Requisition #: 9967
Working Title: GRC Lead
Business Entity: CSMC - Cedars-Sinai Medical Center
Cost Center # - Cost Center Name: 0848072 - Information Security
City: Los Angeles
Job Category: Information Technology/Telecom
Job Specialty: Technology Architecture
Position Type: Regular-F/T
Shift Length: 8hr
Hours: 8am - 5pm
Days: Monday - Friday
Shift Type: Day
Weekends: As Needed
Job Posting: Come join us and find out why Cedars-Sinai has been ranked as one of the top 100 best places to work in IT as ranked by 2017 Computerworld Magazine.
We are currently recruiting for a GRC Lead.
The candidate will be a member of the Cybersecurity team responsible for risk management, governance and compliance activities. In this role, the candidate will be responsible for leading and executing security related projects and programs, such as information security risk assessments, information security program development, IT policies and procedures, HIPAA compliance audits, among other types of engagements. This individual will work directly with the Cybersecurity Manager and with business leaders to understand security risk issues, oversee risk assessment and mitigation efforts, and develop effective remediation programs and actions.
Essential/Required Duties and Responsibilities:
• Provide leadership, guidance, and oversight to ensure the implementation and consistent operation of an information security governance, security risk management and compliance program.
• Perform compliance assessments to determine if business systems are aligned with regulatory requirements, industry standards, and best practices and to information security policy, procedures, and standards.
• Oversee Information Technology policies and procedures are in compliance with the regulations.
• Support, exhibit and grow corporate culture that is committed to Governance, Risk, and Compliance and information security best practices.
• Collaborate with key stakeholders to validate, verify and address audit findings, control deficiencies and remediation plans.
• Monitor for new Healthcare compliance regulations, assess the impact to the organization, and work with the impacted business units to ensure compliance.
• Assist with the management of internal and external audits.
• Identify improvements that will strengthen the efficiency and effectiveness of the compliance initiatives.
• Report on the status of compliance activities and remediation efforts.
• Conduct risk assessments to evaluate the effectiveness of existing controls and determine the impact of proposed changes to business processes, applications and systems.
• Communicate identified security risks to business leaders to ensure a clear understanding of these risks as well as potential mitigations.
• Implement risk register for prioritizing, managing, and mitigating identified information risks, utilizing the information to provide leadership insight into the critical risks potentially impacting company.
• Develop metrics and reporting around the risk remediation program, feeding gathered information into various reporting chains.
• Create documentation to ensure consistent, reliable, and repeatable activities.
• Other duties as required.
Education Certifications/Licensure Experience Physical Abilities Job Requirements:
• Excellent understanding of security governance, compliance, and risk management principles in the Healthcare environment.
• Strong understanding of security requirements and solutions, as well as threats and challenges impacting the protection of information across the Hospital.
• Experience supporting compliance programs within the technology space.
• Passion for applying compliance controls across security technologies.
• Analytical ability to assess risks, adequacy of controls, and impact upon business processes.
• Awareness of latest and common security threats.
• Strong interpersonal and communication skills (oral, written, presentation) to result in effective working relationships with internal and external contacts.
• Self-directed and well organized with an ability to work with minimal supervision and meet deadlines across multiple projects.
• Bachelor’s degree in Computer Science/related discipline or the equivalent in education and work experience.
• Minimum of 5-7 years experience in Cybersecurity.
• Some experience in leading/supervising and developing teams.
• Requires project management experience
• Prefer experience managing multiple assignments simultaneously.
• Requires ability to work independently with minimal supervision and manage multiple priorities.
• Excellent communication skills (verbal and written) and excellent pragmatic consensus-building, conflict-prevention and resolution skill sets.
• Healthcare industry experience strongly preferred.
Location/Region: Los Angeles, CA (US)