AU
Jr Information Security Analyst conducting PCI - DSS compliance projects for AuditSafe. Supporting security controls implementation and leading technical meetings in a hybrid work environment.
WA
Hybrid IT Security Risk and Compliance Manager
Posted 3 weeks ago
About the role
- Provide supervision, guidance, and oversight of the WAHBE IT Security Risk and Compliance Team, ensuring effective execution of responsibilities and alignment with organizational goals.
- Develop, maintain, and implement cybersecurity compliance deliverables, ensuring they are regularly updated to meet evolving Centers for Medicare & Medicaid Services (CMS), the Internal Revenue Service (IRS) and WAHBE requirements. Deliverables include but are not limited to System Security Plan, Safeguard Security Report, and Annual Attestation.
- Conduct comprehensive and complex cybersecurity risk assessments to identify and evaluate potential threats and vulnerabilities.
- Independently perform thorough risk analysis, leveraging advanced technical expertise to evaluate vulnerabilities, cyber threats, and the effectiveness of security controls.
- Ensure security controls align with WAHBE IT Security standards and policies, while maintaining compliance with applicable federal regulations, including Centers for Medicare & Medicaid Services (CMS) and the Internal Revenue Service (IRS).
- Develop and implement an Information security risk management framework including gap analysis, remediation timelines, regular reviews and updates.
- Develop risk management metrics and reports to effectively communicate remediation efforts, risk treatment progress, and enhancements to WAHBE’s overall security posture.
- Develop, track, and coordinate risk mitigation plans for federal reporting including Corrective Action Plan, Plan of Action and Milestones.
- Develop and implement processes to validate and verify the completion of remediation activities and reevaluate control effectiveness as needed to ensure ongoing risk mitigation.
- Collaborate with Compliance Officer, Information Security Manager, Cloud/Infrastructure Manager, Lead Product Owner, Tech Ops and other IT stakeholders for risk mitigation and control implementation.
- Manage Center for Medicare and Medicaid Services (CMS) and Internal Revenue Service (IRS) security audits and safeguard reviews.
- Manage and support third party security risk assessment as mandated by federal regulations. Develop, track, maintain and coordinate resulting risk mitigation plans for any findings.
- Maintain and update WAHBE’s Information Security policies and procedures with evolving CMS, IRS and WAHBE requirements.
- Review laws, regulations and legal agreements for security and privacy language to permit authorized, collection, use, maintenance, and sharing of Personally Identifiable Information (PII) and Federal Tax Information (FTI).
- Foster innovation and manage risks during major transformations.
- Provide regular briefings and updates to CISO and engage with Enterprise Risk and Compliance Committee.
- Communicate any obstacles that hinder successful and timely completion of compliance deliverables to the CISO promptly.
- Collaborate with external partners in alignment of technology, processes and procedures to meet WAHBE policy, state and federal regulations.
- Work as liaison for technical, business and external partners for audits, assessments and reviews.
- Recruit, hire, lead, mentor, and retain talented risk and compliance staff.
- Other duties as assigned by the CISO.
Requirements
- Bachelor’s degree in engineering or technology-related major and ten years of experience with increasing management responsibilities (minimum of 5 years’ experience in staff management).
- Five years of experience leading and managing staff and contractor resources within IT risk and compliance domains.
- Excellent understanding of standards and guidelines to include CMS standards such as Minimal Acceptable Risk Standards for Exchanges (MARS-E 2.2) and Acceptable Risk Controls for ACA, Medicaid, and Partner Entities (ARC-AMPE) and/or Internal Revenue Service (IRS) standards such as Publication 1075.
- Excellent understanding of audit processes, standards, and procedures.
- Strong understanding of best practices in testing methods and metrics.
- Upholds the highest ethical standards, demonstrating honesty, transparency, and consistency in words and actions. Takes responsibility for decisions, maintains confidentiality, and adheres to organizational policies and regulatory requirements.
- Motivated self-starter with initiative to take independent action and accept responsibility for your actions.
- Excellent project management skills and able to set clear timelines, defined roles, and practice effective change management.
- Ability to prioritize and manage multiple projects simultaneously and follow-through on issues in a timely manner.
- Strong interpersonal skills; ability to work with all levels of internal management and staff, as well as outside clients, vendors, diverse populations, stakeholder groups, and customers.
- Skilled in resolving conflicts and addressing disagreements among team members by utilizing active listening and fostering open dialogue.
- Creative and proactive problem solver; must possess the ability to make independent decisions and judgments about work priorities.
- Well organized, flexible, proactive, resourceful, and efficient with strong attention to detail.
- Strong understanding of contracting processes and procedures and contract management.
- Ability to maintain a high level of confidentiality.
Benefits
- Take a peek at our benefits package .
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
A2
A2SECURECybersecurity Consultant
Cybersecurity Consultant ensuring cybersecurity operations and delivering consultancy projects for clients, focusing on strategic risk management and compliance assessments.
Leads SOC team ensuring cybersecurity for LWSA's operations. Responsible for team management, incident response, and security monitoring.
LG
Liebherr GroupSenior IT Security Engineer
Senior IT Security Engineer developing and optimizing innovative security solutions in an international environment. Engaging in corporate information security utilizing best practices.
Regional Lead overseeing physical security infrastructure and operations for OpenAI’s data centers in Singapore. Collaborating with teams and managing security technologies for compliance and risk assessment.
ZS
Business Continuity and Cybersecurity Awareness Manager at ZEAL, leading BCM and cybersecurity training initiatives. Ensuring resilient operations and fostering secure behavior across teams.
BG
Bureau Veritas GroupOperations Manager, Fire Safety and Building Equipment
Responsable d'Opérations en sécurité incendie et équipements du bâtiment chez Bureau Veritas. Animer une équipe tout en contribuant au développement commercial et à la qualité des prestations.
Senior Inhouse IT Consultant responsible for the network and server infrastructure of the L - mobile Group. Planning security measures and managing cloud and virtualization platforms.
Senior Manager in Cybersecurity leading Cyber Defense Center operations and strategy development for effective threat response. Collaborating with stakeholders to enhance security posture across the organization.
SK
Sana KlinikenJunior Information Security Officer
(Junior) Information Security Officer responsible for ISMS management at Sana Clinics. Ensuring compliance with NIS - 2 and training staff on information security.