Manager, Information Security and Risk Management

Job Description: • Provides Information Security and Risk Management services for the Organization • Works with peers within security, HM Health Solutions customers and application teams to ensure alignment with current and future security needs • Manages activities of various Information Security personnel • Makes decisions on personnel actions (promotions, hiring, terminations, etc.) • Develops talent, addresses resource management, cultivates capabilities of staff, planning and coordination of work, and managing performance • Conducts the oversight of security technology products for network, systems, and data • Controls expenses within the operating unit and is responsible for meeting budget goals • Actively contributes to the Information Security and Risk Management (ISRM) strategic planning process by working with the Directors to develop and implement department strategic plans and action steps that support the corporate strategic objectives • Actively involved in the coordination, implementation, problem solving, communication, and training of new technologies and processes, as they are developed and moved into the environment • Develops and presents Information Security awareness and training programs Requirements: • 7 - 10 years in Information Security and/or Information Risk Management and/or Information Technology • 7 - 10 years in developing, communicating and presenting Information Security and Risk Management concepts to varying audiences • 1 - 3 years in mentoring others in a leadership role • 1 - 3 years in Staff Management • 1 - 3 years in developing and executing strategic plans to realize business objectives • 10 - 15 years in Information Security and/or Information Risk Management and/or Information Technology (Preferred) • Experience managing an information security function using HITRUST CSF, or the NIST 800-83 cyber security framework • Experience supporting SSAE 16 or SOC 2 Security Trust Principle audits • Experience establishing budgets and meeting fiduciary goals • Security industry organization participation/leadership (HITRUST, ISACA, InfraGard, ISC2, ISSA, etc.) • Certifications: CISSP, CISM, CRISC, ITIL (Preferred) • Knowledge of regulatory requirements such as HIPAA, PCI DSS, and FIPS-140 • Strong teamwork and interpersonal skills • Experience in leading process improvement initiatives • Ability to motivate high performance, multi-discipline teams • Demonstrated competency in project execution • Demonstrated abilities in relationship management • Travel Requirement: 0% - 25% • Languages (Other than English): None Benefits: Apply tot his job