Sentara HealthRemote
Manager – IT Cybersecurity Compliance
Virginia, United States of America
Full Time
2 hours ago
No Visa Sponsorship
Key skills
Cyber SecurityExpressRisk Management
About this role
Role Overview
- The Manager – Cyber Security Compliance is responsible for establishing and maintaining the overall cyber security compliance program.
- This position will lead a team of cyber security compliance professionals by enabling a holistic compliance framework and assurance readiness for regulations, standards, and contract obligations within Sentara Healthcare.
- Managing and reporting on cyber security compliance in a manner that meets Sentara Healthcare’s requirements.
- Reporting to the Director of GRC in Cyber Security, this leader ensures compliance against regulatory, industry and contractual requirements.
- Further, set the strategy and drive effective process, methodology and technology solutions to support the cyber defense of Sentara Healthcare, focusing on continuous improvement, data protection, governance, risk management, and mitigation.
- As a domain expert in compliance and assurance, engage at management and technical levels to develop/refine strategy, identify control breakdowns, risks, and opportunities to deliver a comprehensive and robust compliance function.
- In addition, elevate how we engage with business and technology control owners.
- Establish a framework and process to execute readiness assessments for compliance against cyber security standards and requirements.
- Lead team of cyber security compliance professionals to measure compliance against a broad range of control requirements, both internally and externally.
- Ownership of cyber security compliance strategy, programs and related initiatives including regulatory audits and compliance management, Controls testing, medical device security, metrics and risk and performance indicators.
- Understand key security and compliance frameworks including but not limited to HIPAA, HICP 405(d), NIST800-171, SOC2, ISO27001, and laws/regulations.
- Manage compliance initiatives to ensure control effectiveness with applicable laws and regulations, as well as internal policies and procedures.
- Monitor activities of assigned IT areas to ensure control assurance of internal policies and standards.
- Participate in the development and implementation of new business initiatives involving compliance to ensure functionality required to support required compliance.
Requirements
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (Preferred) OR 7+ years in a cyber security management role, preferably in Governance, Risk or Compliance without a Bachelor's Degree (Required)
- Certification/Licensure CISSP (Certified Information Systems Security Professional)(Preferred)
- CISM (Certified Information Security Manager)(Preferred)
- CRISC (Certified in Risk and Information Systems Control)(Preferred)
- CISA (Certified Information Systems Auditor)(Preferred)
- 5+ years in a cyber security management role, preferably in Governance, Risk or Compliance with a Bachelor's Degree (Required)
- 7+ years in a cyber security management role, preferably in Governance, Risk or Compliance without a Bachelor's Degree (Required)
- Preferred candidates will have moved up through the ranks of Cyber Security Governance, Risk and Compliance.
- Experience with various industry regulations and frameworks (PCI, HIPAA, Data Privacy Laws, ISO27001/2, NIST, HITRUST, etc.)
- Experience with GRC tools such as Service Now, Archer, etc.
- Experience working in a highly regulated environment.
- Experience in information security and auditing with increasing responsibilities.
- Strong background in security controls, auditing, network, and system security.
- Ability to express complex technical concepts in business terms.
- Evaluate effectiveness of the internal security control framework and recommend adjustments as business needs change.
- Ability to build and manage a highly motivated team.
- Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.
- Proven ability to manage and mentor cyber security analysts at all levels.
Tech Stack
- Cyber Security
Benefits
- Medical, Dental, Vision plans
- Adoption, Fertility and Surrogacy Reimbursement up to $10,000
- Paid Time Off and Sick Leave
- Paid Parental & Family Caregiver Leave
- Emergency Backup Care
- Long-Term, Short-Term Disability, and Critical Illness plans
- Life Insurance
- 401k/403B with Employer Match
- Tuition Assistance – $5,250/year and discounted educational opportunities through Guild Education
- Student Debt Pay Down – $10,000
- Reimbursement for certifications and free access to complete CEUs and professional development
- Pet Insurance
- Legal Resources Plan
- Colleagues have the opportunity to earn an annual discretionary bonus if established system and employee eligibility criteria is met.