Cybersucurity Risk Manager- REMOTE

Job Description: Cybersecurity Risk Manager

Position Overview:

As Sr. Manager, Cybersecurity Risk Management, you will be part of the overall information security risk management program and strategy, providing skilled leadership to build high-performing team(s), and engaging IT and Business leaders across a wide spectrum of projects. Your collaborative approach and exceptional communication skills will play a significant role in your success, as you engage and support colleagues inside and outside the organization. As part of this new Healthcare spinoff, you will have the opportunity to create an industry best-practice program that serves as a strategic enabler for the business.

Responsibilities:

1. Drive cybersecurity risk management taxonomy and framework/methodology including implementing an Enterprise Control Framework (ECF) utilizing NIST/HITRUST controls that align with Enterprise Risk Management (ERM) objectives.
2. Lead a team that performs risk assessments, identify, mitigate, and track risks across the enterprise, providing actionable data and recommended solutions to organization leadership.
3. Define standardized risk assessment and exception handling processes, including defining what constitutes an exception and the criteria for managing them.
4. Develop and execute a gold-standard information security governance strategy and program, driving a culture of transparency, integrity, and accountability.
5. Support cyber- and business resilience, ensuring the organization is well-prepared to counter risks to continuity of operations.
6. Develop security checkpoints against software and infrastructure development lifecycles, focusing on prevention and security by design.
7. Establish a Findings & Remediation program that identifies risk trends, provides actionable reports, identifies root causes, and collaborates to reduce risks and technical debt.
8. Scale programs to meet regulatory requirements and organizational risk appetite.
9. Establish and maintain data security governance, including classification, retention, retrieval, and disposal of records.
10. Monitor regulatory changes and industry standards.
11. Coordinate information transfer in compliance with policies and ensure proper execution of destruction orders.
12. Implement protocols to meet statutory, regulatory, ethical, and privacy requirements for physical and electronic information management.
13. Support data governance efforts, including data classification, retention, sharing, archiving, and privacy.

Qualifications:

• Extensive experience in Governance, Risk & Compliance, especially in Healthcare or highly regulated industries.
• Experience building and optimizing Enterprise Risk Management, Third Party Risk Management, Risk Quantification, Data Governance, and AI.

Nice-to-Have Skills:

• Certifications such as CISSP or equivalent, demonstrating ongoing learning.
• At least 7 years leading global IT, digital, or cybersecurity programs.
• Minimum 3 years leading Risk Management programs.
• Proven success in developing risk management policies, procedures, and best practices.
• Experience with frameworks like SOX, HITRUST, SOC2, PCI, ISO 27001/2, NIST, FedRAMP, StateRAMP, EIC 62443.
• Master's Degree in Computer Science, Information Security, or related field.
• Experience with external audits, regulatory communications, and compliance responses.
• Knowledge of legal and regulatory data protection laws (e.g., GDPR, CCPA).
• Supporting certifications such as CRISC, CISM.
• Experience leading Business Continuity and Cyber Resilience teams.