JOB DESCRIPTION

The Cyber Risk Program Manager plays a key role in supporting the organization’s information security efforts. This position helps identify and assess potential security risks, working closely with teams to ensure alignment with security policies and the Risk Management Framework (RMF).
Responsibilities and Duties
Monitors the security posture of systems, offering risk-based recommendations, and assisting with reviews and authorizations to operate.
Leads the vulnerability management program, applying knowledge of applications, operating systems, networks, cloud infrastructure, and cyber threat tactics.
Collaborates with internal teams to remediate vulnerabilities and implement strategies that protect company assets and data.
Oversees the IT audit processes, providing documentation to prove compliance with HIPAA Security Regulations, NIST guidelines, and other governmental regulations. This includes ensuring adherence to organizational security policies and procedures.
Makes recommendations on security policies as needed to ensure they are current and effective in addressing emerging threats and regulatory requirements.
Serve as backup to the Manager of Information Security, handling escalations and participating in decision-making when higher-level guidance is required. This collaborative support ensures continuity in addressing complex security matters and facilitates informed, timely resolutions across the organization.

EDUCATION

Bachelor’s or postgraduate Degree in Business, Computer Science, Information Security or a related field is required.

EXPERIENCE

7+ years of experience in information technology is required.
5+ years of work experience in cybersecurity, and/or 5+ years of experience in a risk management and/or IT audit role and/or 5+ years of experience with regulatory compliance and information security management frameworks (e.g., HIPAA Security Regulations, Health Information Technology for Economic and Clinical Health Act [HITECH Act], International Organization for Standardization [ISO] 27000, COBIT, National Institute of Standards and Technology [NIST] 800 RMF), is required.

QUALIFICATIONS

Working knowledge of hospitals and healthcare industry required.
Ability to communicate complex technical concepts to both technical and non-technical audiences, and collaborate effectively with IT teams and stakeholders.
Understanding risk assessment methodologies to identify, evaluate, and prioritize cyber risks based on likelihood and impact.
Understanding the vulnerability management lifecycle to identify, assess, prioritize and remediate vulnerabilities before they can be exploited.
Understanding of relevant healthcare regulations and data privacy laws that impact cybersecurity practices.
Strong understanding of cyber risk management frameworks (NIST, ISO 27001, etc.).
Experience with GRC tools, process automation, security metrics and policy management.
Commitment to staying current with the latest cybersecurity trends, threats, and technologies. Participation in ongoing training and certification programs.
A strong technical foundation in information security, along with an understanding of business and governance processes, is essential.

Please refer the Job description for details