Cybersecurity Risk Manager

About The Position

Requirements

• Minimum 5-7 years’ progressive experience in cybersecurity governance, risk management, or compliance with an u nderstanding of security risk management , the system development life cycle (SDLC), and the evolving threat landscape.
• Bachelor’s or Master’s degree in Cybersecurity, Information Security, Risk Management or a related field
• Strong knowledge of Information Security risk management frameworks, Governance, Risk, and Compliance process, IT general controls (e.g. asset classification, risk assessments, vulnerability and threat analysis, risk treatment, audit controls and remediation, vendor risk management, and IT risk management & reporting).
• Strong knowledge of Information Security & Risk Frameworks including ISO 27001/2, ISO 31000\:2018, ISO 270052022; NIST Special Publications and Methodologies (e.g. SP800-12, 30, 37, 39, 150, 161).
• Working knowledge of California Consumer Privacy Act (CCPA), Gramm-Leach-Bliley Act (GLBA), NYDFS Cybersecurity Regulation, PCI-DSS, FFIEC, SOX, and other relevant laws and regulations.
• Strong understanding of financial regulatory frameworks and cybersecurity best practices.
• Intermediate skills with Microsoft Office Suite, including Word, Excel and PowerPoint.
• Ability to communicate complex security concepts to business leaders and technical teams.
• Proven ability to assess risk, interpret security findings, and provide strategic guidance.
• Exceptional attention to detail and quality.
• Ability to work autonomously and in a team environment.
• Excellent verbal and written communication, including presentation skills.
• Excellent interpersonal skills to successfully collaborate with cross functional departments.
• Strong orientation toward results coupled with reputation for integrity, creativity and good judgment
• Must have the ability to challenge, when appropriate, existing practices.

Nice To Haves

• Financial services preferred.
• Certifications such as CISSP, CISM, CRISC, CGEIT, CISA, and ITIL are highly desirable

Responsibilities

• Conduct security risk assessments, threat modeling, and impact analyses to identify vulnerabilities across HCA internal utilized solutions, systems, applications and processes.
• Participate in the cybersecurity risk management framework to align with business objectives and regulatory requirements.
• Maintain security risk metrics by t racking Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs), along with reporting mechanisms to communicate cybersecurity effectiveness.
• Participate and assist with governance around internal cybersecurity risks, ensuring compliance with internal security policies and regulatory requirements.

Benefits

• Medical, Dental and Vision plans that include no-cost and low-cost plan options
• Immediate 401(k) matching and vesting
• Vehicle purchase and lease discounts plus monthly vehicle allowances
• Paid Volunteer Time Off with company donation to a charity of your choice
• Tuition reimbursement