incident response, or related IT security roles, with at least 2+ years of experience in a leadership or managerial role.
3. Deep understanding of incident response frameworks (e.g., NIST, SANS, MITRE ATT&CK) and cyber security best practices for managing and responding to security incidents.
4. Experience in forensic investigation, including tools and techniques for memory analysis, network traffic analysis, and log correlation.
5. Strong knowledge of network security, firewalls, IDS/IPS, SIEM systems (e.g., Splunk, LogRhythm), and other tools used for detecting and responding to incidents.
6. Experience with cloud security and incident response in cloud environments (e.g., AWS, Azure).
7. Experience with regulatory compliance requirements (e.g., HIPAA, PCI-DSS) as they relate to cyber security and incident reporting.
8. Excellent leadership and communication skills, with the ability to manage high-pressure situations, coordinate diverse teams, and communicate effectively with senior leadership and external stakeholders.
9. Strong analytical skills with the ability to assess security incidents and devise strategies to prevent recurrence.
10. Certifications preferred: Certified Information Systems Security Professional (CISSP), Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), or similar.
11. Project management experience, particularly in managing complex, cross-functional efforts during high-stakes incidents.
12. Ability to work independently in a fast-paced, cross-functional environment.
13. A commitment to providing excellent service to internal team members and patients.
14. High level of professionalism and integrity in all interactions.
15. Ability to work independently in a fast-paced, cross-functional environment.

Physical Demands

Sedentary work. Exerting up to 10 pounds of force occasionally and/or negligible amount of force frequently or constantly to lift, carry, push, pull, or otherwise move objects. Repetitive motion. Substantial movements (motions) of the wrists, hands, and/or fingers. The worker must have close visual acuity to perform an activity such as: preparing and analyzing data and figures; transcribing; viewing a computer terminal; extensive reading. Ability to lift to 15 lbs. independently not to exceed 50 lbs. without help.

Equal Employment Opportunity

Mosaic Health is an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to age, citizenship status, color, creed, disability, ethnicity, genetic information, gender (including gender identity and gender expression), marital status, national origin, race, religion, sex, sexual orientation, veteran status or any other status or condition protected by applicable federal, state, or local laws. If you require an accommodation for the application or interview process, please let us know and we will work with you to meet your needs. Please contact HRbenefits@mpgus.com for assistance.