Department Name: H3997:EVPHA Information Technology
The University of Kentucky HealthCare (UKHC) is seeking an Information Security Risk Manager to lead the risk management and compliance function. Essential duties and responsibilities include but are not limited to:
Developing and providing oversight of the risk management strategy and program
Supporting the CISO in the formulation of information technology related policies
Providing personnel management for GRC team
Planning and conducting information security risk assessments to proactively identify, mitigate, and reduce risk to the organization
Reviewing third party contracts for compliance with security requirements and recommending appropriate language as necessary
Providing guidance and recommendations in order to comply with regulatory requirements including HIPAA, FDA, CMS, and PCI-DSS
Preparing reports that identify technical and procedural findings, and providing recommended remediation strategies and solutions
Communicating risk posture, security metrics, and security issues to leadership
Guiding the development and implementation of appropriate security controls for information technology applications and infrastructure
Collaborating with technical and non-technical teams to analyze and recommend actions related to vulnerabilities and control weaknesses
Providing security requirements to be included in statements of work and other appropriate procurement documents
Developing methods to monitor and measure risk, compliance, and assurance efforts
Promoting security awareness across the organization
7+ years experience in information security
BS required, MS preferred, or equivalent experience
Expert knowledge of HIPAA, PCI, ISO 27001/27002, HITRUST, COBIT, ITIL, and risk management frameworks including ISO 27005/31000/31010, NIST SP 800-30, NIST SP 800-39 preferred
Demonstrated ability to lead and perform risk assessment/management activities
Strong analytical skills and the ability to resolve complex problems
Ability to work independently
Strong interpersonal and communication skills and ability to effectively communicate with management, staff and regulatory agencies
Policy and procedure development
Position Time Status: Full-Time
Required Related Experience:
Required License/Registration/Certification :
Certified CISSP and CISM at time of hire
Degree in Information Technology or equivalent required.
University Community of Inclusion:
The University of Kentucky is committed to a diverse and inclusive workforce by ensuring all our students, faculty, and staff work in an environment of openness and acceptance. We strive to foster a community where people of all backgrounds, identities, and perspectives can feel secure and welcome. We also value the well-being of each of our employees and are dedicated to creating a healthy place to work, learn and live. In the interest of maintaining a safe and healthy environment for our students, employees, patients and visitors the University of Kentucky is a Tobacco & Drug Free campus.
As an Equal Opportunity Employer, we strongly encourage veterans, individuals with disabilities, women, and all minorities to consider our employment opportunities.
Any candidate offered a position may be required to pass pre-employment screenings as mandated by University of Kentucky Human Resources. These screenings may include a national background check and/or drug screen.
Adjacent to downtown Lexington, UK is nestled in the scenic heart of the beautiful Bluegrass Region of Kentucky. UK's campus covers more than 814 acres, with more than 30,700 students and 13,500 full-time employees, including nearly 2,400 full-time faculty and librarians.