Sorry, this job is no longer accepting applications. See below for more jobs that match what you’re looking for!

Information Security Manager

Expired Job

Hospital For Special Surgery New York , NY 10007

Posted 4 months ago


The GRC Manager, Cyber Security & Risk Management is responsible for managing the "Governance, Risk and Compliance" unit within the Cyber Security & Risk Management (CSRM) department. The candidate will ensure security and compliance for the public and private cloud, provide oversight, and direction to ensure cyber risk and audit findings are managed and communicated. In addition, this individual will develop, manage and enhance Business Continuity Planning, Identity and Access Management program and security awareness programs that are aligned with HSS and department objectives, HIPAA, NIST and organization's risk profile.


  • Understand the opportunities and challenges facing business, mission, IT, and operational groups. Adjust security strategies, policies, and architecture to optimally balance institutional risk with business and mission objectives. Design and implement mechanisms to monitor adherence to strategies and policies and take corrective action as needed.

  • Act as a SME for end to end management of findings for information security assessments for vendors, applications and biomedical devices, NIST Cyber Security Framework, HIPAA, Joint Commission, Meaningful use audits and penetration/vulnerability assessment findings.

  • Maintain a formal risk register which drives security governance and ensures security funding is aligned with business objectives.

  • Develop Key Risk Indicators which highlight top cyber risks for the organization to executive management and the board and Key Performance Indicators that demonstrate success of the security program along with its alignment to NIST and industry best practices.

  • Work collaboratively with the other Directors, CMIO, CIO, Service Line Leads, Steering Committees and other key partners to develop a program strategy that meets the security, identity management, and business continuity needs of a cloud focused, highly complex and dynamic medical environment. Lead the development of public cloud (AWS/O365/Azure) security framework, identity management and business continuity projects, practices, and designs. Research and develop all aspects of cloud security, business continuity and identity management engineering and architecture.

  • Develop and enhance a formal next generation security education and awareness program that delivers role based security education, is based on gamification concepts and leads to measurable improvement in building a risk aware culture at all levels Create and deliver information security concepts in simple and engaging manner through newsletters, social media, blogs, video, new employee orientation, townhalls and in person.

  • Work closely with the Project Management Office (PMO) and other IT teams to define security, requirements, track issues and concerns, provide solutions, communicate identified vulnerabilities, and identify exceptions to policy. Ensure that PMO policies, procedures, forms, and workflows include appropriate security components so that projects incorporate appropriate risk-management and mitigation techniques and tasks.


  • Bachelor's in Information Systems required.

  • 7-10 years of security experience

  • At least 3 years working in a regulated industry (healthcare preferred)

  • At least 1-2 years implementing/using a GRC platform such as Archer, RSAM, ComplyAssistant or any other

  • At least 1-2 years dealing with public cloud (AWS/Azure/O365) security and compliance

  • Directly responsible performing and/or complying with security and compliance assessments in enterprise environments with at least 5K users

  • Directly responsible for designing an Identity & Access Management, Business Continutiy and Security Education programs in enterprise environments with at least 5K users

  • Strong knowledge of frameworks such as NIST Cyber Security Framework, Cloud Security Alliance, Center for Internet Security, COBIT & FedRAMP

  • Working knowledge of HIPAA

  • Strong analytical, problem solving and project management skills

  • Excellent written and verbal communication skills; interpersonal skills

  • Must possess a high degree of integrity and trust along with the ability to work independently as well as motivate others

  • CISSP, CISM, C-RISC, CISA or other similar certifications


See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Information Security Manager

American Express

Posted 1 week ago

VIEW JOBS 11/30/2018 12:00:00 AM 2019-02-28T00:00 The position, located inNew York, is part of the Global Risk, Banking & Compliance organization andreports to the Director of Information Security and Information Technology RiskOversight. Strong information security and information technology are keycontributors to loyalty, trust and customer experience, and the American Expressbrand. Properly assessing, managing, and overseeing global informationtechnology and information security risk is critical to the Company's business. The successful candidatewill have a strong analytical, and capabilities background to support automationof reporting program and dynamic dashboards. The position requires teamplayer who is comfortable collaborating with a range of partners andstakeholders including compliance, legal, operational excellence, privacy, riskoversight, and many other partners to promote best information security andinformation technology throughout the enterprise. The successful candidate should demonstrate ability to support automation framework for information security and information technology risk reporting and monitoring program. More specifically, the skills and experience sought for this position include: * Work experience in the consulting, product development, analytics or big data technologies * Experienced with various tools such as SharePoint, Confluence and other automation workflow management tools * Experience with Machine Learning, Python and other analytical tools * Background in product, capability, stakeholder and technical project management * In-depth experience with desktop software and office automation tools (must be proficient in Microsoft products including MS Project) * IT working experience in the areas of Application Performance Management, application monitoring, network administration, system administration, performance engineering / testing, or Java/.NET development * Experience in software engineering and Object Oriented Programming (OOP) * Experience in enterprise level .NET or Java development/support/operations * Experience in web programming: JavaScript, AJAX and other JavaScript frameworks * Experience with application technologies (J2EE, .NET, Citrix, Microservices) * Experience with database technologies (Oracle, DB2, MS SQL) * Event Monitoring * Support Mission Control efforts of major product launches and critical changes through monitoring and customized presentation layer * Define processes, documentation and engineering diagrams for technical and operations support * Prioritize, complete and lead projects within budgetary and scheduling guidelines * Ensure issues are identified, tracked, reported on and resolved in a timely manner * Responsible for the quality of work in terms of the technical design, implementation, testing and alignment to technical compliance standards. * Provide lead support and direction to the team responsible for the overall health and maintenance of all infrastructure assets * Self-motivated individual who is able to combine exceptional problem-resolution and critical thinking skills with an ability to apply a business lens to recommendations * Collaborative and team-oriented approach to solving business problems * Proven ability to adjust quickly to shifting priorities, multiple demands, ambiguity and rapid change * Passion for excellence in people, processes and products * Strong relationship skills * Strong communication and negotiation skills combined with an ability to interact effectively with senior leaders, data consumers and technologies Preferred Qualifications * Experience in monitoring tools * Working in an agile/dev/ops environment Education & Professional Experience: * Bachelor's Degree in Computer Science, Information Systems, Engineering or Information Technology, Business Administration, or other related field preferred (or equivalent work experience) Depending on factors such as business unit requirements, the nature of the position, cost and applicable laws, American Express may provide visa sponsorship for certain positions. American Express New York NY

Information Security Manager

Expired Job

Hospital For Special Surgery