Cybersecurity Risk Manager

It's fun to work in a company where people truly BELIEVE in what they're doing!

We're committed to bringing passion and customer focus to the business.

Department :

Information Technology

Under the general direction of the general direction of the Director of Information Technology (IT). The Systems Security Manager is responsible for overseeing, implementing and managing compliance with the organization's information security program. This role involves developing and maintaining security policies, procedures, risk register, and security standards to protect sensitive data and ensure compliance with HIPAA and other relevant regulations and selected security standards. The incumbent is responsible for assessments, conducting training, and managing security controls for the organization.

• Collaborates with the Director, Information Technology and stakeholders to develop, implement, and maintain, security process for the organization that aligns with chosen industry practices and regulatory requirements.
• Manages appropriate governance, risk, and compliance (GRC) activities to maintain and improve cybersecurity posture.
• Conduct regular risk assessments to identify and prioritize potential security threats and vulnerabilities and develop mitigation strategies to address the risks as prioritized.
• Develops and implements cybersecurity controls that are aligned with policy.
• Maintain the incident response plan to effectively manage and respond to security incidents.
• Serves an advisory role for legal and privacy teams in matters of policy violations and manage security events; assist with legal matters associated with such violations as necessary.
• Ensures organizational compliance in accordance with information security policies, standards and procedures. Manages the exceptions process and documents all exceptions.
• Acts as a Focal point for all information security related audit work (internal & external). Coordinates with auditors in the execution of audits. Develops a strategy for handling audits and external assessment processes for relevant regulations.
• Ensure compliance with HIPAA, HITRUST and other relevant regulatory frameworks by conducting regular audits and assessments.
• Assesses information systems under consideration for procurement for cyber risk.
• Develop and maintain security awareness training programs for staff, providers, and other system end users to best practices for upholding and complying with our systems security policies, procedures and best practices.
• Collects data and provides regular reporting on the current status of the information security program metrics to management and executive leadership.
• Develop and maintain a program to ensure that processes and controls related to patch management are observed and reported.
• Tracks metrics and reporting for established framework to measure the efficiency and effectiveness of the security program.
• Works collaboratively to increase the maturity of the information security program, and review risks with stakeholders at multiple organizational levels.
• Track vendor security practices to ensure third-party service providers and information services solutions meet the organization's security requirements.
• Performs other duties as assigned.

Education : Bachelor's Degree required or in lieu of bachelor's degree, Associate's degree preferably in computer sciences, risk management, information assurance, or related field with a minimum of ten (10) years' relevant work experience.

Licensure : Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP) certification is required.

Experience : Five (5) years' experience in a similar job role for a mid to large organization, preferably in healthcare with a healthcare provider. In-depth experience in the following practice areas : Familiarity with HIPAA, HITRUST and other relevant regulations. Familiarity with NIST standards. Proven track record of developing and implementing successful information security programs Cybersecurity risk management Experience with data privacy and protection. Experience with security compliance audits and assessments.

The hourly rate for this position is $65.86 - $82.32. The range displayed on this job posting reflects the target for new hire salaries for this position.

Job Specifications :

If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!

Salary : $66 - $82