Information Security Manager

Job Level
Mid-level position
Job Category
Manager / Supervisor
Sector
  • Information Technology
Job Status
Areas of Responsibility
  • Security
Physical Requirements

The physical requirements for this position include communicating effectively; building positive working relationships with individuals from diverse backgrounds; abiding by University guidelines; maintaining confidentiality; prioritizing and managing work effectively; providing exceptional customer service; performing work in a sedentary position; walking, standing, and sitting for extended periods of time; reporting to meetings at different locations both on and off campus; and interacting with individuals from various levels throughout the University.

Shift

Primarily days; 8:00 AM – 5:00 PM. However, this is an exempt position and may require additional time during evenings, weekends, and holidays to accomplish work goals.

Job Summary

The University of Kentucky HealthCare (UKHC) is seeking an Information Security Risk Manager to lead the risk management and compliance function. Essential duties and responsibilities include but are not limited to:

• Developing and providing oversight of the risk management strategy and program
• Supporting the CISO in the formulation of information technology related policies
• Providing personnel management for GRC team
• Planning and conducting information security risk assessments to proactively identify, mitigate, and reduce risk to the organization
• Reviewing third party contracts for compliance with security requirements and recommending appropriate language as necessary
• Providing guidance and recommendations in order to comply with regulatory requirements including HIPAA, FDA, CMS, and PCI-DSS
• Preparing reports that identify technical and procedural findings, and providing recommended remediation strategies and solutions
• Communicating risk posture, security metrics, and security issues to leadership
• Guiding the development and implementation of appropriate security controls for information technology applications and infrastructure
• Collaborating with technical and non-technical teams to analyze and recommend actions related to vulnerabilities and control weaknesses
• Providing security requirements to be included in statements of work and other appropriate procurement documents
• Developing methods to monitor and measure risk, compliance, and assurance efforts
• Promoting security awareness across the organization

Skills / Knowledge / Abilities

• 7+ years experience in information security
• BS required, MS preferred, or equivalent experience
• CISSP required
• CISM required
• Expert knowledge of HIPAA, PCI, ISO 27001/27002, HITRUST, COBIT, ITIL, and risk management frameworks including ISO 27005/31000/31010, NIST SP 800-30, NIST SP 800-39 preferred
• Demonstrated ability to lead and perform risk assessment/management activities
• Strong analytical skills and the ability to resolve complex problems
• Ability to work independently
• Strong interpersonal and communication skills and ability to effectively communicate with management, staff and regulatory agencies
• Policy and procedure development