Director Cybersecurity Governance & Risk Management

YOUR NORTH STAR: build and run a world-class cybersecurity governance, risk management, compliance, and reporting program to protect Children's National and our patients, families, and staff.
The head of cybersecurity governance, risk management and reporting will manage the development, administration, and implementation of the CN GR&R program. They will protect Children's National by reducing the risk of a successful attack on our devices, applications, networks, data, and users. We are seeking a dynamic leader who excels at building and inspiring great teams. They are a doer who is equally comfortable managing direct reports, overseeing partners, influencing colleagues, and rolling up his/her sleeves and executing.

Qualifications:
Minimum Education

• Bachelor's Degree in a computer science, math, engineering or another relevant discipline (Required)
• Advanced Degree Preferred

Minimum Work Experience

• 10 years experience in cybersecurity with a focus on risk management, program management, and/or security policy (Required)
• 5 years in a management role (Required)

Required Skills/Knowledge

• Demonstrated ability to lead some or all of the cybersecurity governance, risk management, compliance, and reporting functions, preferably in a healthcare organization.
• Demonstrated ability to report to and communicate with board and C-level management.
• Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related concepts to technical as well as nontechnical audiences.
• Breadth of knowledge across many cybersecurity frameworks and standards with deep expertise and implementation experience in at least one (e.g. NIST CSF, NIST RMF/800 series, ISO/IEC 27001/2, OWASP, Mitre ATT&CK framework, SNAS CIS, etc).
• Experience with relevant legal and regulatory frameworks, including HIPAA and PCI/DSS.
• Leading and responding to security audits.

Functional Accountabilities:
Build and run a world-class cybersecurity governance, risk management, compliance, and reporting program

• Develops and implements CN security standards, policies, processes, and guidelines

• Defines cybersecurity program metrics that align to standard frameworks and best practices

• Performs risk assessments of existing or new services, technologies, and vendors

• Advises the CISO, stakeholders, and partners on systemic risk management issues and specific risk management recommendations

• Coordinates with business units, and across other stakeholders (including technology, legal, risk, compliance, and privacy, and ecosystem partners) to assess, implement, and monitor security risks & mitigations

• Manages the trade-offs required to account for varying levels of risk tolerance, risk exposure, and security controls across the organization

• Collaborates with the CN legal, risk, compliance, and privacy staff to monitor and ensure industry and government rules and regulations (HIPAA, PCI/DSS, etc)

• Reports on performance against established security metrics

• Prepares clear and concise briefings for the CN board, executive leadership, staff, regulators, auditors, outside partners, and other stakeholders

Leader Accountabilities:

Deliver

• Set and achieve departmental goals.
• Align budgets and resources to meet division goals.
• Monitor and support a safe and quality environment.
• Focus the team on service excellence and make the interdepartmental connections needed to ensure high service.

Engage

• Clearly communicate organizational strategies to the department.
• Ensure managers hold the team accountable for high performance.
• Support managers in maintaining a positive working environment.
• Represent the department in clearing obstacles to high performance.
• Look for and develop high-performing talent.
• Support supervisors and managers in engagement efforts.

Grow

• Look across departments for opportunities to make the organization more effective.
• Recognize and share innovation and improvement.
• Represent the department in organization-wide innovation and improvement efforts.
• Monitor and grow the department's capacity for change.