Our client, a global leading retailer, is looking to add a Manager of Information Security to their growing team! The Manager will be responsible for designing, developing, implementing, and monitoring of the information security risk management program. This person will consult and interface with industry leaders across the company to design scalable security and IT compliance processes to support company growth while managing risks. Daily responsibilities will include developing and driving the Information security risk assessment framework and program as well as collaborating with enterprise risk assessment management function to gain alignment. The Manager will handle the risk register, prepare risk reports, and facilitate risk remediation in partnership with business and IT stakeholders. In addition, they will create and maintain information security policies and standards aligned with HITRUST, HIPAA, ISO 27001, PCI, and NIST CSF, addressing compliance and legal obligations. Some experience in security or compliance is a must, paired with an understanding of developing and conducting information security risk assessment frameworks and assessments. Candidates with experience in a management role and/or certifications such as Certified Information Systems Security Professional (CISSP), PCI DSS, Certified HIPAA Privacy Security Expert (CHPSE), or Certified Information Security Manager (CISM) will be considered first. This is a hybrid role, and the candidate will need to be in the office two days per week.

GENERAL FUNCTION
Our client is seeking a manager to build and lead a security risk management, controls, and compliance program. The manager will be responsible for designing, developing, implementing, and monitoring of information security risk management program. This person will consult and interface with industry leaders across the company to design scalable security and IT compliance processes to support company growth while managing risks.

MAJOR DUTIES AND RESPONSIBILITIES

• Develop and drive the Information security risk assessment framework and program and collaborate with enterprise risk assessment management function to gain alignment
• Manage risk register and prepare risk reports, facilitate risk remediation in partnership with business and IT stakeholders
• Create and maintain information security policies standards-aligned with HITRUST, HIPAA, ISO 27001, and  PCI, NIST CSF addressing compliance and legal obligations
• Support the company’s corporate compliance initiatives including HITRUST, ISO 27001, SOC 1, SOC 2, ISO 27001, and PCI
• Engage and manage external auditors supporting IT security and compliance assessments
• Support leadership to develop and expand continuous monitoring processes to assess compliance with information security policies and standards including data mapping, data inventory, and data discovery
• Conduct internal assessments to evaluate the disposition of data and operational effectiveness of policies, standards, and internal control framework to manage data
• Implement compliance assessment methods and approaches to increase compliance with documented policies and standards; track progress against defined treatment plans to verify completion of remedial activities as needed
• Provide business units with recommendations to improve compliance with information security policies and standards and external requirements

 BASIC QUALIFICATIONS

• Considerable experience in security or compliance
• A deep understanding of developing and conducting information security risk assessment frameworks and assessments
• Experienced in building security and compliance programs with a variety of frameworks (e.g., HITRUST, SOC 2, ISO 27001, HIPAA, NIST, PCI, etc.)
• Understand data mapping/discovery, DLP, and data inventory tools
• Strong project management skills and a strong ability to work with minimum direction and possess a high drive for results
• Organized and an excellent written and verbal communicator
• Able to handle a number of simultaneous projects and tasks while demonstrating urgency and ownership to drive issues to completion

PREFERRED QUALIFICATIONS

• Some experience in a management role
• Certified Information Systems Security Profession (CISSP), PCI DSS, Certified HIPAA Privacy Security Expert (CHPSE), Certified Information Security Manager (CISM), Global Information Assurance Certification (GIAC), or related
• Experience or knowledge of healthcare or health insurance
• Knowledge of HIPAA-related related vendor requirement