Work Shift:

Capital Health is the region's leader in providing progressive, quality patient care with significant investments in our exceptional physicians, nurses and staff, as well as advance technology. Capital Health is a five-time Magnet-Recognized health system for nursing excellence and is comprised of 2 hospitals. Capital Health Medical Group is made up of more than 250 physicians and other providers who offer primary and specialty care, as well as hospital-based services, to patients throughout the region.

Position Overview:

JOB CODE: 13504

FLSA Exemption Status: Exempt

SUMMARY (BASIC PURPOSE OF THE JOB)

The Information Security Governance Risk and Compliance Manager provides senior leadership and direction to all information security GRC-related initiatives. The GRC manager maintains security policies, assesses the effectiveness of the security program, performs risk assessments, provides security education, and manages remediation of enterprise information security risks. Additionally, the GRC manager provides strategic input to the security strategy and roadmap. This is a hands-on position and requires tactical management of the security GRC processes, frameworks, and tools working with a team of security professionals. The position also requires an in-depth knowledge of regulations (e.g., HIPAA, HITECH, PCI DSS) and best security practices (e.g., NIST CSF, ISO) applicable to the healthcare industry.

MINIMUM REQUIREMENTS

Education: Bachelor's degree in a relevant field, or equivalent experience. Master's degree preferred.

Experience: 8+ years of experience working with information security and GRC. 2+ years of managerial experience.

Knowledge and Skills: Relevant certifications such as CompTIA Security+, Network+ required. ISACA CISM, CRISC, CISA and ISC2 Certified Information Systems Security Professional (CISSP) preferred. Knowledge of desktop support, networking and security technologies. Experience with desktops, servers, storage, virtualization, networking and security technologies. Working knowledge or IAM, PAM and other security solutions.

Special Training: Network+, Security+, CySA+, CEH or other advanced IT security certifications. Experience with security tools and technologies including SIEM, MFA, EDR, XDR, NDR, IPS, IDS solutions.

Mental, Behavioral and Emotional Abilities: Possesses ability to work independently under minimal supervision. Managerial skills preferred.

Usual Work Day: Exempt Hours

ESSENTIAL FUNCTIONS

Defines and evolves the organization's governance, risk and compliance program with industry best practices and standards.

Develops and maintains comprehensive security policies, standards, and guidelines.

Possesses in-depth knowledge of security technologies, including endpoint detection, firewalls, intrusion prevention systems, and related tools.

Evaluates, selects, and implements security solutions that enhance the organization's security posture.

Leads and manages a team of security analysts and engineers, fostering a culture of innovation, collaboration, and excellence.

Provides mentorship, training, and professional development opportunities for team members.

Works closely with IT Security Directors to align security engineering efforts with overall security strategy and objectives.

Collaborates with cross-functional teams to integrate security measures into the organization's technology landscape.

Stays informed about industry trends, emerging threats, and security technologies.

Drives continuous improvement initiatives to enhance the organization's security posture.

Provides leadership during security incidents, collaborating with the Incident Response team to ensure effective and timely resolution.

Creates and maintains comprehensive documentation of security architectures, processes, and procedures.

Prepares and delivers regular reports to IT Security Director on the team's activities, accomplishments, and ongoing initiatives.

Performs other duties as assigned.

PHYSICAL DEMANDS AND WORK ENVIRONMENT

Frequent physical demands include: Standing, Walking, Carry objects

Occasional physical demands include: Sitting, Climbing (e.g., stairs or ladders), Push/Pull, Twisting, Bending, Reaching forward, Reaching overhead, Squat/kneel/crawl, Wrist position deviation, Keyboard use/repetitive motion

Continuous physical demands include:

Lifting Floor to Waist 35 lbs. Lifting Waist Level and Above 35 lbs.

Sensory Requirements include: Accurate Near Vision, Accurate Far Vision, Accurate Color Discrimination, Accurate Depth Perception, Accurate Hearing

Anticipated Occupational Exposure Risks Include the following: Dust/Particulate Matter

Offers are contingent upon successful completion of our onboarding process and pre-employment physical.  Capital Health will require all applicants (including contractors, travelers and consultants) to have an annual flu vaccine prior to start date, with the exception of individuals with medical and religious exemptions.

"Company will never ask candidates for social security numbers or date of birth during application phase. If you are asked for this information online, you may be a target for identity theft."