IT Security Risk and Compliance Manager

About the position Responsibilities • Provide supervision, guidance, and oversight of the WAHBE IT Security Risk and Compliance Team, ensuring effective execution of responsibilities and alignment with organizational goals. • Develop, maintain, and implement cybersecurity compliance deliverables, ensuring they are regularly updated to meet evolving Centers for Medicare & Medicaid Services (CMS), the Internal Revenue Service (IRS) and WAHBE requirements. Deliverables include but are not limited to System Security Plan, Safeguard Security Report, and Annual Attestation. • Conduct comprehensive and complex cybersecurity risk assessments to identify and evaluate potential threats and vulnerabilities. • Independently perform thorough risk analysis, leveraging advanced technical expertise to evaluate vulnerabilities, cyber threats, and the effectiveness of security controls. • Ensure security controls align with WAHBE IT Security standards and policies, while maintaining compliance with applicable federal regulations, including Centers for Medicare & Medicaid Services (CMS) and the Internal Revenue Service (IRS). • Develop and implement an Information security risk management framework including gap analysis, remediation timelines, regular reviews and updates. • Develop risk management metrics and reports to effectively communicate remediation efforts, risk treatment progress, and enhancements to WAHBE's overall security posture. • Develop, track, and coordinate risk mitigation plans for federal reporting including Corrective Action Plan, Plan of Action and Milestones. • Develop and implement processes to validate and verify the completion of remediation activities and reevaluate control effectiveness as needed to ensure ongoing risk mitigation. • Collaborate with Compliance Officer, Information Security Manager, Cloud/Infrastructure Manager, Lead Product Owner, Tech Ops and other IT stakeholders for risk mitigation and control implementation. • Manage Center for Medicare and Medicaid Services (CMS) and Internal Revenue Service (IRS) security audits and safeguard reviews. • Manage and support third party security risk assessment as mandated by federal regulations. Develop, track, maintain and coordinate resulting risk mitigation plans for any findings. • Maintain and update WAHBE's Information Security policies and procedures with evolving CMS, IRS and WAHBE requirements. • Review laws, regulations and legal agreements for security and privacy language to permit authorized, collection, use, maintenance, and sharing of Personally Identifiable Information (PII) and Federal Tax Information (FTI). • Foster innovation and manage risks during major transformations. • Provide regular briefings and updates to CISO and engage with Enterprise Risk and Compliance Committee. • Communicate any obstacles that hinder successful and timely completion of compliance deliverables to the CISO promptly. • Collaborate with external partners in alignment of technology, processes and procedures to meet WAHBE policy, state and federal regulations. • Work as liaison for technical, business and external partners for audits, assessments and reviews. • Recruit, hire, lead, mentor, and retain talented risk and compliance staff. • Other duties as assigned by the CISO. Requirements • Bachelor's degree in engineering or technology-related major and ten years of experience with increasing management responsibilities (minimum of 5 years' experience in staff management). • Five years of experience leading and managing staff and contractor resources within IT risk and compliance domains. • Excellent understanding of standards and guidelines to include CMS standards such as Minimal Acceptable Risk Standards for Exchanges (MARS-E 2.2) and Acceptable Risk Controls for ACA, Medicaid, and Partner Entities (ARC-AMPE) and/or Internal Revenue Service (IRS) standards such as Publication 1075. • Excellent understanding of audit processes, standards, and procedures. • Strong understanding of best practices in testing methods and metrics. • Upholds the highest ethical standards, demonstrating honesty, transparency, and consistency in words and actions. Takes responsibility for decisions, maintains confidentiality, and adheres to organizational policies and regulatory requirements. • Motivated self-starter with initiative to take independent action and accept responsibility for your actions. • Excellent project management skills and able to set clear timelines, defined roles, and practice effective change management. • Ability to prioritize and manage multiple projects simultaneously and follow-through on issues in a timely manner. • Strong interpersonal skills; ability to work with all levels of internal management and staff, as well as outside clients, vendors, diverse populations, stakeholder groups, and customers. • Skilled in resolving conflicts and addressing disagreements among team members by utilizing active listening and fostering open dialogue. • Creative and proactive problem solver; must possess the ability to make independent decisions and judgments about work priorities. • Well organized, flexible, proactive, resourceful, and efficient with strong attention to detail. • Strong understanding of contracting processes and procedures and contract management. • Ability to maintain a high level of confidentiality. Nice-to-haves • Excellent understanding of National Institute of Standards and Technologies (NIST) security guidelines, outlined in SP 800-53 Rev 5 and NIST Risk Management Framework (RMF), outlined in SP 800-37 Rev., • Proven ability to develop and implement change management strategies, including stakeholder engagement, communication plans, and training programs, to ensure smooth transitions and sustainable adoption of new processes or technologies. • Excellent verbal and written communication skills. • Demonstrates remarkable composure and resilience in fast-paced, high-pressure environments, consistently maintaining focus and delivering results. • Foster a positive and collaborative approach to risk management within a dynamic, fast-paced organizational culture. Apply tot his job Apply tot his job