Manager,IT Security Risk Mgmt
Fort Worth, TX

Job Description

Job Details

Summary: The Manager of IT Security Risk Management is responsible for the CCHCS information security risk management (ISRM) program within the Information Security Office. ISRM supports the CCHCS mission through the use governance, risk and compliance activities that detect, prevent or mitigate threats to confidentiality, integrity and/or availability of information resources. In addition to mentoring, coaching and developing staff members, the Manager will utilize the components of the risk management program to identity, quantify and monitor risk on-behalf of CCHCS stakeholders. He/she will ensure stakeholders have sufficient decision information with regard to balancing operational/business needs with risk including any activities that could lead to a violation of federal/state regulations and/or CCHCS policy. The Manager will recommend administrative and technical controls to enforce compliance with CCHCS policies as well as guidelines and standards set forth by the Information Security Office. He/she will be responsible for reporting key performance indicators that will be used to gauge the effectiveness of the risk management program and foster an environment of continuous process improvement.

Required Qualifications:

* Bachelor's degree in the field of computer science and 10 years of professional IT experience in progressively responsible roles.
* At least 5 years of experience leading and/or building information security risk management programs that comply with regulations such as FISMA, FERPA, HIPAA, PCI/DSS, and the Texas Identity Theft Prevention Act.
* At least 3 years assessing or implementing security frameworks such as NIST CSF or HITRUST CSF.
* At least 3 years of professional experience managing at least two or more individuals.

Preferred Qualifications:

* Required qualifications plus 3 years of experience working with Governance, Risk and Compliance tools such as Archer or RSAM.
* Additional 3 years of professional experience with technical writing and enterprise security document creation.
* Additional 3 years of technical knowledge of industry enterprise security solutions including vulnerability scanners, data loss prevention, intrusion detection and prevention, firewalls, Mobile Device Management, or other solutions.

Cook Children's is an EOE/AA - Minority/Females/Disability/Vet