You are here
IT Security Risk Manager | HIPAA Security Officer
IT Security Risk
ISO 27001:2013 | HIPAA Policy
About Our Client
The Information Security Risk Manager functions as the firm's HIPAA Security Officer.
As a leader within the Information Security Team, the Information Security Risk Manager takes a central role in actively promoting a culture of information security throughout the organization.
The scope of this position is firm wide and requires a thorough understanding of all the IT systems the firm uses, and how those systems are secured.
The Information Security Risk Manager advises the Information Security Team on emerging vulnerabilities and newly introduced risks to firm systems, and takes a proactive approach in continually assessing the security of firm systems throughout their lifecycle, providing recommendations for enhancing security and adapting to new threats and vulnerabilities.
- Proactively manage the firm's ISO 27001:2013 Information Security Management System ensuring continual compliance and ongoing eligibility for annual recertification
- Monitor compliance with the firm's HIPAA policies and procedures
- Recommend changes/enhancements to the firm's HIPAA policy based upon the evolving threat landscape
- Coordinate the firm's vulnerability management program
- Develop and manage the firm's vendor risk management program
- Respond to client audit and related requests
- Coordinate third party technical risk assessments and related audit activity
- Serve as a subject matter expert for information security risk management principles and practices.
- Perform internal technical risk assessments/audits
- Produce and maintain information security documentation including, but not limited to policies, procedures, standards, guidelines and diagrams
- Proactively assesses potential items of risk and opportunities of vulnerability in the network
- Assist in the development and knowledge transfer to all junior team members, as well as other IT group members
The Successful Applicant
- Bachelor of Science in a technology related discipline or 3 years of relevant experience
- 5-7 years of experience in dedicated information security risk management or governance role
- 3-5 years of experience in information technology in an area such as; networking, desktop engineering, programming or systems administration
- Strong knowledge of ISO 27001:2013
- Strong knowledge of risk management frameworks including; ISO 27005, OCTAVE, NIST and COBIT 5
- Strong knowledge of the global data security regulatory environment
- Strong knowledge of HIPAA and the HiTech act
- Strong knowledge of technology risk management concepts and their application
- Strong knowledge of security implications involving a variety of technologies including but not limited to; Microsoft, Cisco, Unix/Linux, and other market leaders in technology solutions, including mobile devices.
What's on Offer
Base Salary + Bonus