Information Security Manager (594-858)

Department: Office of the Chief Operating Officer

Reports to: Chief Operating Officer

The Information Security Manager secures enterprise information by designing and enforcing security controls, safeguards, policies, and procedures. The Information Security Manager is a subject matter expert (SME) for all information security platforms and plays a lead role in developing the organization's information security architecture, as well as auditing information security policies and procedures to ensure compliance, and investigating information security events. He/she takes a central role in actively promoting a culture of information security throughout the organization.

Duties and Responsibilities

Risk Assessment & Management

  • Provide technical leadership for all information security platforms. Responsible for:
  • Researching and making recommendations regarding the acquisition of new security tools and technology.
  • Leading the implementation of controls and procedures to protect information systems from unauthorized or accidental modification, disclosure, or destruction, in partnership with the Information Technology department.
  • Leading the research, installation, configuration, implementation, troubleshooting and maintenance of security systems and services, in partnership with the Information Technology department.
  • Manage the development, implementation, and enforcement of security policy, standards, guidelines and procedures to ensure ongoing maintenance of security.
  • Advise the IT Team on emerging vulnerabilities and newly introduced risks to enterprise systems, and take a proactive approach in continually assessing the security of those systems throughout their lifecycle, providing recommendations for enhancing security and adapting to new threats and vulnerabilities.
  • Review information technology contract security requirements and work with Office of General Counsel, IT, and Procurement on final decisions.
  • Meet system security financial objectives by forecasting requirements; preparing an annual budget; scheduling expenditures; and analyzing variances.
  • Develop and promote effective information security orientation and awareness training for all staff.
  • Serve as the final escalation point for technical issues related to information security platforms.


  • Develop and direct IT compliance control monitoring programs to ensure IT compliance-related risks are managed to the appropriate level of acceptable residual risk.
  • Conduct regular technical risk assessments/audits of systems and infrastructure.
  • Report on all new and existing audit findings. Develop recommendations and corrective action plans.
  • Provide actionable dashboards and data regarding status of remediation of security findings to vulnerability owners.

Security Incident and Disaster Recovery

  • Lead crisis management exercises in preparation for security event.
  • Lead and coordinate information security incident responses, providing accurate, comprehensive, and timely communications of each incident's containment, reporting, assessment, investigation, and procedural review.
  • Develop, in partnership with the Administrative Services Manager, a Business Continuity Plan that meets the identified data loss standards and goals for unplanned downtime set by the organization.

Incumbent(s) in this position may be required to perform other duties and special assignments not specifically stated above.

Statements outlined in this section are designated as essential job functions in accordance with the Americans with Disabilities Act of 1990.

  • PCORI Staff Conflict of Interest Statement - No PCORI employee can receive a direct financial benefit from a healthcare related organization during the course of his/her employment with PCORI.

PCORI conducts background checks on all applicants.

PCORI is an equal opportunity employer committed to cultural diversity in our workforce.

Required Skills

  • Current knowledge of security threats, attack methodologies, security principles, best practices, and evasion techniques.
  • Strong knowledge of Incident Analysis and Response concepts and techniques.
  • Knowledge of key security capabilities such as e-forensics, logging/SIEM, risk management, PKI, IPsec, vulnerability management, A&A, continuous monitoring, disaster recovery, network and endpoint security.
  • Excellent planning, documentation and organizational skills.
  • Excellent customer service skills to both the internal customers and IT as well as a sense of urgency when resolving issues. ITIL desirable.
  • Possess good communication and interpersonal skills to work successfully in a team environment.
  • Must be self-disciplined and a self-starter and able to work independently.
  • Relevant and active information security and/or information technology certifications (CISSP; CISA; CISM, etc.).

Required Experience

  • Five to seven years' experience in information security assessment, management and/or IT auditing, particularly in the areas of policy and procedure development and implementation; security incident management, response and analysis; and instructional documentation and presentation development.

Job LocationWashington, District of Columbia, United StatesPosition TypeFull-Time/Regular

Meet Some of PCORI's Employees

Michael R.

Manager, Finance

Michael manages PCORI’s Accounts Payable Department. Together with his team of three, Michael ensures everyone, from employees and research partners to utility companies, gets paid on time.

Chris G.

Program Officer, Engagement

Chris not only oversees currently funded contracts but also ensures that completed research is communicated clearly and put into the hands of the patients, providers, and policy makers who need it most.

Back to top