Cyber Security Governance Risk and Compliance Manager

Our patients are our number one priority! We're committed to giving children back their childhood!

Job Posting Title:

Cyber Security Governance Risk and Compliance Manager

Location:

Dallas - Shared Services

Additional Posting Details:

M-F 8-5A

Job Description:

Duties/Responsibilities

•    Develop and maintain the organization's cyber governance, risk and compliance strategy, framework, and roadmap, and ensure alignment with the organization's vision, mission, values, and objectives.
•    Establish and enforce cyber policies, standards, and procedures, and provide guidance and support to stakeholders on cyber governance, risk and compliance matters.
•    Conduct cyber risk assessments and audits, identify and evaluate cyber risks and controls, and recommend and implement appropriate mitigation measures and action plans including contract reviews, IT or business process reviews, and action plans from prior risk assessments as applicable.
•    Monitor and report on the performance and effectiveness of cyber controls and compliance, and identify and address any gaps or issues.
•    Responsible for maintaining audit/assessment documentation (controls inventory, risk register, policies and procedure, risk assessments and associated remediation plans, and other commonly requested policy and compliance documentation) for ready representation when Scottish Rite for Children (“SRC”) undergoes audits or assessments.  
•    Liaise and collaborate with internal and external stakeholders, such as senior management, IT, legal, audit, regulators, vendors, etc., on cyber governance, risk and compliance initiatives and activities.
•    Stay abreast of the latest cyber trends, threats, regulations, and best practices, and provide advice and recommendations on how to improve the organization's cyber posture and resilience.
•    Perform other duties as assigned by the supervisor or director.
•    Responsible for reviewing opportunities within IT operations to standardize or improve processes, naming conventions, unautomated (undefined or vaguely defined) processes and facilitate the documentation and operationalization of these processes into an appropriate workflow engine (helpdesk software, ERP system, etc.)
•    Follows all SRH Policy, Procedures, Standards, and Guidelines.
 

Required Skills/Abilities

A bachelor's degree in computer science, information systems, cybersecurity, or a related field, and a minimum of five years of experience in cyber governance, risk and compliance, or a similar role.
- A certification in one or more of the following: CISSP, CISM, CRISC, CISA, or equivalent.
- A strong knowledge of cybersecurity best practices, frameworks, and standards, such as NIST, ISO, COBIT, PCI-DSS, etc.
- A solid understanding of cyber risks and threats, and the ability to evaluate and mitigate them.
- A proven track record of developing and implementing cyber policies, standards, and procedures, and ensuring adherence to them across the organization.
- Excellent communication, presentation, and interpersonal skills, and the ability to communicate technical concepts to non-technical audiences.
- A high level of analytical, problem-solving, and decision-making skills, and the ability to prioritize and manage multiple tasks and projects.
- A strong sense of ethics, integrity, and professionalism, and the ability to handle confidential and sensitive information.