Information Security Manager
522 East 74th (between York Ave & FDR Drive) NY, NY 10021
The GRC Manager, Cyber Security & Risk Management is responsible for managing the “ Governance, Risk and Compliance” unit within the Cyber Security & Risk Management (CSRM) department. The candidate will ensure security and compliance for the public and private cloud, provide oversight, and direction to ensure cyber risk and audit findings are managed and communicated. In addition, this individual will develop, manage and enhance Business Continuity Planning, Identity and Access Management program and security awareness programs that are aligned with HSS and department objectives, HIPAA, NIST and organization’ s risk profile.
Principal Duties And Responsibilities
- Understand the opportunities and challenges facing business, mission, IT, and operational groups. Adjust security strategies, policies, and architecture to optimally balance institutional risk with business and mission objectives. Design and implement mechanisms to monitor adherence to strategies and policies and take corrective action as needed.
- Act as a SME for end to end management of findings for information security assessments for vendors, applications and biomedical devices, NIST Cyber Security Framework, HIPAA, Joint Commission, Meaningful use audits and penetration/vulnerability assessment findings.
- Maintain a formal risk register which drives security governance and ensures security funding is aligned with business objectives.
- Develop Key Risk Indicators which highlight top cyber risks for the organization to executive management and the board and Key Performance Indicators that demonstrate success of the security program along with its alignment to NIST and industry best practices.
- Work collaboratively with the other Directors, CMIO, CIO, Service Line Leads, Steering Committees and other key partners to develop a program strategy that meets the security, identity management, and business continuity needs of a cloud focused, highly complex and dynamic medical environment. Lead the development of public cloud (AWS/O365/Azure) security framework, identity management and business continuity projects, practices, and designs. Research and develop all aspects of cloud security, business continuity and identity management engineering and architecture.
- Develop and enhance a formal next generation security education and awareness program that delivers role based security education, is based on gamification concepts and leads to measurable improvement in building a risk aware culture at all levels Create and deliver information security concepts in simple and engaging manner through newsletters, social media, blogs, video, new employee orientation, townhalls and in person.
- Work closely with the Project Management Office (PMO) and other IT teams to define security, requirements, track issues and concerns, provide solutions, communicate identified vulnerabilities, and identify exceptions to policy. Ensure that PMO policies, procedures, forms, and workflows include appropriate security components so that projects incorporate appropriate risk-management and mitigation techniques and tasks.
- Bachelor’ s in Information Systems required.
- 7-10 years of security experience
- At least 3 years working in a regulated industry (healthcare preferred)
- At least 1-2 years implementing/using a GRC platform such as Archer, RSAM, ComplyAssistant or any other
- At least 1-2 years dealing with public cloud (AWS/Azure/O365) security and compliance
- Directly responsible performing and/or complying with security and compliance assessments in enterprise environments with at least 5K users
- Directly responsible for designing an Identity & Access Management, Business Continutiy and Security Education programs in enterprise environments with at least 5K users
- Strong knowledge of frameworks such as NIST Cyber Security Framework, Cloud Security Alliance, Center for Internet Security, COBIT & FedRAMP
- Working knowledge of HIPAA
- Strong analytical, problem solving and project management skills
- Excellent written and verbal communication skills; interpersonal skills
- Must possess a high degree of integrity and trust along with the ability to work independently as well as motivate others
- CISSP, CISM, C-RISC, CISA or other similar certifications
Recruiting Director, Cyber Security, Mobile & Infrastructure
Caroline joined the Connors Group in 2004 and is focused on recruiting for Cyber Security, Mobile & Infrastructure job opportunities. A confident communicator who is strongly motivated to succeed, Caroline relates warmly with others; easily establishing relationships with everyone she interacts with.
She believes that clients value consistency in delivering a certain caliber of talent and results in filling their critical vacancies. Paying close attention to their needs and delivering solutions that match their talent expectations is how she embodies quality service for the businesses that she works with! Candidates value relationships committed to truth, understanding of their needs, knowledge of the hiring landscape, and results. She delivers that by motivating the potential in others; connecting proficiency with possibilities!
Caroline is proud that - with her help… many of her candidates land their dream job and the companies she worked with land their dream candidate! She loves her job because of the positive influence imparted onto others. The impact of a recruiter is twofold: first, you can literally change the life of an individual by placing them in their dream job, and second, you can effectively change the direction and the success of a corporation with a single great hire in a key job (i.e. recruiting a young Derek Jeter to your baseball team.)
Continue to relate easily to others, communicate with candor, and find and place “top notch” candidates; are all long-term career goals. In addition, Caroline aims to be positioned in the market as a recruiter specialized in infrastructure and security placements. Caroline is bilingual in English and Spanish. She loves running, Pilates, nutrition, The New York Yankees and spending time with her family outside of the office.