Director Cybersecurity Governance & Risk Management
Silver Spring, Maryland
Employer: Children's National Hospital
Industry: Management
Salary: Competitive
Job type: Full-Time
YOUR NORTH STAR: build and run a world-class cybersecurity governance, risk management, compliance, and reporting program to protect Children's National and our patients, families, and staff.
The head of cybersecurity governance, risk management and reporting will manage the development, administration, and implementation of the CN GR&R program. They will protect Children's National by reducing the risk of a successful attack on our devices, applications, networks, data, and users. We are seeking a dynamic leader who excels at building and inspiring great teams. They are a doer who is equally comfortable managing direct reports, overseeing partners, influencing colleagues, and rolling up his/her sleeves and executing.
Qualifications:
Minimum Education
Build and run a world-class cybersecurity governance, risk management, compliance, and reporting program
Deliver
The head of cybersecurity governance, risk management and reporting will manage the development, administration, and implementation of the CN GR&R program. They will protect Children's National by reducing the risk of a successful attack on our devices, applications, networks, data, and users. We are seeking a dynamic leader who excels at building and inspiring great teams. They are a doer who is equally comfortable managing direct reports, overseeing partners, influencing colleagues, and rolling up his/her sleeves and executing.
Qualifications:
Minimum Education
- Bachelor's Degree in a computer science, math, engineering or another relevant discipline (Required)
- Advanced Degree Preferred
- 10 years experience in cybersecurity with a focus on risk management, program management, and/or security policy (Required)
- 5 years in a management role (Required)
- Demonstrated ability to lead some or all of the cybersecurity governance, risk management, compliance, and reporting functions, preferably in a healthcare organization.
- Demonstrated ability to report to and communicate with board and C-level management.
- Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related concepts to technical as well as nontechnical audiences.
- Breadth of knowledge across many cybersecurity frameworks and standards with deep expertise and implementation experience in at least one (e.g. NIST CSF, NIST RMF/800 series, ISO/IEC 27001/2, OWASP, Mitre ATT&CK framework, SNAS CIS, etc).
- Experience with relevant legal and regulatory frameworks, including HIPAA and PCI/DSS.
- Leading and responding to security audits.
Build and run a world-class cybersecurity governance, risk management, compliance, and reporting program
- Develops and implements CN security standards, policies, processes, and guidelines
- Defines cybersecurity program metrics that align to standard frameworks and best practices
- Performs risk assessments of existing or new services, technologies, and vendors
- Advises the CISO, stakeholders, and partners on systemic risk management issues and specific risk management recommendations
- Coordinates with business units, and across other stakeholders (including technology, legal, risk, compliance, and privacy, and ecosystem partners) to assess, implement, and monitor security risks & mitigations
- Manages the trade-offs required to account for varying levels of risk tolerance, risk exposure, and security controls across the organization
- Collaborates with the CN legal, risk, compliance, and privacy staff to monitor and ensure industry and government rules and regulations (HIPAA, PCI/DSS, etc)
- Reports on performance against established security metrics
- Prepares clear and concise briefings for the CN board, executive leadership, staff, regulators, auditors, outside partners, and other stakeholders
Deliver
- Set and achieve departmental goals.
- Align budgets and resources to meet division goals.
- Monitor and support a safe and quality environment.
- Focus the team on service excellence and make the interdepartmental connections needed to ensure high service.
- Clearly communicate organizational strategies to the department.
- Ensure managers hold the team accountable for high performance.
- Support managers in maintaining a positive working environment.
- Represent the department in clearing obstacles to high performance.
- Look for and develop high-performing talent.
- Support supervisors and managers in engagement efforts.
- Look across departments for opportunities to make the organization more effective.
- Recognize and share innovation and improvement.
- Represent the department in organization-wide innovation and improvement efforts.
- Monitor and grow the department's capacity for change.
Created: 2024-09-26
Reference: 240002J7
Country: United States
State: Maryland
City: Silver Spring
Similar jobs:
-
Risk Management Framework Coordinator Level 3- TS/SCI with Poly
Jacobs in Linthicum, Maryland -
Systems Engineer/Risk Manager
DCS Corporation in Aberdeen, Maryland -
Senior Risk Management Analyst (Hybrid) - Enterprise Risk Management
CareFirst in Baltimore, Maryland💸 $73152 - $145288 per year -
Systems Engineer/Risk Manager
DCS Corporation in Aberdeen, Maryland -
Systems Engineer/Risk Manager
DCS Corporation in Aberdeen, Maryland -
Systems Engineer/Risk Manager
DCS Corporation in Aberdeen, Maryland -
Systems Engineer/Risk Manager
DCS Corporation in Aberdeen, Maryland -
Supply Chain Risk Management Subject Matter Expert (Active Secret Clearance)
Nana Regional Corporation in Fort Meade, Maryland -
Systems Engineer/Risk Manager
DCS Corporation in Aberdeen, Maryland -
Systems Engineer/Risk Manager
DCS Corporation in Aberdeen, Maryland -
Supply Chain Risk Management Subject Matter Expert (Active Top Secret Clearance)
Nana Regional Corporation in Fort Meade, Maryland -
Systems Engineer/Risk Manager
DCS Corporation in Aberdeen, Maryland -
Systems Engineer/Risk Manager
DCS Corporation in Aberdeen, Maryland -
Systems Engineer/Risk Manager
DCS Corporation in Aberdeen, Maryland -
Systems Engineer/Risk Manager
DCS Corporation in Aberdeen, Maryland -
Operational Risk - Incident Management - Assistant Vice President
Morgan Stanley in Baltimore, Maryland -
Systems Engineer/Risk Manager
DCS Corporation in Aberdeen, Maryland -
Associate, Market Risk (Risk Management)
Morgan Stanley in Baltimore, Maryland💸 $65000 - $95000 per year