Sr. Manager - Cyber Security Risk

Sentara Healthcare is seeking to hire a qualified individual to join our team as a Sr. Manager – Cyber Security Risk Professional to join our Cyber Security team!

Position Status: Full-time, Day Shift

Position Location: This position is 100% remote.

Standard Working Hours: 8:00AM to 5:00PM (ET).

Minimum Requirements:

• Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.
• Experience with GRC tools such as Service Now, Archer, etc.
• Experience working in a highly regulated environment.
• Experience with various industry regulations and frameworks (PCI, HIPAA, Data Privacy Laws, ISO27001/2, NIST, HITRUST, etc.)
• Ability to express complex technical concepts in business terms.
• Evaluate effectiveness of the internal security control framework and recommend adjustments as business needs change.
• Regularly interact with all levels of management to present and discuss control effectiveness.
• Strong background in security controls, auditing, network, and system security.
• Experience with risk tools such as RiskRecon, SecurityScorecard, SAFE, CORL, etc.
• Experience or understanding of risk processes and solutions.

As the third-largest employer in Virginia, Sentara Healthcare was named by Forbes Magazine as one of America's best large employers. We offer a variety of amenities to our employees, including, but not limited to:

• Opportunities for further advancement within our organization
• Medical, Dental, and Vision Insurance
• Retirement funds with matching contribution
• Paid Annual Leave, Sick Leave
• Supplemental insurance policies, including legal, Life Insurance and AD&D among others.
• Flexible Spending Accounts
• Work Perks program including discounted movie and theme park tickets among other great deals

Sentara employees strive to make our communities healthier places to live. We're setting the standard for medical excellence within a vibrant, creative, and highly productive workplace. For information about our employee benefits, please visit: Benefits - Sentara (sentaracareers.com)

Join our team! We are committed to quality healthcare, improving health every day, and provide the opportunity for training, development, and growth!

Note: Sentara Healthcare offers employees comprehensive health care and retirement benefits designed with you and your family's well-being in mind. Our benefits packages are designed to change with you by meeting your needs now and anticipating what comes next. You have a variety of options for medical, dental and vision insurance, life insurance, disability, and voluntary benefits as well as Paid Time Off in the form of sick time, vacation time and paid parental leave. Team Members have the opportunity to earn an annual flat amount Bonus payment if established system and employee eligibility criteria is met.

For applicants within Washington State, the following hiring range will be applied: $112,756 - $209,000.

#Dice

The Sr. Manager – Cyber Security Risk is responsible for establishing and maintaining the overall cyber security risk management program. This position will lead a team of cyber security risk management professionals responsible for identifying, evaluating, managing, and reporting on cyber security risks in a manner that meets Sentara Healthcare’s requirements. Reporting directly to the Chief Information Security Officer, this leader will work proactively across a broad range of business lines, regions, and stakeholders to proactively identify and mitigate technology and information risk. The risk team is responsible for providing oversight and governance of technology and information risk related activities and to ensure management awareness through transparent reporting of our security risk posture.

Essential Responsibilities:

As a leader who enjoys solving complex issues and collaborating with key internal and external stakeholders, you will be accountable for driving the successful implementation of an innovative and effective cyber security risk management program.

Primary Responsibilities:

• Work closely with internal groups such as Human Resources, Enterprise Risk Management, Internal Audit, Privacy, Legal, and Compliance on matters of policy and risk management.
• Be responsible for overall cyber security risk management using continuous self-assessments and executive reporting.
• Provide continuous input to the CISO and help measure the cyber security risk posture of Sentara Healthcare.
• Manage and operate the third-party security risk management program and team.
• Identify, recommend, and, when applicable, execute appropriate measures to manage and mitigate risks and reduce potential impacts on information resources to a level acceptable to the senior management of the company.
• Understand key security and rick frameworks including but not limited to HIPAA, HITRUST, NIST800-171, PCI, and laws/regulations.
• Develop and improve KPI/KRIs, metrics, risk register and trending.
• Lead team of cyber security risk professionals to design, implement and operationalize Sentara Healthcare’s risk management program.
• Provide management oversight and serve as the leadership point of contact for the cyber security risk team.
• Provide leadership and engage with the business to perform security assessment and ensure timely execution of projects and program while mitigating any security risks.
• Mentor, coach, and train security staff.
• Ownership of cyber security risk strategy and programs including 3rd party risk, metrics, risk and performance indicators, executive and board reporting, security integration and assessment of M&A and related ventures.

Desired Characteristics:

• Experience with project management and execution of multiple simultaneous and / or large projects.
• Strong functional team player with experience working seamlessly across a matrix structure.
• Excellent interpersonal, written/verbal communication and leadership skills with the ability to make recommendations to all levels of the organization.
• Agile, LEAN or Six Sigma experience.
• Strong analytical skills – strong problem-solving skills, communicates in a clear and succinct manner and effectively evaluates information/data to make decisions; anticipates obstacles and develops plans to resolve.
• Demonstrated customer focus – evaluates decisions through the eyes of the customer; builds strong customer relationships and creates processes with customer viewpoint.
• Change oriented – actively generates process improvements; supports and drives change and confronts difficult circumstances in creative ways. Self-motivated, self-directed, flexible, and able to work under pressure and in fast paced team environment.
• Demonstrated ability to lead and motivate staff and to apply skills and techniques to solve dynamic problems.
• Strong problem solving, prioritization, presentation, and facilitation skills with the ability to make recommendations to all levels of the organization.
• Experience leading and influencing cross-functional teams/projects.

Requirements:

• Experience working in a highly regulated environment.
• Experience with various industry regulations and frameworks (PCI, HIPAA, Data Privacy Laws, ISO27001/2, NIST, HITRUST, etc.)
• Experience with risk tools such as RiskRecon, SecurityScorecard, SAFE, CORL, etc.
• Regularly interact with all levels of management to present and discuss control effectiveness.
• Experience with GRC tools such as Service Now, Archer, etc.
• Experience or understanding of risk processes and solutions.
• Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.
• Strong background in security controls, auditing, network, and system security.
• Ability to express complex technical concepts in business terms.
• Evaluate effectiveness of the internal security control framework and recommend adjustments as business needs change.

Experience in lieu of Bachelor’s Degree

• Bachelor's Level Degree