IT Manager

Title: IT Manager

Department: Information Technology

Reports to: Information Technology Leadership

Shift: 8-hour shift

Pay Grade: TBD

Location: Hybrid, Chicago Local*

Position Summary

The IT Vendor Management & Information Security Coordinator at Heartland Alliance Health is responsible for managing outsourced IT vendor relationships, coordinating IT services across the organization, and ensuring the security, integrity, and compliance of health information systems.

This role serves as the primary liaison between internal stakeholders and external IT vendors, ensuring effective service delivery, regulatory compliance, risk mitigation, and continuous improvement of IT services. The position plays a critical role in safeguarding electronic protected health information (PHI), personal identifiable information (PII), and other sensitive data in alignment with HIPAA and applicable regulations.

This position supports Heartland Alliance Health’s mission and strategic goals by ensuring reliable, secure, and compliant IT operations.

Key Responsibilities

Vendor Management

• Oversee the relationship with outsourced IT vendors, including contract negotiation, performance monitoring, and issue resolution.
• Define and manage service level agreements (SLAs) to ensure vendor services meet organizational needs.
• Conduct regular vendor performance reviews and meetings to discuss projects, performance metrics, and concerns.
• Evaluate vendor performance against SLAs and KPIs and implement corrective actions as necessary.
• Manage vendor budgets to ensure services are delivered within agreed financial parameters.

IT Service Coordination

• Serve as the primary point of contact between internal stakeholders and the IT vendor.
• Gather IT requirements from departments and translate them into actionable tasks for vendors.
• Coordinate IT projects and initiatives to ensure timely and cost-effective delivery.
• Provide guidance and support to internal teams regarding IT systems and processes.
• Monitor IT service delivery and identify opportunities for optimization and improvement.

Risk Management and Compliance

• Assess and mitigate risks related to IT vendor services, including data security breaches and service disruptions, including health information systems.
• Ensure compliance with HIPAA and other applicable regulations and standards.
• Collaborate with vendors to implement security best practices to protect sensitive information.
• Conduct regular risk assessments to identify vulnerabilities and develop mitigation strategies.
• Develop and maintain policies, procedures, and guidelines to safeguard the integrity, confidentiality, and availability of PHI and PII.
• In coordination with the Privacy Officer, establish and manage mechanisms for reporting, investigating, and resolving information security incidents and violations.

Continuous Improvement

• Stay informed on emerging technologies and industry trends to enhance IT services and security capabilities.
• Drive continuous improvement initiatives within vendor relationships to improve performance and reduce costs.
• Gather feedback from internal stakeholders to improve IT services and vendor management processes.
• Continuously evaluate the effectiveness of security controls and implement improvements as needed.

Administrative Safeguards

• Create and maintain comprehensive IT security policies covering data access, usage, retention, disposal, and acceptable use.
• Implement and manage user access controls to ensure appropriate authorization.
• Develop and maintain an incident response plan for security incidents and data breaches.
• Conduct regular security audits and assessments and report findings to leadership.
• Establish and enforce change management procedures for IT systems and configurations.
• Develop and maintain a disaster recovery plan to ensure continuity of IT systems and data.
• Maintain thorough documentation of IT systems, processes, and security controls.
• Serve as the central point of contact for coordinating responses to security incidents with legal, human resources, and public relations teams.

Other Support

• Demonstrated ability to multitask and remain organized in a fast-paced environment.
• Perform other duties as assigned to support organizational operations and strategic goals.

Qualifications

• Associate’s degree in Computer Science, Information Technology, or a related field (or currently pursuing).
• CompTIA certifications preferred, including A+, Network+, Security+, or IT Fundamentals (ITF+).
• Minimum of 3 years of experience in IT vendor management or related roles.
• Strong understanding of IT service delivery processes and methodologies.
• Excellent communication, interpersonal, and project management skills.
• Knowledge of risk management principles and regulatory compliance requirements.
• Strong working knowledge of HIPAA, PHI, PII, EMR systems, databases, and medical record documentation.

• Medical, Dental, and Vision Insurance
• Health Savings Account (HSA) or Flexible Spending Account (FSA)
• Wellness Programs
• Employee Assistance Program (EAP)
• Tuition Reimbursement and Educational Assistance
• 401(k) Retirement Savings Plan
• Life Insurance
• Short-Term and Long-Term Disability Insurance
• Paid Time Off (PTO)
• Paid Holidays
• Physical Demand

Physical Demands: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• While performing the duties of this job, the employee is regularly required to talk and hear.
• The employee is frequently required to stand; walk; sit; use hands to finger, handle, or feel and reach with hands and arms.
• Specific vision abilities required by this job include close vision and ability to adjust focus

• The noise level in the work environment is usually moderate.
• While performing the duties of this position, the employee may frequently be exposed to air- and/or blood-borne pathogens.
• While performing the duties of this position, the employee may be required to perform duties at off-site locations.