Director, Cybersecurity Risk Management - Downtown Dallas
- Job ID 1905033817
- Date posted 08/28/2019
- Facility Corporate
We are looking for someone with a high level of knowledge in information security risk management and remediation practices, third party cyber risk, consultancy to Sr. Business Leadership, with knowledge in a broad range of security disciplines and technology areas to manage our Cyber Risk Management groups.
The Director, Cybersecurity Risk Management is a senior information assurance leader with corporate responsibility to direct and oversee all enterprise information security risk assessment, risk remediation, and third-party cyber risk management functions at Tenet. You will develop and implement strategy, vision and plans to manage information security risk to acceptable levels. This person will work closely with organizational leadership to understand business requirements to ensure identification of information related threats and vulnerabilities and alignment, implementation, and maintenance of controls according to risk profiles. The Director, Cybersecurity Risk Management manages IT Audit and Compliance Program Managers and teams as well as assisting the Chief Information Security Officer to develop and implement the enterprise information protection strategy.
- Work closely with business and technology counterparts to understand enterprise objectives, initiatives, and cyber information security risk
- Define, implement, and oversee the enterprise cyber information security risk and conformance management strategy
- Manage the IT Audit & Compliance Program and managers to oversee the enterprise cyber information security risk management lifecycle including the completion of risk assessments, planning, treatment, tracking, and control
- Manage the Third-Party Cyber Risk Assessment team to help drive cyber risk scoring of third-party suppliers and vendors
- Develop, maintain, and enforce Tenet cyber information security risk management policies and standards
- Ensure the identification, analysis, management, and timely communication of information related threats and vulnerabilities through management of the security risk analysis process
- Evaluate and report on Tenet cyber information security risk practices and results
- Perform various personnel actions ranging from interviewing, hiring, and training employees; planning, assigning, and directing work; appraising performance; rewarding and developing employees; addressing complaints and resolving problems
- Manage budget, resource allocation, and forecasting tools to ensure effective use of all resources. Manage status, productivity and other management reports to ensure staff meets optimal performance
- Stays abreast of relevant security regulations, laws and technologies and adjusting programs and processes as required. Drive continuous improvement in this space.
- Security Compliance (SRA): Develops programs and manages a team Information Security professionals to ensure risks to Tenet data are identified and mitigated in a timely fashion including the annual HIPAA / MU security risk analysis. Drives and tracks completion of individual SRAs for all Tenet hospitals, physician practices and outpatient centers. Ensures that Security Risk Analysis continues to meet evolving threat landscape and regulatory (e.g. HIPAA/Meaningful Use) requirements.
- Security Compliance (Vendor): Develops and continually refines program and manages team that ensures vendors are properly vetted and that security posture of new and existing vendors is known prior to execution of contracts.
- IT Audit: Develops multiple programs and manages team of IT Auditors / Analysts that ensure Tenet is meeting regulatory, legal and other governance obligations (e.g. SOX 404, HIPAA, PCI). Defines, implements, tracks, and drives completion of multiple audits as required to ensure Tenet s internal controls are reliable. Identifies gaps in existing programs and assists in defining remediation plans.
- Data Compliance: Manages team that develops and executes on programs to identify, classify and properly protect Tenet data in all areas of the company (data classification). Develops programs and leads team that defines, deploys and maintains continuous auditing plans to ensure that access to data is appropriate and that controls are effective across the enterprise.
- Actively participates in efforts to define and implement the vision, strategies and goals for the governance, security, risk management and compliance framework and activities.
- Identify and define projects required to maintain and improve Tenet s security, audit and compliance posture. Develop and present required documentation including business cases, cost/benefit analyses, proposals, project charters, project milestones and estimates for time-frame, budget and resources.
- Bachelor s degree or equivalent work experience required
- CISA, CISSP, CISM or other related certification is required
- Minimum of 5-7 years of experience in a role coordinating information security and/or IT audit work
- Minimum of 5 years of experience in a leadership role with multiple direct-reports
- Demonstrated ability to manage multiple complex projects simultaneously
- Ability to identify/assess business process and IT risks, design appropriate audit steps and plan, execute and close audits
- Good working knowledge of SOX, HIPAA, HITECH, PCI and ISO principles, concepts and practices
- Strong interpersonal skills and excellent organizational skills
- Self-motivated, able to lead a team independently
- Detail oriented, able to multitask and meet deadlines
- Strong working knowledge of SharePoint lists and libraries
- Advanced knowledge of Excel
- Proficiency in documenting process workflows with Visio or similar tool desired
- Familiarity with audit tools would be considered an asset
Employment practices will not be influenced or affected by an applicant’s or employee’s race, color, religion, sex (including pregnancy), national origin, age, disability, genetic information, sexual orientation, gender identity or expression, veteran status or any other legally protected status. Tenet will make reasonable accommodations for qualified individuals with disabilities unless doing so would result in an undue hardship.Tenet participates in the E-Verify program. Follow the link below for additional information.