How you move is why we’re here. ®
Now more than ever.
Get back to what you need and love to do.
The possibilities are endless…
Now more than ever, our guiding principles are helping us in our search for exceptional talent – candidates who align with our unique workplace culture and who want to maximize
the abundant opportunities for growth and success.
If this describes you then let’s talk!
HSS is consistently among the top-ranked hospitals for orthopedics and rheumatology by U.S. News & World Report. As a recipient of the Magnet Award for Nursing Excellence, HSS was the first hospital in New York City to receive the distinguished designation. Whether you are early in your career or an expert in your field, you will find HSS an innovative, supportive, and inclusive environment.
Working with colleagues who love what they do and are deeply committed to our Mission, you too can be part of our transformation across the enterprise
Assistant Director, Cybersecurity Strategy, Governance & Risk
(Based in New York City – Onsite 4 days per week)
Overview:
The Assistant Director, Cybersecurity Strategy, Governance & Risk is responsible for managing the Strategy, Governance, and Risk team in the Cybersecurity & Risk Management (CSRM) department. The successful candidate will play a critical role in developing and implementing comprehensive cybersecurity governance, risk, and compliance strategies, policies, and controls to safeguard our organization’s information and our reputation. You will lead the development and execution of our GRC program, ensuring alignment with our cybersecurity strategy, industry standards and regulatory requirements. Your expertise will be essential in promoting ethical conduct, cybersecurity risk management, and adherence to compliance standards throughout our organization. You will also deliver an interactive and compelling security awareness program that is aligned with HSS and department objectives, HIPAA, NIST and our organization’s risk profile.
PRINCIPAL DUTIES AND RESPONSIBILITIES
- Strategy Development and Implementation:
- Work collaboratively with the other Directors, CMIO, CIO, CISO, Service Line Leads, Steering Committees and other key partners to implement a Cybersecurity Strategy that meets the security, identity management, and business continuity needs of a cloud focused, highly complex and dynamic medical environment. Collaborate on the development of public cloud (AWS/O365/Azure) security frameworks, identity management and business continuity projects, practices, and designs.
- Develop and oversee the implementation of the Cybersecurity strategy aligned with the company’s business goals and legal requirements.
- Understand the opportunities and challenges facing business, mission, IT, and operational groups.
- Adjust cybersecurity strategies, policies, risk management levers to optimally balance institutional cyber risk with business and mission objectives.
- Design and implement mechanisms to monitor adherence to strategies and policies and take corrective action as needed.
- Policy & Procedure Management:
- Develop, maintain, and oversee Cybersecurity policies and procedures to ensure they are in accordance with applicable laws, regulations, and industry standards.
- Act as an SME for end to end management of findings from information security risk management assessments for vendors, applications and biomedical devices, NIST Cyber Security Framework, HIPAA, Joint Commission, Meaningful use audits and penetration/vulnerability assessment findings.
- Risk Management:
- Identify, assess, and monitor Cybersecurity risks, including strategic, operational, technical, and privacy risks exposed via Cybersecurity means.
- Implement risk mitigation strategies and mechanisms to address identified risks and potential non-compliance.
- Plan, implement, and operate Security Risk Management Assessments via independent 3rd party assessors, security risk workshops and interviews that include detail level analysis of security risks at all layers and components of a technology stack.
- Provide control and mitigation subject matter expertise for reduction of risks identified and mapped in risk assessments in coordination with other security and technology leaders.
- Maintain a formal risk register which drives security governance and ensures security funding is aligned with business objectives.
- Continuously identify improvement opportunities and provide feedback to senior team members and management
- Data Privacy:
- Work with our legal teams to bring Cybersecurity capabilities to their Privacy protection programs.
- Regulatory Compliance:
- Maintain a current understanding of relevant laws and regulations to ensure the organization achieves and sustains compliance.
- Monitor changes in regulations, industry standards, and best practices to keep the organization up-to-date and compliant.
- Proactively monitor and respond to regulatory changes and updates.
- GRC Reporting:
- Lead a team that quantifies cyber risk in dollar terms, identifies risk owners, socializes value at risk, offers compensating controls to lower loss event likelihood and loss impact/magnitude, manages cyber risk transfer mechanisms via legal contract and cyber insurance, and ultimately allows risk owners to accept cyber risk aligned to spend authority.
- Develop Key Risk Indicators which highlight top cyber risks for the organization to executive management and the board and Key Performance Indicators that demonstrate success of the security program along with its alignment to NIST and industry best practices.
- Create comprehensive GRC reports for the executive leadership and board of directors that provide clear insights into the company’s risk profile, compliance status, and governance effectiveness.
- Support Governance, Risk & Compliance (GRC) tools implementation and utilization.
- Provide input thought leadership on monitoring, measurement and optimization of Security Risk Management program effectiveness
- Training & Awareness:
- Oversee the creation and implementation of a Cybersecurity education, awareness and training program to ensure that employees are aware of the role they play in maintaining good governance and compliance.
- Develop and enhance a formal next generation security education and awareness program that delivers role based security education, is based on gamification concepts and leads to measurable improvement in building a risk aware culture at all levels.
- Create and deliver information security concepts in simple and engaging newsletters, social media posts, blogs, video, new employee orientation, townhalls and in person.
- Third-party Management:
- Manage and monitor the Cybersecurity aspects of third-party relationships to ensure that vendors and partners are adhering to the company’s policies and relevant regulations.
- Manage and maintain accurate records and status of 3rd party and vendor compliance records.
- Direct and facilitate 3rd party security audits to keep the organization in compliance with various compliance standards
- Audit Management:
- Coordinate with internal and external auditors to facilitate audits, with the goal of assuring compliance and address potential issues proactively.
- Work closely with the Project Management Office (PMO), other IT teams, and the Architecture & Engineering team to define security, requirements, track issues and concerns, provide solutions, communicate identified vulnerabilities, and identify exceptions to policy.
- Ensure that PMO policies, procedures, forms, and workflows include appropriate security components so that projects incorporate appropriate risk-management and mitigation techniques and tasks.
!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod? n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n; n.push=n;n.loaded=!0;n.version='2.0';n.queue=[];t=b.createElement(e);t.async=!0; t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window, document,'script','https://connect.facebook.net/en_US/fbevents.js');
fbq('init', '3151876674868105');
fbq('track', 'PageView');
Source link