Senior Manager IT Security Risk

Roles & Responsibilities:

The Senior Manager for IT Security Risk will lead a risk management team and partner closely with stakeholders across the organization to provide a structured process to assess and manage IT Security Risk for Medly. The role will align operations and IT to plan and support these programs by utilizing an inclusive, cooperative, and consensus-building process.

• Lead and manage the IT Security Risk Management project.

• Review and streamline the process for identifying and assessing IT Security Risk.

• Review and optimize process for conducting IT Security Due Diligence Reviews.

• Identify and incorporate applicable regulatory requirements for data protection and IT security into the risk assessment and management program.

• Work with key stakeholders to determine appropriate risk tolerance levels.

• Assist other departments such as Operations, Legal, Compliance, and Procurement in addressing IT risk related issues related to contracts and agreements.

• Assess layers of security (defense in depth) – e.g., perimeter, network, infrastructure/endpoint, application, data; cloud-hosted SaaS, PaaS, IaaS.

• Identify critical missing security controls and compensating or mitigating controls in place to reduce risk.

• Formally communicate in writing results of evaluation to parties responsible for addressing the security risks.

• Provide guidance to responsible parties on options to mitigate security risks.

• Maintain formal records of the due diligence work completed to evaluate and communicate security risks.

What you’ll gain:

• Competitive compensation and benefits
• Unlimited room for growth and development
• The ability to make a noticeable impact and improve lives

What you’ll need:

• Experience working with multiple simultaneous projects/applications at various stages with competing priorities and shifting timelines.
• A good understanding and proven work experience with various SDLC methodologies. 
• Project Management Professional (PMP) Certification a plus but not required.
• Ability to develop and maintain effective relationships with management, end users, project team members, and vendors. 
• Ability to interact effectively with technical personnel and with a wide variety of technical resources. 
• Knowledge and demonstrated ability to conduct detailed planning. 
• Excellent oral and written communication skills, and presentation skills.
• Comfort multitasking
• Composure, Integrity, and great interpersonal skills

Education

• Bachelor’s degree in Information Technology or appropriate experience required. 

Experience:

• Minimum ten years of experience in Information Technology (IT) jobs. Employment history should demonstrate increasing levels of responsibility.
• Minimum three years of experience in a combination of risk management and information security jobs.
• Knowledge and understanding of relevant legal and regulatory requirements such as Health Insurance Portability and Accountability Act (HIPAA).
• Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), SANS Global Information Assurance Certification Security Essentials Certification (GSEC) or other similar credentials, is highly desired.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and ones from NIST.
• Familiar with common IT security and cybersecurity risk frameworks, including NIST CSF, CIS, ISO
• In-depth experience with Identity Governance and Access Management Systems
• Familiar with information technologies for hardware and software, including the layers of firmware, operating systems, middleware, applications, device appliances.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
• Experience presenting to leadership and stakeholders
• High degree of initiative, dependability, and ability to work with little supervision.
• Poise and ability to act calmly and competently in high-pressure, high-stress situations.
• Must be a critical thinker, with strong problem-solving skills.
• Exhibit excellent analytical skills.
• High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.