Position Summary:
Leads and operates the IT Risk Management program.
Responsible for a mixture of ongoing day-to-day Risk Management responsibilities, ad hoc requests and issues, and long-term initiatives.
Responsible for resolving challenging issues and for managing multiple issues to completion. Maintains the overall responsibility for managing human risk by positively building strong partnerships while leveraging security platform throughout the organization.
Essential Functions and Responsibilities
:
Manages a team of analysts or senior analysts responsible for a diverse portfolio of risks, including Operational, Regulatory, Financial and Third-Party risks
Works’ closely with all internal/external stakeholders to manage security risk and identify any gaps organizational gaps
Works with executive and business managers to align the IT organization with business unit security and compliance needs
Manages and creates’ metrics to effectively measure and communicate impacts of the security program
Oversees the Enterprise Governance, Risk, and Compliance (eGRC) tool functions and development.Develops and improves risk models
Develops and manages the annual external corporate information security risk assessment.
Develops and manages the annual hospital and health plans information security risk assessments
Develops and manages third party risk management program
Qualifications:
Required:
BA or BS Management Information Systems, Computer Science, or Engineering. or related field.
Five years’ progressive experience in information security management, information management, information systems and/or risk management is required.
Requires one or more of the following certifications: Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or other related certification.
Preferred:
Project Management Professional (PMP)
Five years’ progressive experience in health information security management, health information management, information systems and/or health risk management is required.