Manager IT Cybersecurity Risk Management

About The Position

Requirements

• Bachelor's Degree Computer Science, Information Technology, Business or related field / 4 Years Relevant experience in lieu of a degree Required
• Master's Degree Computer Science, Information Technology, Business or related field Preferred
• 5 Years Hands-on Information Security or relevant IT experience Required
• Healthcare Experience is Preferred
• Progressive Leadership Experience Strongly Preferred
• Cybersecurity Risk Management Experience a Plus
• CISSP - Certified Information Systems Security Professional CISSP, CISM, CISA, CRISC or CIPP Upon Hire Required
• Ability to work closely with enterprise architects, other functional area architects and security specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.
• Ability to support enterprise level Governance, Risk Management and Compliance activities.
• Establish standards, driving designs and implementation of appropriate IT Risk management processes and controls which help improve operations and lower risk.
• Support strategic and tactical security, risk mitigation and regulatory compliance guidance for all ITS projects, including the evaluation of enterprise policies, processes, operating procedures and governance controls.
• Lead the development and implementation of prudent enterprise security standards, guidelines and procedures to protect the integrity, availability and privacy of all corporate information assets
• Ability develop and implement policies, standards, processes and procedures that are aligned with common control frameworks and regulatory standards such as COBIT, HIPAA/HITECH, HITRUST, NIST, ISO 27000 and PCI DSS.
• Ability to develop and perform risk assessments and security review processes that are that are aligned with common control frameworks and regulatory standards such as COBIT, HIPAA/HITECH, HITRUST, NIST, ISO 27000 and PCI DSS.
• Ability to develop metrics, measures and scorecards for to measure the effectiveness of the Enterprise Information Security - GRC Program.
• Ability to operate GRC Technology Solutions.
• Ability to support the operation and governance of Identity management / access control solutions, policies, process and technologies.
• Ability to develop, integrate and conduct Security Awareness Training and Communications.
• Ability to help project teams and IT owners comply with enterprise and IT security policies, industry regulations, and best practices.
• Ability to contribute to the alignment of security governance with EA, IT governance, project and portfolio management and business governance activities.
• Ability to research, design, operate and advocate new technologies, architectures, and security products that will support security requirements for the health system and its customers, business partners and vendors.
• Ability to contribute to the development and maintenance of the information security strategy.
• Ability to analyze business impact and exposure, based on emerging security threats, vulnerabilities and risks.
• Ability to effectively communicate security risks and solutions to leadership, business partners and IT staff.

Nice To Haves

• Master's Degree Computer Science, Information Technology, Business or related field Preferred
• Healthcare Experience is Preferred
• Progressive Leadership Experience Strongly Preferred
• Cybersecurity Risk Management Experience a Plus

