Cybersecurity Risk Manager

It's fun to work in a company where people truly BELIEVE in what they're doing!

We're committed to bringing passion and customer focus to the business.

Department:
Information Technology

Under the general direction of the general direction of the Director of Information Technology (IT).

The Cybersecurity Risk Manager is responsible for overseeing, implementing and managing compliance with the organization's information security program.

This role involves developing and maintaining security policies, procedures, risk register, and security standards to protect sensitive data and ensure compliance with HIPAA and other relevant regulations and selected security standards.

The incumbent is responsible for assessments, conducting training, and managing security controls for the organization.



* Collaborates with the Director, Information Technology and stakeholders to develop, implement, and maintain, security process for the organization that aligns with chosen industry practices and regulatory requirements.



* Manages appropriate governance, risk, and compliance (GRC) activities to maintain and improve cybersecurity posture.



* Conduct regular risk assessments to identify and prioritize potential security threats and vulnerabilities and develop mitigation strategies to address the risks as prioritized.



* Develops and implements cybersecurity controls that are aligned with policy.



* Maintain the incident response plan to effectively manage and respond to security incidents.



* Serves an advisory role for legal and privacy teams in matters of policy violations and manage security events; assist with legal matters associated with such violations as necessary.



* Ensures organizational compliance in accordance with information security policies, standards and procedures.

Manages the exceptions process and documents all exceptions.



* Acts as a Focal point for all information security related audit work (internal & external).

Coordinates with auditors in the execution of audits.

Develops a strategy for handling audits and external assessment processes for relevant regulations.



* Ensure compliance with HIPAA, HITRUST and other relevant regulatory frameworks by conducting regular audits and assessments.



* Assesses information systems under consideration for procurement for cyber risk.



* Develop and maintain security awareness training programs for staff, providers, and other system end users to best practices for upholding and complying with our systems security policies, procedures and best practices.



* Collects data and provides regular reporting on the current status of the information security program metrics to management and executive leadership.



* Develop and maintain a program to ensure that processes and controls related to patch management are observed and reported.



* Tracks metrics and reporting for established framework to measure the efficiency and effectivene...