Our company is focused on delivering IT security, operational risk, and regulatory compliance services with a mission to be our clients’ long-term, trusted security, risk management, and compliance advisors. Our handpicked team ensures every customer’s confidentiality, integrity, and availability through world-class, enterprise-wide information security services and solutions that are scalable, repeatable, and affordable. Our experience further establishes us as an authoritative resource for PCI DSS, HIPAA, NIST, and ISO, as well as other standards, frameworks, and regulations.
You will participate in transforming challenging technical issues into logical business objectives. In a world of technological change, our company helps you to take control.
Job Description
Are you an expert in healthcare related risk management, security and compliance. Are you a senior level information security professional with 10+ years of experience in conducting risk assessments and audits for healthcare organizations, financial institutions and/or other industries? Are you currently in a position, or ready to take the next step, to lead and grow a business line? If so, we have a great opportunity for you.
The Senior Manager, Risk Assessment Services will be responsible for the Risk Assessment Services Business line that consists of healthcare-based comprehensive risk assessments, HIPAA assessments, and risk assessments for various industries assessing against multiple standards and frameworks, such as NIST 800-53, NIST Cybersecurity Framework, ISO 27001/27002, FFIEC, etc. The Senior Manager will be expected to develop a business plan to grow the Risk Assessment Services business line that includes 1- and 3-year revenue growth projections. The Senior Manager will work with leadership, marketing and the sales team establish KPIs that will support the business plan. Finally, the Senior Manager will be the senior-level security assessor that is a Subject Matter Expert in HIPPA, NIST, etc., managing and completing complex assessments and services, as well as leading the team of security assessors on multiple risk assessment projects. Successful candidates must possess excellent leadership skills, strategic, operational, and tactical understanding of a business, deep technical knowledge, risk management, and project management experience, as well as exhibit maturity, confidence and strong communication and time management skills.
Requirements:
- At least 10 years of experience in conducting risk assessments or managing internal compliance. Experience in HIPAA, HITRUST, NIST and ISO 27001 risk assessments preferred. Equivalent experience to be considered.
- Minimum of 15 years in Information Security, Cybersecurity Audit and/or Compliance
- Management experience in running a business unit, business line, department, division, etc. is preferred.
- More than 5 years of experience in roles specific to technical controls
- Knowledge of and demonstrated practical experience preferred includes:
- Security architecture
- Configuration management
- Vulnerability management
- Policy and procedure development.
- Writing detailed technical reports and Executive Summaries.
- Project management and PMBOK best practices including time management, delivery, and communications
- NIST and HIPPA risk assessments
- FFIEC and/or NCUA cybersecurity assessments
- Strong written and oral communication skills.
- Ability to translate technical knowledge to non-technical audiences
- Experience with both client and executive communications
- Professional certifications including CISSP, CISM, ISO 27001 Lead Auditor, CISA, CRISC, PMP, and/or ITILv3F preferred.
- Payment Card Industry (PCI) certification including QSA, ISA, and/or PCIP is a plus.
- Bachelor’s degree, preferably in Information Technology, Computer Science, or Business; or equivalent experience required.
- Master’s Degree preferred.
- Candidates must be willing to travel up to 35% of the time.
Compensation:
- $120,000 to $125,000 plus bonus
Leaders in the Arena is proud to be a “fair (second) chance” company that provides equal employment opportunities to all employees and applicants. We prohibit discrimination in employment and harassment on the basis of race, color, sex, gender identity, sexual orientation, age, disability, religion, national origin, genetic status, veteran status, or any other characteristic protected by applicable law. This policy applies to all terms and conditions of employment, including recruitment, hiring, transfer, promotion, compensation, discipline, and termination.