As a dedicated IT security pro, you don’t need the likes of us to tell you how fulfilling it is to stand on the front lines between institutions or individuals and utter disaster — but we humbly submit that in the case of an enormous medical school and hospital, those stakes are even higher, and thus the work even more fulfilling. As the manager of IT security risk at this prestigious organization, you’ll make sure its systems are fully compliant with regulations and requirements while keeping a wicked eye out for new threats and ensuring that the team is fully prepared to neutralize and/or mitigate those threats. It’s super-important work for an institution that’s in the heady business of saving lives. We think you’d love it.
The team you manage will carry out information security risk assessments on an ongoing basis — that means on the tech solutions that are in place as well as on new and proposed ones. Every risk you identify will generate a remediation plan, which you’ll oversee and track, sharing best practices to guide the team. Where security requirements can’t be met, you’ll advise on alternatives.
Speaking of advisement, you’ll provide expert advice around the entire risk framework and the institution’s policies, standards and guidelines, helping to shape and improve them. Every quarter, you’ll contribute to risk-posture reports for the medical center’s business partners. You’ll evangelize IT security throughout the organization and you’ll keep yourself up-to-the-minute on current and emerging threats.
Hired Gun Proﬁle
It’s been at least six years for you now in this biz, a period in which you’ve learned tons about leading security and compliance efforts in big and complex IT organizations with very different types of users. The core technology infrastructure is as familiar to you as your kitchen: databases, servers, firewalls, VPNs, Internet technologies. Your sphere of responsibility has encompassed nearly every facet of security: governance, frameworks, scorecards, dashboards, processes and tools. Tools? Yeah, like Symantec CCS, Archer GRC, Modulo Risk Manager, that kind of thing. You’re fully conversant on the ins and outs of all the relevant regulations and standards — HIPAA, Meaningful Use, FISMA, PCI — and have experience interacting with the regulators themselves, as well as with internal and external auditors. Certification-wise, you’ve got so many they barely fit on your sash: CISSP, CISM, CISA, ISO 27001 Auditor, LSS Green Belt, CRISC, CIPP, CGEIT, ITIL or HAL 9000 (we threw that last one in).
Finally, you’re a self-starter who’s a stickler for detail and who communicates extremely well. You also juggle concurrent responsibilities like a real boss.
You’re probably used to this sort of thing, but we’ll mention it just to be clear: You’ll work on-site through the week but will be expected to be available on call as needed.
For a driven, analytical security pro, this is an outstanding chance to do senior-level work at a highly respected organization that also happens to take very good care of its employees.
All qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, creed, age, sexual orientation, veteran status, marital status, disability, or any other status protected by applicable law.