Information Security Management System (ISMS) Manager

confidio, logo, maze

Confidio is a technology-enabled pharmacy benefits consulting firm. We optimize the way Pharmacy Benefit Managers (PBMs) work on behalf of our clients and maximize value of pharmacy benefits through transparency, accountability and advanced data analytics paired with deep insider expertise. We help minimize drug spend while maximizing patient outcomes and satisfaction. Our reliable solutions are performance-based, results-driven and continuously validated. Confidio offers a full suite of pharmacy benefit procurement, consulting, audit and analytic services aimed at optimizing our clients’ pharmacy benefit, significantly lowering costs and producing a tangible return on investment.


Information Security Management System (ISMS) Manager


The ISMS Manager reports to the Vice President, Vendor Relations & Compliance and is a resource who is well versed in the ongoing maintenance and management of the organization’s ISMS.

The ISMS Manager role supports the Information Security Officer and Management Review Board in ensuring tasks required of the ISMS are executed and the ongoing compliance is monitored and measured.

This position will work remotely from home office.


The defined tasks for the ISMS Manager include, but are not limited to:

  • Act as a liaison with management, vendors, clients and/or auditors on matters relating to the ISMS
  • Maintain the Documented Information Process to include:
    • Manage the documents and records within the ISMS library
    • Oversee and update the ISMS documentation as needed
    • Obtain final approval from the Information Security Officer and/or Management Review Board for any changes to controlled documents
  • Coordinate Management Review Board meetings
    • Schedule monthly meetings
    • Prepare agenda, reports, logs, slides, and other required documents
    • Review meeting documents with the Information Security Officer for approval and presentation readiness
    • Document the outcome of the Management Review Board meeting
    • Follow up on all outstanding tasks/follow ups after meetings
  • Training
    • As needed, present ISMS training to Team Members
    • Review relevant ISMS updates with Managers
    • Present monthly Information Security Awareness training for all new hires
  • Audit
    • Schedule annual internal and external audits
    • Ensure all ISMS people, processes and documentation are audit ready
    • Assist in supporting internal and external audit processes as necessary
  • Risk Framework
    • Ensure conformance to the stated process
    • Oversee quarterly risk meetings to review the existing risk register, and assist with updating as needed
    • Periodically review risk treatments with the risk owners to ensure ongoing adherence to documented process/procedure and identify any new risks
  • Monitoring and Measuring
    • Responsible for gathering ISMS metrics to support objectives and internal controls as identified within the ISMS. Prepare reports as needed
  • Improvements
    • Responsible for recording and tracking:
      • Non Conformances
      • Corrective Actions
      • Opportunities for improvement
      • Manage the improvement process including the oversight of corrective actions to closure and review of effectiveness
  • Communication
    • Point of contact for and management of any required incident response, including both internal and external events
  • Coordination and tracking of:
    • Annual penetration testing
    • Annual contract reviews
    • Annual system licensing reviews
    • Spot checking of approved and licensed software on Confidio devices
    • Quarterly information asset access review
    • Annual review of Vendor Matrix
    • Annual review of RACI
    • 2x year review of Information Assets List
    • Ongoing review and updating of the Information Security Handbook
    • Continuous review and updating of Risk Register
    • Onsite annual Information Security Risk Assessment
    • Annual HIPAA Risk Assessment
    • Ongoing review and improvement of Business Continuity Plan and Disaster Recovery Plan
    • Various Information Security initiatives
    • Continuous review and improvement of ISMS policies and procedures
    • Other logs, documents, processes, and procedures as needed
  • Adhere to Confidio’s Information Security Management System as well as all other company policies
  • Represent Confidio in a manner consistent with company policy at all times
  • Other duties and special projects as assigned


$100,000 to $130,000



  • 3-5 years of professional work experience with Information Security Management Systems and ISO 27001 certification required
  • 2-5 years of professional work experience in Pharmacy Benefit Management (PBM) preferred
  • Bachelor’s degree in related field is required
  • Must understand and have working knowledge of HIPAA
  • Solid understanding of information technology is required (cloud computing and services, mobile devices, desktop computers, remote access, security, 3rd party service providers)
  • Excellent computer skills are essential, including proficiency in Microsoft Office Suite (Word, PowerPoint, Outlook, and Excel)
  • Well-organized and responsible with strong attention to detail
  • Expert interpersonal, communication and collaboration skills
  • Ability to work independently and prioritize assignments
  • Highly competent problem solver
  • Exceptional project management skills
  • Demonstrate strong analytical and independent critical thinking abilities
  • Display outstanding leadership and management skills, as well as good business judgement
  • Comfortable operating under pressure and with sense of urgency
  • Experience in Salesforce preferred
  • Flexibility to travel to Corporate Office as needed for trainings, meetings, and audits

*Confidio, LLC provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Click or drag a file to this area to upload.
Click or drag a file to this area to upload.