Support The George Washington University Medical Faculty Associates (GW MFA) by identifying, assessing, and mitigating risks to data, systems, and technology environments
Partner closely with internal teams, leadership, vendors, and affiliates to strengthen IT governance, risk management, and compliance practices
Conduct comprehensive security and third-party risk assessments
Identify risks and recommend remediation strategies
Evaluate, develop, and recommend information security assessment tools, processes, and techniques
Develop and deliver HIPAA security training and awareness programs
Collaborate with stakeholders to identify, track, manage, and report security risks
Build, enhance, and support security operations capabilities
Develop, implement, and maintain security policies, standards, and procedures
Support and coordinate compliance-focused programs and initiatives
Mentor and support team members on information security practices and standards
Participate in a 24x7 on-call rotation for Information Security

Bachelor’s degree in Computer Science, Information Security, or a related field preferred
Equivalent combination of education and relevant experience will be considered
Certifications (Preferred) CISSP CISM CISA SANS certifications Security+
Working knowledge of HIPAA Security Rule , NIST Cybersecurity Framework , and PCI requirements
Understanding of information security frameworks and industry best practices
Experience supporting enterprise security operations
Experience working in virtualized and cloud environments
Familiarity with Electronic Health Record (EHR) systems , PACS, and connected medical devices
Hands-on experience implementing, operating, and maintaining security tools and technologies
Ability to independently manage security assessments and security-related projects
Change management and project management experience preferred

Information Security Manager

Key skills