Harris Health System
Manager Information Security Risk Mgmt
Harris Health System, Bellaire, Texas, United States, 77401
Harris Health System is the public healthcare safety-net provider established in 1966 to serve the residents of Harris County, Texas. As an essential healthcare system, Harris Health champions better health for the entire community, with a focus on low-income uninsured and underinsured patients, through acute and primary care, wellness, disease management, and population health services. Ben Taub Hospital (Level 1 Trauma Center) and Lyndon B. Johnson Hospital (Level 3 Trauma Center) anchor Harris Healths robust network of 39 clinics, health centers, specialty locations, and virtual (telemedicine) technology. Harris Health is among an elite list of health systems in the U.S. achieving Magnet nursing excellence designation for its hospitals, the prestigious National Committee for Quality Assurance designation for its patient-centered clinics and health centers, and its strong partnership with nationally recognized physician faculty, residents, and researchers from Baylor College of Medicine; McGovern Medical School at The University of Texas Health Science Center at Houston (UTHealth); The University of Texas MD Anderson Cancer Center; and the Tilman J. Fertitta Family College of Medicine at the University of Houston.
JOB SUMMARY:
The
Manager, Information Security Risk Management
reports to the Vice President and Chief Information Security Officer (CISO). This role develops, maintains, and executes a continuous, flexible information security risk management program aligned with Harris Health's strategic business and IT goals. It addresses higher-risk areas and concerns of Executive Management. The manager collaborates with the Harris County attorney team and the corporate compliance department to review third-party contracts, ensuring compliance with standards and regulations regarding information access, security, and privacy. Responsibilities include leading all phases of internal and third-party risk assessments, planning IT audits and reviews, and coordinating security audits such as HIPAA, PCI DSS, SOC, ISO, SSAE 16 / ISAE 3402, and other compliance audits. The role supports the VP/CISO in risk and audit planning, testing methodologies, and reporting findings and recommendations to Executive Management and the Board of Trustees. It also involves developing and publishing cyber risk and audit reports and updating security policies organization-wide. MINIMUM QUALIFICATIONS: Education/Specialized training/Licensure:
Bachelor's degree required, Master's preferred. CISSP certification required. An additional certification such as CRISC, CISA, HCISPP, CIPP, GSNA, or CCSP must be obtained within six months of hire. Work Experience:
At least 6 years of relevant experience, with extensive knowledge of HIPAA Security Rule, HITECH, PCI, and NIST Cybersecurity Framework. Familiarity with NIST SP 800-53r4, COBIT, ITIL, and GRC tools like RSAM is preferred. Previous IT audit and risk management experience or equivalent education and experience are necessary. Management Experience:
Minimum of 3 years in Cybersecurity or a related field. Special Requirements: Communication Skills:
Exceptional verbal (public speaking) and writing (correspondence and reports) skills. Other Skills:
Analytical and statistical skills.
#J-18808-Ljbffr
Manager, Information Security Risk Management
reports to the Vice President and Chief Information Security Officer (CISO). This role develops, maintains, and executes a continuous, flexible information security risk management program aligned with Harris Health's strategic business and IT goals. It addresses higher-risk areas and concerns of Executive Management. The manager collaborates with the Harris County attorney team and the corporate compliance department to review third-party contracts, ensuring compliance with standards and regulations regarding information access, security, and privacy. Responsibilities include leading all phases of internal and third-party risk assessments, planning IT audits and reviews, and coordinating security audits such as HIPAA, PCI DSS, SOC, ISO, SSAE 16 / ISAE 3402, and other compliance audits. The role supports the VP/CISO in risk and audit planning, testing methodologies, and reporting findings and recommendations to Executive Management and the Board of Trustees. It also involves developing and publishing cyber risk and audit reports and updating security policies organization-wide. MINIMUM QUALIFICATIONS: Education/Specialized training/Licensure:
Bachelor's degree required, Master's preferred. CISSP certification required. An additional certification such as CRISC, CISA, HCISPP, CIPP, GSNA, or CCSP must be obtained within six months of hire. Work Experience:
At least 6 years of relevant experience, with extensive knowledge of HIPAA Security Rule, HITECH, PCI, and NIST Cybersecurity Framework. Familiarity with NIST SP 800-53r4, COBIT, ITIL, and GRC tools like RSAM is preferred. Previous IT audit and risk management experience or equivalent education and experience are necessary. Management Experience:
Minimum of 3 years in Cybersecurity or a related field. Special Requirements: Communication Skills:
Exceptional verbal (public speaking) and writing (correspondence and reports) skills. Other Skills:
Analytical and statistical skills.
#J-18808-Ljbffr