About Sound

Founded in 2001 and headquartered in Nashville, TN, Sound Physicians is a nationally respected, physician-led medical group practicing in 400+ hospitals across 45 states. Our team of 4,000+ clinicians and 1,000+ business professionals across the country is united by one mission: to build exceptional clinical partnerships that unlock quality, affordable, dignified care for everyone – no matter who they are or where they live. With physician-led clinical teams and more than two decades of operational expertise, we’ve refined what it takes to consistently deliver exceptional care in hospital medicine, emergency medicine, critical care, anesthesia, and telemedicine.

Why join us?

• A remote-first culture that values flexibility and collaboration
• Opportunities to grow your career while making a real impact
• A team that champions inclusivity, innovation, and excellence

Whether working virtually or onsite at one of our practices, you’ll be part of a purpose-driven organization shaping the future of healthcare.

Sound Physicians offers a competitive benefits package inclusive of the items below, and more:

• Medical insurance, Dental insurance, and Vision insurance
• Health care and dependent care flexible spending account
• 401(k) retirement savings plan with a company match
• Paid time off (PTO) begins accruing immediately upon start date at a rate of 15 days per year, in accordance with Sound's PTO policy
• Ten company-paid holidays per year

About the Role

The Senior Manager, Information Security will be responsible for managing Sound Physicians’ Information Security Operations team and will be reporting directly to the Senior VP Information Security/CISO. As the manager you will be responsible for continuing to drive the security program towards Sound Physicians’ adoption of practices and standards. The manager will make decisions both autonomously and with the counsel and support of senior management and provide guidance regarding strategic approach and overall deliverables.

Essential Duties and Responsibilities

Security Engineering & Architecture:

• Lead the design, implementation, and lifecycle management of enterprise-wide security technologies (e.g., SIEM, EDR, IAM, DLP, CASB).
• Drive secure-by-design practices across infrastructure and application development (DevSecOps).
• Evaluate and integrate emerging security tools to enhance detection, prevention, and response capabilities.
• Define and maintain security architecture standards and reference models.

Security Operations Oversight:

• Oversee the Security Operations Center (SOC), including monitoring, incident response, and threat intelligence.
• Lead vulnerability management, threat hunting, and red/blue team exercises.
• Develop and maintain operational runbooks, escalation procedures, and incident response plans.
• Ensure continuous improvement of detection and response capabilities.

Team Leadership & Development:

• Manage and mentor a team of security engineers and analysts.
• Evaluate team performance, define growth plans, and foster a culture of accountability and innovation.
• Provide coaching, feedback, and technical guidance to elevate team capabilities.

Cross-Functional Collaboration:

• Partner with IT, DevOps, Infrastructure, and Application teams to embed security controls across systems and services.
• Collaborate with GRC teams to support audits, risk assessments, and compliance initiatives.
• Provide technical input on policy development, control design, and remediation planning.

Metrics, Reporting & Communication:

• Define and track KPIs for security engineering and operations.
• Deliver regular briefings to executive leadership on threat landscape, control maturity, and operational performance.
• Communicate effectively with stakeholders about security risks, incidents, and mitigation strategies.

Strategic Planning & Program Execution:

• Align security initiatives with business objectives and regulatory requirements.
• Lead quarterly planning and execution of security projects.
• Track industry trends and emerging threats to inform strategic direction.

Values

• Collaboration: Demonstrates the ability to work well with others to accomplish a goal and get the work done; takes opinions of others into consideration; includes others in the decision-making process
• Trustworthiness: Demonstrates a high degree of integrity; keeps confidences; does what they say they will do.
• Intellectual Curiosity: Demonstrates a genuine interest in learning new things and wants to know the reason “why” behind the way things are done.
• Adaptability: Demonstrates flexibility and a willingness to change as circumstances evolve.
• Resourcefulness: Proactive willingness to utilize available information and tools to figure things out.

Knowledge, Skills, and Abilities

• Knowledge of healthcare industry frameworks and regulations, e.g. HIPAA and HITRUST.
• Knowledge of international information security frameworks and standards, e.g. NIST, ISO
• Alignment with Sound’s mission, vision and core values
• Experience managing a mix of in-house staff and service providers

Education and Experience

• Bachelor’s Degree in a relevant field is required. Master’s degree is preferred.
• 5-6 years of experience in relevant field

Salary Range

• This position offers an annual salary range of $130,000-$155,000. Exact salary will depend on the candidate’s experience, education and geographic location. This position is eligible for additional compensation beyond base pay.

Sound Physicians is an Equal Employment Opportunity (EEO) employer and is committed to diversity, equity, and inclusion at the bedside and in our workforce. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, gender identity, sexual orientation, age, marital status, veteran status, disability status, or any other characteristic protected by federal, state, or local laws.

This job description reflects the present requirements of the position. As duties and responsibilities change and develop, the job description will be reviewed and subject to amendment.