Harris Health
About Us
Harris Health System is the public healthcare safety‑net provider established in 1966 to serve the residents of Harris County, Texas. It champions better health for the entire community, focusing on low‑income uninsured and underinsured patients through acute and primary care, wellness, disease management and population health services. Ben Taub Hospital (Level 1 Trauma Center) and Lyndon B. Johnson Hospital (Level 3 Trauma Center) anchor Harris Health’s robust network of 39 clinics, health centers, specialty locations and virtual (telemedicine) technology. Harris Health is among an elite list of health systems in the U.S. achieving Magnet® nursing excellence designation for its hospitals, the prestigious National Committee for Quality Assurance designation for its patient‑centered clinics and health centers and its strong partnership with nationally recognized physician faculty, residents and researchers from Baylor College of Medicine; McGovern Medical School at The University of Texas Health Science Center at Houston (UTHealth); The University of Texas MD Anderson Cancer Center; and the Tilman J. Fertitta Family College of Medicine at the University of Houston. Job Summary
The Manager, Information Security Risk Management reports to the Vice President and Chief Information Security Officer (CISO) and develops, maintains and executes a continuous, flexible information security risk management program aligned with Harris Health’s overall strategic business and IT goals. The role reviews third‑party contracts with the Harris County attorney team and the corporate compliance department to ensure compliance with standards and regulations regarding information access, security and privacy. It leads all phases of internal and third‑party risk assessments and planned IT audits, coordinating internal and third‑party security audits such as HIPAA, PCI DSS, SOC, ISO, SSAE 16 / ISAE 3402, customer audits and other compliance/regulatory audits. The Manager assists the VP/CISO with decisions regarding risk and audit planning, testing plans and methodologies, reportable observations, findings and recommendations, and develops and publishes cyber‑related risk and audit reports and reviews while drafting and updating information security policies. Minimum Qualifications
Education / Specialized Training / Licensure
Bachelors degree, Masters preferred CISSP required. CRISC, CISA, HCISPP, CIPP, GSNA, or CCSP – must obtain an additional certification within six (6) months of accepting the position. CISSP (required); must obtain one (1) additional certification within six (6) months of accepting the position. Work Experience
6 years of work experience. Extensive knowledge of HIPAA Security Rule, HITECH, Payment Card Industry (PCI), NIST Cybersecurity Framework. Understanding of NIST SP 800‑53r4, COBIT, and ITIL frameworks preferred. Experience with RSAM or other GRC tools preferred. Previous IT audit and risk management experience, or equivalent combination of education and experience. Management Experience
Three (3) years of experience in Cyber Security or a related field. Special Requirements
Communication Skills: Exceptional verbal (public speaking). Writing/Composing: Correspondence and reports. Other Skills
Analytical, statistical. Additional Information
Seniority level: Mid‑Senior level Employment type: Full‑time Job function: Information Technology Industries: Hospitals and Health Care
#J-18808-Ljbffr
Harris Health System is the public healthcare safety‑net provider established in 1966 to serve the residents of Harris County, Texas. It champions better health for the entire community, focusing on low‑income uninsured and underinsured patients through acute and primary care, wellness, disease management and population health services. Ben Taub Hospital (Level 1 Trauma Center) and Lyndon B. Johnson Hospital (Level 3 Trauma Center) anchor Harris Health’s robust network of 39 clinics, health centers, specialty locations and virtual (telemedicine) technology. Harris Health is among an elite list of health systems in the U.S. achieving Magnet® nursing excellence designation for its hospitals, the prestigious National Committee for Quality Assurance designation for its patient‑centered clinics and health centers and its strong partnership with nationally recognized physician faculty, residents and researchers from Baylor College of Medicine; McGovern Medical School at The University of Texas Health Science Center at Houston (UTHealth); The University of Texas MD Anderson Cancer Center; and the Tilman J. Fertitta Family College of Medicine at the University of Houston. Job Summary
The Manager, Information Security Risk Management reports to the Vice President and Chief Information Security Officer (CISO) and develops, maintains and executes a continuous, flexible information security risk management program aligned with Harris Health’s overall strategic business and IT goals. The role reviews third‑party contracts with the Harris County attorney team and the corporate compliance department to ensure compliance with standards and regulations regarding information access, security and privacy. It leads all phases of internal and third‑party risk assessments and planned IT audits, coordinating internal and third‑party security audits such as HIPAA, PCI DSS, SOC, ISO, SSAE 16 / ISAE 3402, customer audits and other compliance/regulatory audits. The Manager assists the VP/CISO with decisions regarding risk and audit planning, testing plans and methodologies, reportable observations, findings and recommendations, and develops and publishes cyber‑related risk and audit reports and reviews while drafting and updating information security policies. Minimum Qualifications
Education / Specialized Training / Licensure
Bachelors degree, Masters preferred CISSP required. CRISC, CISA, HCISPP, CIPP, GSNA, or CCSP – must obtain an additional certification within six (6) months of accepting the position. CISSP (required); must obtain one (1) additional certification within six (6) months of accepting the position. Work Experience
6 years of work experience. Extensive knowledge of HIPAA Security Rule, HITECH, Payment Card Industry (PCI), NIST Cybersecurity Framework. Understanding of NIST SP 800‑53r4, COBIT, and ITIL frameworks preferred. Experience with RSAM or other GRC tools preferred. Previous IT audit and risk management experience, or equivalent combination of education and experience. Management Experience
Three (3) years of experience in Cyber Security or a related field. Special Requirements
Communication Skills: Exceptional verbal (public speaking). Writing/Composing: Correspondence and reports. Other Skills
Analytical, statistical. Additional Information
Seniority level: Mid‑Senior level Employment type: Full‑time Job function: Information Technology Industries: Hospitals and Health Care
#J-18808-Ljbffr