Job Information
Commonwealth Care Alliance Lead, IT Security Risk (Healthcare)(Remote) in Boston, Massachusetts
Why This Role is Important to Us:
Position Summary:
Reporting to Manager -- IT Security Risk Management and Business Resiliency.
Supervision Exercised:
- No
What You'll Be Doing:
Essential Duties & Responsibilities:
Lead the IT GRC function, including the development and reporting of IT GRC Metrics.
Document and communicate with business and IT regarding security risks and deficiencies.
Assess the adequacy of a vendor's security program to safeguard data.
Define and maintain a methodology that aligns to the NIST CSF and how CCA is structured regionally, and along business reporting lines.
Focus on developing and improving security processes, assisting in metrics development, both within the technology and business organizations.
Serve as advisors to the business by ensuring an ongoing awareness of identified risks.
Utilize expertise to identify evolving security threats and provide in-depth understanding of "if, how, and when" they should be addressed.
Conduct ongoing security assessments to ensure appropriate controls are in place.
Conducting security assessments through vulnerability testing and risk analysis.
Evaluate management, operational, and technical security controls in a system
Review and update security risk reporting, metrics, and process documentation
Align governance program with NIST Cyber Security Framework and other regulatory requirements.
Review policies, standards and procedures Monthly, Quarterly, and annually as per the audit requirements.
Promote awareness of applicable regulatory standards, upstream risks, and industry best practices.
Performing both internal and external security audits
Analyzing security breaches to identify the root cause.
Works with stakeholders to build plans and track progress against gaps.
Other duties as assigned.
Working Conditions:
- Standard office conditions.
What We're Looking For:
Required Education (must have):
- Bachelor's Degree or equivalent experience.
Desired Education (nice to have):
Master's degree or higher in an IT or risk management related field.
Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor (CISA)
Required Experience (must have):
Minimum of 8 years of experience working in cyber security
6-8 years relative experience in Risk Management, Security, Audit and/or in a similar role
8 years of experience with regulatory compliance and information security management frameworks (e.g., International Organization for National Institute of Standards and Technology [NIST] 800, Standardization [IS0] 27000, COBIT)
Extensive experience in IT and Health Care, with focus on IT process, risk management.
Sound knowledge of and experience in HealthCare IT Security.
Experience working with legal, audit and compliance staff.
Excellent time management skills with the ability to meet deadlines.
Ability to work with minimum supervision and to accept and evolve with changes in policies and procedures.
Excellent prioritization capabilities with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.
Experience with providing guidance for the NIST security and privacy controls and for providing sufficient documentation and artifacts for each control in the GRC tool.
Proven experience in Third-Party Risk management, including assessing and managing risks associated with third-party vendors.
Desired Experience (nice to have):
Experience with cloud security and Cloud-based risk management.
Proficiency in Security automation and orchestration.
Involvement in industry groups or committees focused on IT Security and Risk Management.
Ability to develop and implement TPRM strategies, ensring compliance with organizational and regulatory requirements.
Required Knowledge, Skills & Abilities (must have):
Proficiency in performing risk, business impact, control, and vulnerability assessments, and in defining treatment strategies.
The ability to interact with CCA personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives.
Organized, responsive and highly thorough problem solver
Flexible work schedule to troubleshoot escalated issues out of hours and apply production changes
Excellent time management skills with the ability to meet deadlines
Good oral and written communication skills
Ability to work with minimal supervision
Ability to accept and evolve with changes in policies and procedures
Knowledge of compliance requirements including HIPAA/HITECH, PCI, SOX.
Understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business.
Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.
CRISC, CISSP, CISA
Required Language (must have):
- Fluent in English (bilingual is a plus)
EEO is The Law
Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled
Please note employment with CCA is contingent upon acceptable professional references, a background check (including Mass CORI, employment, education, criminal check, and driving record, (if applicable)), an OIG Report and verification of a valid MA/RN license (if applicable). Commonwealth Care Alliance is an equal opportunity employer. Applicants are considered for positions without regard to veteran status, uniformed service member status, race, color, religion, sex, national origin, age, physical or mental disability, genetic information or any other category protected by applicable federal, state or local laws.
Commonwealth Care Alliance
-
- Commonwealth Care Alliance Jobs
