Information Security Manager - Security Operations Center - job 1 of 2

Job Description

Join a world-class academic healthcare system, UChicago Medicine, as an Information Security Manager – Security Operations Center in our Information Security department. This position will be primarily a work from home opportunity with the requirement to come onsite once a week to our Darien office. You will need to be based in the greater Chicagoland area.  

This position will oversee and enhance security operations by managing the Security Information and Event Management (SIEM) and Security, Orchestration, and Automation Response (SOAR) system, managing threat hunting efforts, managing the relationship with an outsourced security services provider, and helping to build and manage an internal security operations center. This role will be responsible for ensuring our security monitoring, detection, and response capabilities are robust, efficient, and continuously evolving to meet emerging threats. 

Essential Job Functions    

• Lead the administration, tuning, and optimization of the Security Information Event Monitoring and Security, Orchestration, and Automation Response tool to ensure effective threat detection and response. 

• Monitor the performance of the vendor providing Security Operations Center services and ensure proper integration of security data sources and data integrity.  

• Assist in building an internally based Security Operations Center. 

• Manage and support staff on response to incidents and threat-hunting activities to detect advanced persistent threats and hidden adversaries. 

• Work with security teams to investigate security incidents, identify root causes, and recommend the implementation of mitigations. 

• Develop and implement SIEM and SOAR use cases, correlation rules, and log management strategies. 

• Serve as an escalation point, team mentor, and advisor to leadership on threat-based activities, response to incidents and vendor performance. 

• Scrutinize, enhance and improve current processes and their associated procedures and playbooks. 

• Manage between 3-10 people.  

• Other duties as assigned. 

Required Qualifications    

• Bachelor’s degree from an accredited college or university 

• 5+ years of experience in security operations, threat detection, and/or incident response 

• Minimum of at least 2 years of work experience in an Information Security Operations Center or equivalent experience 

• Prior experience managing a security team and/or mentoring security analysts 

• Experience working with managed security service providers (MSSPs) or third-party security vendors 

• Security certifications or ability to obtain within 2 years such as CISSP, GIAC (GCIH, GCIA, GCFA), CEH, or equivalent 

• Deep understanding of the Google Chronicle or similar SIEM and SOAR platform - including rule creation, log ingestion, tuning, and alert triage 

• Hands-on experience with EDR, XDR, SOAR platforms, vulnerability scanners, and endpoint protection 

• Proficiency in scripting (e.g., PowerShell, Python) for automation and custom alerting/playbook development 

• Familiarity with security monitoring in cloud environments (preferably Microsoft Azure), including log sources and native tools 

• Knowledge of threat hunting methodologies, anomaly detection, and familiarity with threat intel feeds 

• Skilled in managing and coordinating response to security incidents, including containment, eradication, and recovery 

• Ability to analyze logs from firewalls, endpoints, IDS/IPS, and cloud environments to identify threats 

• Strong knowledge of threat intelligence, adversary tactics, and cybersecurity frameworks (MITRE ATT&CK, NIST, CIS, etc.) 

• Excellent written and verbal communication skills and the ability to collaborate across teams 

Preferred Qualifications  

• Master’s degree 

• Knowledge of HIPAA and other health related regulations  

• Academic medical center and/or health care consulting experience  

Position Details    

• Job Type/FTE: Full Time (1.0 FTE)   

• Shift: Days   

• Location: Flexible (Darien)  

• Unit/Department: Information Security Office   

• CBA Code: Non-Union 

Why Join Us

We’ve been at the forefront of medicine since 1899. We provide superior healthcare with compassion, always mindful that each patient is a person, an individual. To accomplish this, we need employees with passion, talent and commitment… with patients and with each other. We’re in this together: working to advance medical innovation, serve the health needs of the community, and move our collective knowledge forward. If you’d like to add enriching human life to your profile, UChicago Medicine is for you. Here at the forefront, we’re doing work that really matters. Join us. Bring your passion.

UChicago Medicine is growing; discover how you can be a part of this pursuit of excellence at: UChicago Medicine Career Opportunities.

UChicago Medicine is an equal opportunity employer.  We evaluate qualified applicants without regard to race, color, ethnicity, ancestry, sex, sexual orientation, gender identity, marital status, civil union status, parental status, religion, national origin, age, disability, veteran status and other legally protected characteristics.

Must comply with UChicago Medicine’s COVID-19 Vaccination requirement as a condition of employment. If you have already received the vaccination, you must provide proof as part of the pre-employment process. This is in addition to your compliance with the Flu Vaccination requirement as well. Medical and religious exemptions will be considered consistent with applicable law. Lastly, a pre-employment physical, drug screening, and background check are also required for all employees prior to hire.

Compensation & Benefits Overview

UChicago Medicine is committed to transparency in compensation and benefits.  The pay range provided reflects the anticipated wage or salary reasonably expected to be offered for the position.

The pay range is based on a full-time equivalent (1.0 FTE) and is reflective of current market data, reviewed on an annual basis. Compensation offered at the time of hire will vary based on candidate qualifications and experience and organizational considerations, such as internal equity. Pay ranges for employees subject to Collective Bargaining Agreements are negotiated by the medical center and their respective union.

Review the full complement of benefit options for eligible roles at Benefits - UChicago Medicine.