Find The RightJob.

Sr. Manager, Information Security

Job Level: Manager (Individual Contributor – No Direct Reports)
Department: Information Technology – Enterprise Security (Security Operations & Engineering)
Reports To: Director, Information Security – Security Operations & Engineering
Location: Remote

Position Summary

The Sr. Information Security Manager is the owner and coordinator for Omnicell’s security engineering & automation capabilities and core security tooling stack, with emphasis on Qualys, Netskope, DLP, Vectra, or equivalent. This role defines the strategy, roadmap, standards, and operating model for these capabilities and ensures they deliver effective controls, meaningful metrics, and integrated workflows for SecOps.

The Sr. Information Security Manager leads tooling strategy, engineering direction, and cross-team execution working through influence, governance, and hands on technical expertise. The role drives vulnerability management, data protection, network detection, and offensive security (penetration testing and red team exercises), while building automation and process improvements across Omnicell’s SecOps technologies (SIEM, SOAR, EDR/XDR, ITSM, CMDB, and related tools).

Key Responsibilities

Security Tool Ownership & Roadmap

Serve as service owner and primary authority for:

Qualys or equivalent vulnerability management

Netskope or equivalent SWG/CASB/ZTNA

Enterprise DLP or equivalent (endpoint, email, and/or cloud)

Vectra or equivalent NDR platform

Define and maintain tool strategy, roadmap, and standards, including policies, configurations, and integration patterns.

Coordinate with SecOps, Infrastructure, Cloud, Network, and Product/Cloud Security to prioritize backlogs and ensure tools support business and risk reduction objectives.

Vulnerability Management Leadership (Qualys or Equivalent)

Own the Qualys (or equivalent) operating model, including scan architecture, schedules, asset tagging, and authentication patterns across on prem, cloud, and endpoint assets.

Define risk-based prioritization models, remediation SLAs, and exception processes in partnership with asset owners and SecOps.

Establish and maintain dashboards and reports for coverage, vulnerability aging, SLA performance, and risk trends; use these to drive accountability with IT and business stakeholders.

Data Protection & DLP Governance (Netskope and DLP Platforms)

Lead the design and governance of DLP and Netskope (or equivalent) policies to protect sensitive data (e.g., PHI, PII, confidential IP) across web, cloud apps, endpoints, and email.

Partner with Data Owners, Privacy, Legal, and Compliance to translate classification and regulatory requirements into implementable policies.

Oversee tuning strategy, rollout plans, and exception handling, balancing protection with business productivity.

Detection Engineering & SecOps Integration (Vectra and SecOps Stack)

Define and oversee detection engineering strategy for Vectra (or equivalent) NDR and related integrations into SIEM/SOAR and case management.

Work with SecOps to design and refine detections, correlation rules, and playbooks leveraging NDR, CASB/SWG, DLP, EDR/XDR, and vulnerability data.

Act as Tier3 escalation for incidents involving these tools and ensure post incident findings are translated into durable configuration, process, and automation improvements.

Metrics, Automation, and Process Improvement

Define and own KPIs/KRIs for security tooling, including:

Vulnerability remediation rates and SLA adherence

Tool and sensor coverage across environments

DLP incident volumes, false positive rates, and closure times.

Drive automation strategy and patterns using APIs, scripting (e.g., Python, PowerShell), and SOAR, guiding engineers who implement automations and contributing hands on as needed.

Lead continuous improvement initiatives to reduce manual effort, improve data quality, and standardize workflows across SecOps and IT (e.g., standard runbooks, intake processes, and change patterns).

Cross-Functional Leadership, Documentation, and Enablement

Act as the primary point of contact for these tools with Infrastructure, Cloud, Network, Application Owners, and Product/Cloud Security.

Create and maintain SOPs, runbooks, architectures, and knowledge articles for security tools and workflows; ensure they are adopted and kept current.

Plan and deliver training, enablement, and communications for SecOps, IT, and other stakeholders on tool capabilities, dashboards, metrics, and best practices.

Support audits, certifications, and customer security assessments where these tools and metrics are in scope, ensuring consistent, evidence-backed responses.

