Security Risk Program Lead

INTEGRIS Health Two Corporate Plaza Bldg, Oklahoma’s largest not-for-profit health system has a great opportunity for a Security Risk Program Lead in Oklahoma City, OK. In this position, you’ll be a part of our IT Standards team providing exceptional work supporting the INTEGRIS Health caregivers and the community at large. If our mission of partnering with people to live healthier lives speaks to you, apply today and learn more about our recently enhanced benefits package for all eligible caregivers such as, front loaded PTO, 100% INTEGRIS Health paid short term disability, increased retirement match, and paid family leave. We invite you to join us as we strive to be The Most Trusted Partner for Health.

The Security Risk Program Lead will be responsible for leading the security risk program to identifying, analyzing, and influencing the management of information risks across the organization.

• Lead the Risk Program and mentor junior members of the Risk Team.
• Performs focused information risk assessments of existing or new services and technologies, along with business counterparts.
• Communicates risk assessment findings to team owners and custodians of information risk “business partners,” or information governance teams and information security teams.
• Provides consultative advice to information governance or security teams that enables them to suggest informed risk management decisions.
• Identifies and facilitates implementation of appropriate controls to effectively manage information risks as needed.
• Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.
• Maintains strong working relationships with individuals and groups involved in managing information risks across the organization.
• Track and maintain risk posture over time and be able to communicate risk strategy and mitigation over time.

A successful candidate will have the expertise, and skills described below.

• Bachelor's degree in computer science, or related field or 9 years of experience with proven increasing level of responsibility and accountability.
• Minimum of 9 years of work experience in information security, with a focus on information risk analysis, risk management, and IT audit roles. Additionally, candidates should have extensive experience with regulatory compliance and information security management frameworks such as the National Institute of Standards and Technology (NIST) 800, International Organization for Standardization (ISO) 27000, and COBIT.

• Ability to identify and assess the severity and potential impact of risks. Communicate risk assessment findings to risk owners outside the cybersecurity program in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.
• An understanding of organizational mission, values, goals and consistent application of this knowledge.
• An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one’s network within an organization.
• An ability to apply original and innovative thinking to produce new ideas.
• An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business.
• An ability to effectively influence others to modify their opinions, plans or behaviors.
• Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate action to be taken.
• Strong problem-solving and troubleshooting skills.

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA)