Hawaii Medical Service Association
Senior Manager, Cyber Security Risk Management
Hawaii Medical Service Association, Honolulu, Hawaii, United States, 96814
Job Summary
Hybrid Work Environment - Must reside in Hawaii
Pay Range:
$86,500 - $179,500
Note:
Individuals typically begin between the minimum to middle of the pay range
The Senior Manager, Cyber Security Risk Manager is responsible for managing HMSA's Cyber Security Risk Management function. This position leads a cross-functional team of Cyber Security Risk Management specialists in support of the HMSA's business and Cyber Security strategy.
Duties and Responsibilities
Cyber Security Risk Management:
Leads and manages HMSA's IT Risk Management program leveraging IT Risk management best practices, industry, and frameworks.
Create roadmaps in support of CISO strategy.
Ensure Risk Register is updated and communicated. Ensure Risk Remediation efforts and corrective action plan is tracked, prioritized, and documented. Work with other IT areas and VMO on identifying, documenting, tracking risks.
Create and update cyber security risk management related policies and procedures leveraging industry best practices and Enterprise NIST CSF.
Create, maintain, and execute Cyber Security risk management roadmap.
Conduct Cyber Security Risk Assessments.
Manage Exceptions related Cyber Risk to include on-premise and cloud-related risks.
Support Enterprise IT Audits; Collaborate with Internal; act as the main point of contact for Cyber Security Risk.
Effectively leverage HMSA Cyber Security vendors to align with HMSA's Cyber Security Risk Management needs.
Third Party Cyber Security Risk Management:
Create and maintain Third party Risk Management policies and procedures.
Create and maintain a Corrective Action Plan for Third Party Cyber Security Risks.
Work effectively and collaborate with other HMSA functions such as VMO, Compliance, IT Security, Privacy on tracking and remediating Corrective Action Plan activities.
Centralize and maintain third party risks; including risk responses documentation from third parties.
Manage Exceptions related Cyber Risk related to third parties.
Work with VMO and Privacy office, Legal on tracking Business Associates Agreements.
Lead all cyber security corrective action plans associated with Cyber Risk Management.
Cyber Security Training and Awareness:
Create, maintain policies related to Cyber Security.
Prepare content and conduct training related to Cyber Security.
Conduct phishing exercises/campaigns and training related to phishing risks.
Work with other teams such as privacy on training initiatives.
Personnel Management:
Provide leadership, manage, and coach cybersecurity unit staff in overall Information Security Program management. Provide management support including personnel, budget, and other administrative responsibilities (i.e., mentoring, performance management, career planning and counseling, etc.).
Manage budget to ensure the organization's cyber security program is conducted in a cost conscious and financially responsible manner.
Other Duties/Functions:
Perform all other miscellaneous responsibilities and duties as assigned or directed.
Exempt or Non-Exempt
Exempt
Minimum Qualifications
Bachelor's degree and five years of relevant IT experience; or an equivalent combination of education (including industry certifications) and relevant work experience.
One year of supervisory/management experience.
Strong written and verbal communications skills.
Strong customer service skills.
Strong process and project management skills.
Intermediate working knowledge of Microsoft Office applications, including but not limited to Word, Excel, Outlook, and PowerPoint.
Strong working knowledge of operating systems, architecture and various software and hardware products.
Intermediate understanding and implementation capability of security best practices and technology and demonstrate proficiency in the application of established information security practices.
#J-18808-Ljbffr
Hybrid Work Environment - Must reside in Hawaii
Pay Range:
$86,500 - $179,500
Note:
Individuals typically begin between the minimum to middle of the pay range
The Senior Manager, Cyber Security Risk Manager is responsible for managing HMSA's Cyber Security Risk Management function. This position leads a cross-functional team of Cyber Security Risk Management specialists in support of the HMSA's business and Cyber Security strategy.
Duties and Responsibilities
Cyber Security Risk Management:
Leads and manages HMSA's IT Risk Management program leveraging IT Risk management best practices, industry, and frameworks.
Create roadmaps in support of CISO strategy.
Ensure Risk Register is updated and communicated. Ensure Risk Remediation efforts and corrective action plan is tracked, prioritized, and documented. Work with other IT areas and VMO on identifying, documenting, tracking risks.
Create and update cyber security risk management related policies and procedures leveraging industry best practices and Enterprise NIST CSF.
Create, maintain, and execute Cyber Security risk management roadmap.
Conduct Cyber Security Risk Assessments.
Manage Exceptions related Cyber Risk to include on-premise and cloud-related risks.
Support Enterprise IT Audits; Collaborate with Internal; act as the main point of contact for Cyber Security Risk.
Effectively leverage HMSA Cyber Security vendors to align with HMSA's Cyber Security Risk Management needs.
Third Party Cyber Security Risk Management:
Create and maintain Third party Risk Management policies and procedures.
Create and maintain a Corrective Action Plan for Third Party Cyber Security Risks.
Work effectively and collaborate with other HMSA functions such as VMO, Compliance, IT Security, Privacy on tracking and remediating Corrective Action Plan activities.
Centralize and maintain third party risks; including risk responses documentation from third parties.
Manage Exceptions related Cyber Risk related to third parties.
Work with VMO and Privacy office, Legal on tracking Business Associates Agreements.
Lead all cyber security corrective action plans associated with Cyber Risk Management.
Cyber Security Training and Awareness:
Create, maintain policies related to Cyber Security.
Prepare content and conduct training related to Cyber Security.
Conduct phishing exercises/campaigns and training related to phishing risks.
Work with other teams such as privacy on training initiatives.
Personnel Management:
Provide leadership, manage, and coach cybersecurity unit staff in overall Information Security Program management. Provide management support including personnel, budget, and other administrative responsibilities (i.e., mentoring, performance management, career planning and counseling, etc.).
Manage budget to ensure the organization's cyber security program is conducted in a cost conscious and financially responsible manner.
Other Duties/Functions:
Perform all other miscellaneous responsibilities and duties as assigned or directed.
Exempt or Non-Exempt
Exempt
Minimum Qualifications
Bachelor's degree and five years of relevant IT experience; or an equivalent combination of education (including industry certifications) and relevant work experience.
One year of supervisory/management experience.
Strong written and verbal communications skills.
Strong customer service skills.
Strong process and project management skills.
Intermediate working knowledge of Microsoft Office applications, including but not limited to Word, Excel, Outlook, and PowerPoint.
Strong working knowledge of operating systems, architecture and various software and hardware products.
Intermediate understanding and implementation capability of security best practices and technology and demonstrate proficiency in the application of established information security practices.
#J-18808-Ljbffr