Manager-Information Security Risk & Compliance (Remote)

About The Position

Requirements

• Bachelor’s Degree in applicable field, such as Information Security, Information Technology, Computer Science, Business Administration, or equivalent experience required. If equivalent experience, High School Diploma required.
• 5 years of directly related experience in IT, Information Security, or IT Audit required.
• Strong understanding of information security, risk management, and audit.
• Demonstrated knowledge of administrative, technical, and physical security controls.
• Demonstrated knowledge of different risk assessment methodologies.
• Knowledge of a security control framework; preferably HITRUST.
• Strong ability to successfully collaborate with a cross-matrix IT and business team environment.
• Experience conducting and managing internal and third-party IT control assessments.
• Strong analytical and critical thinking skills.
• Strong working knowledge of MS Outlook, Word, and Excel.
• Demonstrated ability to provide, both written and oral, concise and understandable communications and deliverables, especially for a non-technical audience.
• Ability to use good judgment and make risk-based decision as an advisor to the business on information security.

Nice To Haves

• Experience working in a regulated environment, such as healthcare, preferred.
• Certified Information Systems Auditor (CISA) Upon Hire preferred.
• CISSP Certified Information Systems Security Professional Upon Hire preferred.

Responsibilities

• Performs Information Security Compliance tasks and projects.
• Maintains and improves risk assessment processes, perform risk assessments, and updates the risk register.
• Assists with maintaining compliance with industry regulations, policies, and procedures.
• Makes recommendations to the manager for improvements to increase the effectiveness within Information Security.
• Collaborates with the information security operations and compliance teams to streamline processes.
• Represents the Information Security team by responding to exception and advisory requests.
• Analyzes, and tracks metrics for dashboards, key performance indicators (KPIs), and scorecard.
• Reviews risk and escalates identified anomalies and concerns to the manager.
• Prepare metrics and reporting for Executive leadership.
• Assists with HITRUST requirements and evidence gathering.
• Performs internal security audits.
• Maintains risk register in the GRC system.
• Oversees Information Security Risk and Compliance Program
• Oversees day-to-day tasks enforcing quality and on-time deliverables.
• Assists staff with career development.
• Acts as subject matter expert to provide guidance for decision making.
• Attends industry seminars, conferences, and training classes to update knowledge and skills.
• Performs other duties as assigned.
• Complies with all policies and standards.

Benefits

• company-provided technology equipment
• Equal Opportunity/Affirmative Action Employer