Director, Cybersecurity Risk Management

Overview

Required skills & experience (the 7 “must haves” to be considered) 1. Bachelor’s degree or equivalent work experience required 2. CISA, CISSP, CISM or other related certification is required 3. Minimum of 5-7 years of experience in a role coordinating information security and/or IT audit work 4. Minimum of 5 years of experience in a leadership role with multiple direct-reports 5. Demonstrated ability to manage multiple complex projects simultaneously 6. Ability to identify/assess business process and IT risks, design appropriate audit steps and plan, execute and close audits 7. Good working knowledge of SOX, HIPAA, HITECH, PCI and ISO principles, concepts and practices What you need to know - This is a full-time based in Dallas, TX - Relocation assistance is offered for the right candidate, but strong preference for local. Job summary The Director, Cybersecurity Risk Management is a senior information assurance leader with corporate responsibility to direct and oversee all enterprise information security risk assessment, risk remediation, and third-party cyber risk management functions. You will develop and implement strategy, vision and plans to manage information security risk to acceptable levels. This person will work closely with organizational leadership to understand business requirements to ensure identification of information related threats and vulnerabilities and alignment, implementation, and maintenance of controls according to risk profiles. The Director, Cybersecurity Risk Management manages IT Audit and Compliance Program Managers and teams as well as assisting the Chief Information Security Officer to develop and implement the enterprise information protection strategy. - Security Compliance (SRA): Develops programs and manages a team Information Security professionals to ensure risks to data are identified and mitigated in a timely fashion including the annual HIPAA / MU security risk analysis. Drives and tracks completion of individual SRAs for all hospitals, physician practices and outpatient centers. Ensures that Security Risk Analysis continues to meet evolving threat landscape and regulatory (e.g. HIPAA/Meaningful Use) requirements. - Security Compliance (Vendor): Develops and continually refines program and manages team that ensures vendors are properly vetted and that security posture of new and existing vendors is known prior to execution of contracts. - IT Audit: Develops multiple programs and manages team of IT Auditors / Analysts that ensure is meeting regulatory, legal and other governance obligations (e.g. SOX 404, HIPAA, PCI). Defines, implements, tracks, and drives completion of multiple audits as required to ensure internal controls are reliable. Identifies gaps in existing programs and assists in defining remediation plans. - Data Compliance: Manages team that develops and executes on programs to identify, classify and properly protect data in all areas of the company (data classification). Develops programs and leads team that defines, deploys and maintains continuous auditing plans to ensure that access to data is appropriate and that controls are effective across the enterprise.

Benefits