Responsibilities

• Perform Governance, Risk Management and Compliance Controls, Processes and Technology
• Provide leadership with IT GRC platform and road map.
• Ensure that product request pipeline is aligned with IT risk management strategy.
• Govern and lead the IT GRC development efforts.
• Ensure IT GRC components fully support governance, risk and compliance processes.
• Create and develop requirements for reports and dashboards within GRC system to support THR Information security and risk management support needs.
• Directly partner with the Privacy, Entity Directors and Compliance to support audit functions, controls monitoring efforts and oversees risk processes.
• Support Texas Health entity leadership and ITS executives through the process of prioritizing security initiatives based on relevant business risk and regulatory compliance issues, financial implications, and alignment with the Texas Health strategic plan.
• Develop and create requirements for monthly and quarterly risk management reports and ensure timely report delivery.
• Lead supported IT Risk Management functional areas and process activities with THR risk stakeholders and delegate requirements and action items to risk management functional areas.
• Lead in the program support and reporting within the Information Security Governance Council, THR PCI workgroup, Privacy and Security Council and other steering group committees.
• Ensure that all THR Information Security controls are document and mapped to policy and technical solutions along with control effectiveness.
• Lead in delegating program function activities to support THR Information Security communication, training and awareness plans.
• Assist in the development, coordination and integration of the Information Security road-map and strategy.
• Provide leadership with the THR risk management processes and procedures and align with THR entity risks.
• Provide leadership and ongoing management of the IT risk register along with risk treatment plans.
• Provide, document and update risk treatment plan accordingly.
• Report and develop metrics, measures and scorecards for to measure the effectiveness of the Information Security Program and the supported program areas, including key performance indicators and key risk indicators.
• Lead and delegate IT risk management activities in program support program areas that leverages the THR risk analysis lifecycle and risk stratification process.
• Review and update IT risk scenario catalog to align with THR risk posture.
• Ensure program support team members are informed and use the risk scenario catalog.
• Review and update the IT risk management controls catalog and ensure control effectives as it relates to stratification process and risk scenarios.
• Review and update IT risk management metrics and measures catalog and ensure alignment with key performance and key risk indicators.
• Commission and authorized development activities, such as SharePoint, in support of the Information Security Program and alignment with IT GRC product road map.
• Perform Audits, Incident Management, Investigations, Risk Assessments
• Provides leadership and accountability in the support of the THR Information Security audit plan.
• Govern and lead efforts with the tracking and resolution of security incidents, issues management and exception processes.
• Support audit processes and supporting documents and ensure audits are processed on time and ensure program support team members are aware of audit tasks.
• Develop accurate audit documentation that is used by supported program team members and delegate audit tasks lists.
• Provide guidance and leadership on audits, incidents and assessments and ensure program team member execution.
• Support and help develop incident management processes and ensure incidents are coordinated and documented correctly.
• Provide continuous feedback loop into risk identification and risk analysis.
• Provide leadership from risk management perspective input into incident management policies and procedures.
• Lead efforts with security incident management with THR and ITS staffs.
• Ensure security incidents are reported and resolved in the appropriate time-frames.
• Develop and lead system and entity risk assessments to system owners within the prescribed timelines.
• Develop and coordinate and risk assessment with THR and ITS system owners.
• Provide governance on delegated risk assessment action items.
• Review and develop risk assessment content and align potential gaps with risk stratification process.
• Ensure training is provided by risk management team members to system owners on audits, security incidents and risk assessment practices, processes and procedures.
• Develop and create reports to THR risk stakeholders for audits, security incidents and risk assessments.
• Present final reports and provide recommendation on remediation activities.
• Provide governance on forensic investigations and reporting for security incidents.
• Provide input on security investigation requiring THR executives input or legal counsel communication.
• Support and Perform Information Security Continuous Monitoring Processes and Technology
• Lead and provide risk based decision support in the Information Security Review process.
• Ensure that all risk based decisions are documented in IT GRC.
• Develop processes and procedures to ensure that critical Information Security controls are being monitored and align with risk catalog.
• Develop processes and procedures to sustain and grow the IT risk management audit program and the continuous control monitoring efforts.
• Monitor ongoing threats to the THR enterprise network and communicate threats to leadership, employees and system administrators as necessary.
• Provide guidance on IT GRC issue management and escalate with THR risk stakeholders if necessary.
• Effectively communicate identified security risks and solutions to leadership, business partners and IT staff.
• As new systems are presented, research, design, operate and advocate new technologies, architectures, and security products that will support security requirements for the health system and its customers, business partners and vendors.
• Develop and deliver business impacts and exposure, based on emerging security threats, vulnerabilities and risks and develop reports to drive high risk vulnerability efforts.
• Review and stratify vulnerability management reports that include the assessment, analysis and reporting and remediation of vulnerabilities.
• Provide governance to ensure monitoring and tracking of vulnerability remediation
• Assess and report the impact of audit and risk findings and provide ITS owners with remediation and compensating control recommendations.
• Support and Evaluate/Measure the Effectiveness of Information Security Policies, Standards and Procedures
• Work and foster relationship with THR stakeholders (ITS and Non ITS) on the development of Information Security policies, standards and procedures.
• Lead and develop procedures for the effective risk assessments and audit of information security policies.
• Provide risk based decision support in the security exception process.
• Also help develop and integrate the procedures and processes for the submission and management of policy exceptions.
• Develop Information Security training and awareness products, track and report on Information Security awareness training effectiveness.
• Develop and communicate accurate Information Security reports and presentations.
• Perform ITSM Process Management
• Ensure risk management team follows change management, incident and problem management processes.
• Ensure all IT GRC activities are compliant with ITSM request, incident and change processes.
• Ensures all systems that fall within the scope of this position's duties are fully documented including risk management activities as it relates to change advisory board.
• Prioritizes team members work appropriately, carrying out and delegate assignments with the appropriate level of direction and completing tasks.
• Monitors team members work progress of project status, problems or obstacles and workload problems in a timely manner while mentoring/assisting others.
• Ensures team members are providing timely and accurate status reports while providing mentoring/assisting with team members and others.
• Develop complete and accurate structured system acceptance test plans.
• Executes testing and documents the results working independently while mentoring/assisting others.
• Develop and implement installation plans working independently while mentoring/assisting others.
• Provide communication to THR service desk on new processes or changes needed to support the IT risk management team.
• Monitor system performance statistics to ensure changes perform within standards.
• Leadership, Training, and Skills Development
• Coaches, mentors,and performs employee performance reviews.
• Shares work experiences and expertise with others while mentoring/assisting others.
• Lead, develop and mentor IT Risk Management professionals as well as contractors, vendors and services providers.
• Strives to improve business knowledge working independently, while mentoring/assisting others.
• Strives to improve technical knowledge with little or no supervision.
• Demonstrates comprehensive knowledge of multiple systems/applications and their integration while mentoring/assisting others.
• Demonstrates comprehensive knowledge of technical tools and techniques with little or no supervision.
• Provides technical guidance and/or business knowledge and direction to project team members, working independently, while mentoring/assisting others.
• Monitors industry trends for applicability working independently while mentoring/assisting others.
• Participates in THR Educational opportunities working independently while mentoring/assisting others.

Benefits

• career growth and professional development opportunities are top-notch
• benefits are equally outstanding