Offensive Security – Penetration Testing and Red Team Exercises

Coordinate and oversee penetration testing and red team exercises (internal and third-party), aligning scope and objectives with key risks, products, and environments.
Ensure findings from offensive security activities are prioritized, tracked, and integrated into vulnerability management, detection engineering, and process improvements.
Partner with Product/Cloud Security, Infrastructure, and SecOps to design scenarios that validate controls, detections, and incident response playbooks.

Required Qualifications & Skills

8+ years in Information Security, with substantial experience in security engineering and/or SecOps, including ownership of enterprise security tools.

3+ years acting as lead or service owner for at least two of:

Qualys or equivalent enterprise vulnerability management platform

Netskope or equivalent SWG/CASB/ZTN

Enterprise DLP solution

Vectra or equivalent NDR

Demonstrated experience defining roadmaps, standards, and metrics, and driving cross functional implementation without direct people management authority.

Proven track record of delivering metric-driven improvements (coverage, risk reduction, SLA performance).

Deep knowledge of vulnerability management, web/cloud security, NDR, DLP, and offensive security (penetration testing/red teaming) concepts and operations.

Experience integrating tools with SIEM, SOAR, EDR/XDR, ITSM, and CMDB, and designing robust data flows and use cases.

Strong scripting and automation capability (e.g., Python, PowerShell, REST APIs) and experience guiding others in adopting automation patterns.

Familiarity with frameworks and regulations such as NIST CSF, CIS Controls, HITRUST, SOC 2, HIPAA and ability to map them to tooling capabilities.

Excellent analytical, communication, and collaboration skills; able to influence decisions and explain tradeoffs to both technical and nontechnical audiences.

Preferred Qualifications

Advanced degree in Information Security, Computer Science, or related field, or MBA with technology focus.

Certifications such as CISSP, GIAC (GCIH, GCIA, GMON), CISM, or vendor certifications for Qualys, Netskope, Vectra, or major DLP platforms.

Experience in healthcare, medical devices, or other highly regulated environments.

Proven experience leading SOAR and automation initiatives, from design through rollout and operationalization.

Working Conditions

Occasional off hours work for changes, maintenance, or high severity incidents

Occasional travel (up to ~10–15%) for team meetings, workshops, vendor engagements, and audits

EEO, Privacy, and Adaptability

Omnicell welcomes applications from all individuals, valuing a wide range of perspectives and backgrounds. As an equal opportunity employer, we do not discriminate based on race, gender, religion, sexual orientation, gender identity, national origin, veteran status, or disability. We are committed to making our recruitment process accessible to everyone. We offer support and reasonable adjustments for individuals with disabilities during our hiring process. If you need assistance, please contact us at Recruiting@omnicell.com.

At Omnicell, respect for privacy and confidentiality is paramount. We adhere to strict policies to prevent discrimination or retaliation against those who engage in open conversations about compensation. However, employees privy to compensation information as part of their job role are expected to maintain confidentiality, except in specific circumstances outlined by law, such as during formal complaints, investigations, or as required by legal obligations. Learn more about our privacy practices: https://www.omnicell.com/privacy/

Please note that Omnicell reserves the right to modify job roles and responsibilities as needed to meet our organization's evolving needs and drive our mission forward.

About Us

At Omnicell, innovation starts with people who are passionate about making healthcare safer and smarter. Since 1992, we’ve been transforming the future of pharmacy care through bold ideas and hands-on solutions that make a real impact on clinicians and patients’ lives.

We build outcomes-driven technology—from robotics to intelligent software—that helps clinicians work more efficiently and ensures patients get the care they need. Every improvement, every breakthrough, every idea is rooted in our belief that better is always possible.

But what sets us apart isn’t just the work we do, it’s how we do it. Our Culture of Care shapes everything, from how we show up for each other to how we solve tough problems together. You’ll find a team that has your back, leaders who listen, and a shared commitment to building something that matters.

Here, careers are more than job titles, they are journeys of purpose and possibility. Whether you’re just getting started or ready to grow in new directions, we’ll meet you where you are, with support, flexibility, and opportunity that matches your ambition.

If you’re driven by purpose and ready to shape what’s next in healthcare, there’s a place for you at Omnicell.

Similar jobs

No similar jobs found

Term of use Privacy policy