Manager, IT Security Risk Management

Location:

Department:

Shift:

Standard Weekly Hours:

Summary:

The Manager of IT Security Risk Management is responsible for the CCHCS information security risk management (ISRM) program within the Information Security Office. ISRM supports the CCHCS mission through the use governance, risk and compliance activities that detect, prevent or mitigate threats to confidentiality, integrity and/or availability of information resources. In addition to mentoring, coaching and developing staff members, the Manager will utilize the components of the risk management program to identity, quantify and monitor risk on-behalf of CCHCS stakeholders. He/she will ensure stakeholders have sufficient decision information with regard to balancing operational/business needs with risk including any activities that could lead to a violation of federal/state regulations and/or CCHCS policy. The Manager will recommend administrative and technical controls to enforce compliance with CCHCS policies as well as guidelines and standards set forth by the Information Security Office. He/she will be responsible for reporting key performance indicators that will be used to gauge the effectiveness of the risk management program and foster an environment of continuous process improvement.
 

Qualifications:

• Bachelor’s degree in the field of computer science and 10 years of professional IT experience in progressively responsible roles.

• At least 5 years of experience leading and/or building information security risk management programs that comply with regulations such as FISMA, FERPA, HIPAA, PCI/DSS, and the Texas Identity Theft Prevention Act.

• At least 3 years assessing or implementing security frameworks such as NIST CSF or HITRUST CSF.

• At least 3 years of professional experience managing at least two or more individuals.

Preferred:

• Required qualifications plus 3 years of experience working with Governance, Risk and Compliance tools such as Archer or ServiceNow.

• Additional 3 years of professional experience with technical writing and enterprise security document creation.

• Additional 3 years of technical knowledge of industry enterprise security solutions including vulnerability scanners, data loss prevention, intrusion detection and prevention, firewalls, Mobile Device Management, or other solutions.

About Us:

Cook Children's Health Care System

Cook Children's Health Care System offers a unique approach to caring for children because we are one of the country's leading integrated pediatric health care delivery organizations. Patients benefit from the integrated system because it allows Cook Children's to use all of its resources to treat a patient and allows for easy communication between the various companies by physicians with a focus on caring for children and adolescents.

Cook Children’s is an equal opportunity employer. As such, Cook Children’s offers equal employment opportunities without regard to race, color, religion, sex, age, national origin, physical or mental disability, pregnancy, protected veteran status, genetic information, or any other protected class in accordance with applicable federal laws. These opportunities include terms, conditions and privileges of employment, including but not limited to hiring, job placement, training, compensation, discipline, advancement and termination.