HMSA
Senior Manager, Cyber Security Risk Management
HMSA, Honolulu, Hawaii, United States, 96814
Cyber Security Risk Management:
Leads and manages HMSA's IT Risk Management program leveraging IT Risk management best practices, industry, and frameworks.
Create roadmaps in support of CISO strategy.
Ensure Risk Register is updated and communicated. Ensure Risk Remediation efforts and corrective action plan is tracked, prioritized, and documented. Work with other IT areas and VMO on identifying, documenting, tracking risks.
Create and update cyber security risk management related policies and procedures leveraging industry best practices and Enterprise NIST CSF.
Create, maintain, and execute Cyber Security risk management roadmap.
Conduct Cyber Security Risk Assessments.
Manage Exceptions related Cyber Risk to include on-premise and cloud-related risks.
Support Enterprise IT Audits; Collaborate with Internal; act as the main point of contact for Cyber Security Risk.
Effectively leverage HMSA Cyber Security vendors to align with HMSA's Cyber Security Risk Management needs.
Third Party Cyber Security Risk Management:
Create and maintain Third party Risk Management policies and procedures.
Create and maintain a Corrective Action Plan for Third Party Cyber Security Risks.
Work effectively and collaborate with other HMSA functions such as VMO, Compliance, IT Security, Privacy on tracking and remediating Corrective Action Plan activities.
Centralize and maintain third party risks; including risk responses documentation from third parties.
Manage Exceptions related Cyber Risk related to third parties.
Work with VMO and Privacy office, Legal on tracking Business Associates Agreements.
Lead all cyber security corrective action plans associated with Cyber Risk Management.
Cyber Security Training and Awareness:
Create, maintain policies related to Cyber Security.
Prepare content and conduct training related to Cyber Security.
Conduct phishing exercises/campaigns and training related to phishing risks.
Work with other teams such as privacy on training initiatives.
Personnel Management:
Provide leadership, manage, and coach cybersecurity unit staff in overall Information Security Program management. Provide management support including personnel, budget, and other administrative responsibilities, (i.e., mentoring, performance management, career planning and counseling, etc.).
Manage budget to ensure the organization's cyber security program is conducted in a cost conscious and financially responsible manner.
Other Duties/Functions:
Perform all other miscellaneous responsibilities and duties as assigned or directed.
#LI-Hybrid#J-18808-Ljbffr
Leads and manages HMSA's IT Risk Management program leveraging IT Risk management best practices, industry, and frameworks.
Create roadmaps in support of CISO strategy.
Ensure Risk Register is updated and communicated. Ensure Risk Remediation efforts and corrective action plan is tracked, prioritized, and documented. Work with other IT areas and VMO on identifying, documenting, tracking risks.
Create and update cyber security risk management related policies and procedures leveraging industry best practices and Enterprise NIST CSF.
Create, maintain, and execute Cyber Security risk management roadmap.
Conduct Cyber Security Risk Assessments.
Manage Exceptions related Cyber Risk to include on-premise and cloud-related risks.
Support Enterprise IT Audits; Collaborate with Internal; act as the main point of contact for Cyber Security Risk.
Effectively leverage HMSA Cyber Security vendors to align with HMSA's Cyber Security Risk Management needs.
Third Party Cyber Security Risk Management:
Create and maintain Third party Risk Management policies and procedures.
Create and maintain a Corrective Action Plan for Third Party Cyber Security Risks.
Work effectively and collaborate with other HMSA functions such as VMO, Compliance, IT Security, Privacy on tracking and remediating Corrective Action Plan activities.
Centralize and maintain third party risks; including risk responses documentation from third parties.
Manage Exceptions related Cyber Risk related to third parties.
Work with VMO and Privacy office, Legal on tracking Business Associates Agreements.
Lead all cyber security corrective action plans associated with Cyber Risk Management.
Cyber Security Training and Awareness:
Create, maintain policies related to Cyber Security.
Prepare content and conduct training related to Cyber Security.
Conduct phishing exercises/campaigns and training related to phishing risks.
Work with other teams such as privacy on training initiatives.
Personnel Management:
Provide leadership, manage, and coach cybersecurity unit staff in overall Information Security Program management. Provide management support including personnel, budget, and other administrative responsibilities, (i.e., mentoring, performance management, career planning and counseling, etc.).
Manage budget to ensure the organization's cyber security program is conducted in a cost conscious and financially responsible manner.
Other Duties/Functions:
Perform all other miscellaneous responsibilities and duties as assigned or directed.
#LI-Hybrid#J-18808-Ljbffr