Rush is hiring: Cybersecurity Manager in Schiller Park

Location: Chicago, IL Hospital: Rush University Medical Center Department: Cybersecurity Operations Work Type: Full Time (Total FTE between 0.9 and 1.0) Shift: Shift 1 Work Schedule: 8 Hr (9:00:00 AM - 5:00:00 PM) Rush offers exceptional rewards and benefits learn more at our Rush benefits page. Summary: The Cyber Security Manager is responsible for developing, implementing, and maintaining important cybersecurity programs at Rush University System for Health (RUSH) including third-party risk management governance and information security risk management programs. This position will work closely with Digital and Information Services leadership, Infrastructure, Enterprise Risk Management, Privacy, Sourcing, Legal, and other stakeholders across RUSH to ensure that information security controls are implemented and operating effectively. Supervises a team of cybersecurity personnel to maintain and support RUSH's third-party vendor security review program and information security risk program. Provides information security consulting on complex organizational projects. Evaluates existing systems and procedures and makes recommendations for improvements of system controls and processes. Responsibilities: Collaborate with cybersecurity leadership to develop and mature RUSH's system-wide information security risk program. Supervise a team of cybersecurity analysts and vendors to drive program effectiveness, efficiency, and success. Develop and implement a strategy, goals, and objectives for the information security risk program across RUSH's healthcare system. Provide organization risk management thought leadership across RUSH's healthcare system. Owns the governance and operating processes for RUSH's Information Security Risk Program, including: Creating program documentation containing information on security risk program strategy, third-party vendor review strategy and processes, and alignment of RUSH's security policies, standards, and methods to the NIST 2.0 cybersecurity framework. Developing and executing information security metrics, key risk indicators, risk dashboards, and board-level reporting of system-wide information security risk. Developing, tracking, and reporting security risk scorecards and metrics. Collaborating and coordinating with cross-functional teams on information security risks, including third-party risks for all system-wide asset categories and private and confidential data Purchasing and maintaining tools or IT systems to manage and track compliance, risk, and third-party management processes and documentation. Identifying the human and cultural behaviors we must change to mitigate our organization's top information security risks. Ensuring that RUSH's information security risk program communicates RUSH's adherence to its security policies, standards, and requirements and that it is available to RUSH stakeholders. Creating a metrics framework (including KPIs/KRIs) that effectively measures RUSH's information security concerns and their remediation for risk reduction to the healthcare system. Working with external vendors and agency partners to establish quotes, production schedules, delivery, and information security program risk materials implementation. Develop and implement strategy, goals and objectives for third-party vendor reviews across RUSH's healthcare system: Create operational processes and procedures to manage cybersecurity information risk reviews of third-party vendors. Create performance metrics and reporting to develop meaningful data on cyber risk categories across the RUSH healthcare system. Create Board Level reporting on vendor review performance metrics to analyze and predict current vendor risk trends and potential future threats Create awareness and training materials in support of business staff whose critical processes include sourcing and onboarding third-party vendors which require cybersecurity reviews Integrate third-party vendor review systems with essential RUSH Procurement and Problem Management systems for the creation of seamless vendor review workflows Create a methodology and processes to measure and manage demand queues for vendor cyber risk reviews Required Job Qualifications: Bachelor's degree 8 years of relevant experience focusing on cybersecurity GRC, vendor risk management, technology risk management, project or program management, and/or cybersecurity education and awareness. Excellent verbal and written communications skills. Self-starter with ability to work independently to create, build, and manage frameworks and programs. Ability to analyze and present critical information to all levels of staff from general employee level to Board-level reporting metrics. Ability to source, analyze, negotiate, select and manage third-party vendors to achieve program deliverables. Must have excellent interpersonal skills to effectively communicate with all levels of hospital personnel, vendors, IT personnel, and direct reports. Strong prioritization, multi-tasking, and time management skills. Explicit knowledge of third party risk management security reviews and cyber security risk governance controls, and program management practices. Ability to investigate and discover root challenges, issues, and complexity of implementations to uncover cyber risk issues. Must possess the ability to deliver clear, concise communications and presentations. Must be able to train others quickly and thoroughly on key cybersecurity risk concepts. Knowledge of Federal and State regulations including HIPAA, SOX, and FERPA. Knowledge of industry leading frameworks including NIST, HITRUST, PCI, ISO, SOC 2, ITIL, and COSO. Preferred Job Qualifications: Certifications such as PMP, CAPM, CISM, CISSP, ISSMP or CCISO desirable. Rush is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics.