Cybersecurity Manager of Risk

Your future role at a glance

Location: Remote

Department: Security

Schedule: Full-Time, Day

Salary range: $129,942.00 - $183,447.00 per year

#LI-Remote

Life at Ascension: Where purpose meets opportunity

Ascension is a leading nonprofit Catholic health system with a culture and associate experience grounded in service, growth, care and connection. We empower our 99,000+ associates to bring their skills and expertise every day to reimagining healthcare, together. Recognized as one of the Best 150+ Places to Work in Healthcare and a Military-Friendly Gold Employer, you'll find an inclusive and supportive environment where your contributions truly matter.

Benefits that help you thrive

• Comprehensive health coverage: medical, dental, vision, prescription coverage and HSA/FSA options
• Financial security & retirement: employer-matched 403(b), planning and hardship resources, disability and life insurance
• Time to recharge: pro-rated paid time off (PTO) and holidays
• Career growth: Ascension-paid tuition (Vocare), reimbursement, ongoing professional development and online learning
• Emotional well-being: Employee Assistance Program , counseling and peer support, spiritual care and stress management resources
• Family support: parental leave, adoption assistance and family benefits
• Other benefits: optional legal and pet insurance, transportation savings and more

Benefit options and eligibility vary by position, scheduled hours and location. Benefits are subject to change at any time. Your recruiter will provide the most up-to-date details during the hiring process.

How you'll make an impact in this role

• Compliance: Ensure that risk management activities support and align with healthcare regulatory and compliance requirements
• Control Evaluation: Evaluate the effectiveness and maturity of cybersecurity controls against recognized frameworks (e.g., NIST CSF, ISO 27001, CIS Controls) and internal policies.
• Remediation Tracking: Manage the risk register, track identified risks and corresponding remediation plans, and ensure timely closure of findings.
• Reporting: Prepare and present detailed risk reports, dashboards, and metrics to IT leadership and executive management, clearly communicating the organization's current risk exposure and trends.

What minimum requirements you'll need

Education:

• High School diploma equivalency with 3 years of cumulative experience OR Associate'
  
  degree/Bachelor's degree with 2 years of cumulative experience OR 7 years of applicable cumulative job specific experience required.
• 3 years of leadership or management experience preferred.

What additional preferences we're seeking

• Regulated Industry Expertise: Minimum of 8-10 years in Cybersecurity Risk Management or Governance, with a mandatory focus on the healthcare sector (Hospitals, IDNs, or Payers) and deep proficiency in NIST CSF and NIST 800-30 frameworks.
• Strategic Executive Communication: Proven ability to translate complex technical risks into actionable insights for non-technical stakeholders, supported by a Bachelor's degree in Cybersecurity, Risk Management, or Computer Science.
• Domestic Remote Operational Excellence: Must be based in the United States and available for consistent, high-fidelity collaboration during standard hours (8 am - 5 pm CST), with the flexibility to support extended-hour escalations as needed.

Equal employment opportunity employer

Ascension provides Equal Employment Opportunities (EEO) to all associates and applicants for employment without regard to race, color, religion, sex/gender, sexual orientation, gender identity or expression, pregnancy, childbirth, and related medical conditions, lactation, breastfeeding, national origin, citizenship, age, disability, genetic information, veteran status, marital status, all as defined by applicable law, and any other legally protected status or characteristic in accordance with applicable federal, state and local laws. For further information, view the EEO Know Your Rights (English) poster or EEO Know Your Rights (Spanish) poster.

Fraud prevention notice

Prospective applicants should be vigilant against fraudulent job offers and interview requests. Scammers may use sophisticated tactics to impersonate Ascension employees. To ensure your safety, please remember: Ascension will never ask for payment or to provide banking or financial information as part of the job application or hiring process. Our legitimate email communications will always come from an @ascension.org email address; do not trust other domains, and an official offer will only be extended to candidates who have completed a job application through our authorized applicant tracking system.

E-Verify statement

Employer participates in the Electronic Employment Verification Program. Please click here for more information.

Responsibilities

• Compliance: Ensure that risk management activities support and align with healthcare regulatory and compliance requirements
• Control Evaluation: Evaluate the effectiveness and maturity of cybersecurity controls against recognized frameworks (e.g., NIST CSF, ISO 27001, CIS Controls) and internal policies.
• Remediation Tracking: Manage the risk register, track identified risks and corresponding remediation plans, and ensure timely closure of findings.
• Reporting: Prepare and present detailed risk reports, dashboards, and metrics to IT leadership and executive management, clearly communicating the organization's current risk exposure and trends.

Qualifications

Education:

• High School diploma equivalency with 3 years of cumulative experience OR Associate'
  
  degree/Bachelor's degree with 2 years of cumulative experience OR 7 years of applicable cumulative job specific experience required.
• 3 years of leadership or management experience preferred.