Cybersecurity Risk Manager

Title: Cybersecurity Risk Manager

Location: Remote Work - CST

Duration/Type of Job: 12+ months

As Sr. Manager, Cybersecurity Risk Management, you will be apart of the overall information security risk management program and strategy, providing skilled leadership to build high-performing team(s), and engaging IT and Business leaders across a wide spectrum of projects. Your collaborative approach and exceptional communication skills will play a significant role in your success, as you engage and support colleagues inside and outside the organization. As part of this new Healthcare spinoff, you will have the opportunity to create an industry best-practice program that serves as a strategic enabler for the business.
Responsibilities:

• Drive cybersecurity risk management taxonomy and framework/ methodology including implementing an Enterprise Control Framework (ECF) utilizing NIST/HITRUST controls that align with Enterprise Risk Management (ERM) objectives.
• Lead a team that performs risk assessments, and identify, mitigate, and track to closure risks across the enterprise, providing actionable data and recommended solutions to organization leadership.
• Define standardized risk assessment and exception handling processes, including defining what constitutes an exception and the criteria for managing them.
• Develop and execute gold-standard information security governance strategy and program. Drive culture of transparency, integrity, and accountability.
• Focus efforts to support cyber- and business resilience, ensuring the organization is well-prepared to counter risks to continuity of operations.
• Develop the appropriate security checkpoints against software and infrastructure development lifecycles, shifting effort to prevent rework and build security by design into every project.
• Establish a robust Findings & Remediation program that identifies trends in newly discovered risks, provides actionable reporting, identifies root cause, and works collaboratively to reduce inherent risk and technical debt.
• Use expertise to scale programs up and down to meet the current regulatory environment and the risk appetite of the organization.
• Establish and maintain robust data security governance, including creation, classification, retention, retrieval, and disposal of records.
• Monitor regulatory changes and industry standards.
• Coordinate the transfer of information into or out of the firm in compliance with organizational policies. When necessary, ensure the proper execution of destruction orders.
• Implement supporting protocols and processes to ensure statutory, regulatory, ethical and privacy requirements are met for the management of physical and electronic information.
• Support data governance efforts across the organization, including but not limited to data classification, data retention and disposal, data sharing, records management, archiving data, and data privacy.

Qualifications:

• Extensive background in Governance, Risk & Compliance, with particular focus on Risk Management in Healthcare or other highly regulated industry.
• Experience building and optimizing best practice Enterprise Risk Management, Third Party Risk Management, Risk Quantification, as well as Data Governance and Artificial Intelligence (AI).

Nice-to-Have Skills:

• Supporting certifications and coursework demonstrating continual learning. CISSP strongly preferred, or equivalent experience across a broad spectrum of Information Security disciplines
• Seven (7) years of experience building and leading global IT, digital and/or cybersecurity programs in a private, public, government or military environment
• Minimum three (3+) years leading Risk Management programs
• Successful track record developing and leading risk management programs, policies, procedures, and best practices.
• Experience working with Risk, Security and/or Audit frameworks (SOX, HiTrust, SOC2, PCI, ISO 27001/2, NIST CFS / 800-53, FedRAMP, StateRAMP, and EIC 62443, etc
• Master's Degree in Computer Science, Information Security or related field from an accredited institution
• Successful track record of leading organizations through external audits and assessments. Experience writing and communicating directly with regulators and external auditors, responding appropriately to external inquiries while protecting the organization.
• In-depth knowledge of legal and regulatory requirements, including data protection laws (e.g., GDPR, CCPA) and legal hold obligations.
• Supporting certifications such as CRISC, CISM
• Experience leading Business Continuity Planning and/or Cyber Resilience teams.