Job Description

 

Harris Health System is the public healthcare safety-net provider established in 1966 to serve the residents of Harris County, Texas. As an essential healthcare system, Harris Health champions better health for the entire community, with a focus on low-income uninsured and underinsured patients, through acute and primary care, wellness, disease management and population health services. Ben Taub Hospital (Level 1 Trauma Center) and Lyndon B. Johnson Hospital (Level 3 Trauma Center) anchor Harris Health’s robust network of 39 clinics, health centers, specialty locations and virtual (telemedicine) technology. Harris Health is among an elite list of health systems in the U.S. achieving Magnet® nursing excellence designation for its hospitals, the prestigious National Committee for Quality Assurance designation for its patient-centered clinics and health centers and its strong partnership with nationally recognized physician faculty, residents and researchers from Baylor College of Medicine; McGovern Medical School at The University of Texas Health Science Center at Houston (UTHealth); The University of Texas MD Anderson Cancer Center; and the Tilman J. Fertitta Family College of Medicine at the University of Houston.

Skills / Requirements

JOB SUMMARY:
The Manager Information Security Risk Management reports to the Vice President and Chief Information Security Officer (CISO) and develops, maintains and executes a continuous, flexible information security risk management program that aligns with Harris Health's overall strategic business and IT goals, and addresses the higher-risk areas and concerns of Executive Management. Works alongside the Harris County attorney team and the Harris Health corporate compliance department to review third-party contracts and ensure compliance to standards and regulations regarding information access, security, and privacy. Leads all phases of internal and third-party risk assessments as-well-as planned IT audits and reviews. Coordinates internal and third-party security audits, to include HIPAA audits, PCI DSS audits, Service Organization Controls (SOC) audits, ISO audits, SSAE 16 / ISAE 3402 audits, customer audits, and other compliance/regulatory audits. Assists VP/ CISO with decisions regarding risk and audit planning, testing plans and methodologies for risk and audit projects. Assists VP/CISO in determining reportable observations, findings and recommendations to relay to Executive Management and Board of Trustees. Develops and publishes cyber related risk and audit reports and reviews. Drafts and updates various departmental and organization-wide information security policies.


MINIMUM QUALIFICATIONS:
Education/Specialized training/Licensure:
Bachelors degree, Masters preferred
CISSP required. CRISC, CISA, HCISPP, CIPP, GSNA, or CCSP, must have obtained (1) additional certification within six (6) months of accepting position.

CISSP (required); Must have obtained one (1) additional certification within six (6) months of accepting position.

WORK EXPERIENCE:
6 years' work experience. Extensive knowledge of HIPAA Security rule, HITECH, Payment Card Industry (PCI), NIST Cybersecurity Framework. In addition, understanding of NIST SP 800-53r4, COBIT, and ITIL frameworks preferred. RSAM or other GRC tools experience preferred. Previous IT audit and risk management experience, or equivalent combination of education and experience. 

MANAGEMENT EXPERIENCE:
Three (3) years of experience in Cyber Security or related field.

SPECIAL REQUIREMENTS:
Communication Skills:
Exceptional Verbal (Public Speaking
Writing/Composing: (Correspondence/Reports)

Other Skills:
Analytical, Statistical

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online