The Seattle Cancer Care Alliance (SCCA), located in Seattle, Washington, is part of a dynamic collaboration among three organizations known nationally and internationally for their patient care and research: Fred Hutchinson Cancer Research Center, University of Washington, and Seattle Children's. Over the past 25 years, these institutions have worked together to support their mission of adult and pediatric oncology patient care services, research and education.
The Information Security Program Manager, GRC will be responsible for developing, managing and executing the organizations information security governance, risk, and compliance programs. The program manager will evaluate, assess, and monitor the organization's compliance with applicable information security standards and frameworks, industry best-practices and guidelines, and applicable laws and regulations. The program manager will work closely with the Chief Information Security Officer to help coordinate and maintain SCCAs Information Security Program and assist staff in implementing security policy objectives that align with business objectives.
Lead the effort of building the Information Security Management System (ISMS) by interpreting and implementing security frameworks, regulatory requirements, and compliance audits.
Develop and maintain a consistent, repeatable process for identifying risks, qualitatively and quantitatively assessing risks, determining risk treatment, and managing associated findings and remediation plans.
Implement and maintain IT security controls, including IT security policy changes required by technical, business, or compliance changes; review and develop policies, procedures, and standards, and track exceptions when identified
Facilitate periodic security compliance reviews and audits of on-premises and hosted environments, including AWS and Azure.
Maintain compliance documentation, including managing and tracking policy exceptions.
Maintain and improve information security awareness training.
Assist in the assessment and review of new and existing technology infrastructure to ensure adequate levels of control are in place to address identified risks and develop risk mitigation techniques and processes when necessary.
Create and maintain a robust vendor risk management program.
Assist in the development and ongoing oversight of a robust vulnerability management program.
Develop, implement, and maintain IT compliance controls, including the review of existing controls for regulatory updates and perform necessary gap analysis.
Design and execute compliance tests for IT systems and coordinates required remediation and corrective action plans.
Conduct risk assessments on business and IT operational processes, procedures, and policies; interpret audit results and make conclusions on the adequacy and reliability of controls; prepare and present reports, as necessary.
Stay informed about current security and privacy laws and provide guidance to the team when evaluating new projects; and perform other duties as assigned.
Bachelors degree or equivalent work experience in a technical discipline related to Information Technology
Minimum of 6+ years of progressive experience in audit and compliance, including 4 years in information technology shared services.
Minimum of 3 years of experience in healthcare highly desired.
Strong working knowledge of common IT security regulations and/or standards, such as NIST 800-53/Cybersecurity Framework, ISO 27001/2, HIPAA, HITRUST, CIS Benchmarks, PCI DSS, and Joint Commission requirements.
Industry recognized certifications in IT Security including one of the following is preferred: CISM, CISSP, CCSP, CISA, CRISC, and/or GIAC.
Strong understanding of IT governance controls, maturity models, key performance indicators, and GRC tools.
Must understand current security threats and demonstrate a strong willingness to stay at the forefront of security developments.
Strong analytical and decision-making skills, including the ability to prioritize and work on multiple projects under time constraints.
Ability to work independently as well as in a team environment, including multi-level staff and external partners.
Excellent interpersonal and communication skills (written and verbal).
Experience with cloud and mobile security is preferred
We are committed to cultivating a workplace in which diverse perspectives and experiences are welcomed and respected. We are proud to be an Equal Opportunity and VEVRAA Employer. We do not discriminate on the basis of race, color, religion, creed, ancestry, national origin, sex, age, disability, marital or veteran status, sexual orientation, gender identity, political ideology, or membership in any other legally protected class. We are an Affirmative Action employer. We encourage individuals with diverse backgrounds to apply and desire priority referrals of protected veterans. If due to a disability you need assistance/and or a reasonable accommodation during the application or recruiting process, please send a request to our Employee Services Center at firstname.lastname@example.org or by calling 206-667-4700.
At Fred Hutchinson Cancer Research Center, teams of world-renowned scientists and humanitarians work together to prevent, diagnose and treat cancer, HIV/AIDS and other diseases. Researchers are discovering new ways to detect cancers earlier, improve treatments, and learn how to prevent cancers from growing. Although Fred Hutchinson opened its doors in 1975, its history began about 20 years before that. In 1962 Fred Hutchinson envisioned a center devoted to studying cancer, a disease that took his brother’s life. Today Fred Hutchinson is contributing to the next waves of breakthrough treatments and prevention strategies. Fred Hutchinson collaborates with the Seattle Cancer Alliance, the National Cancer Institute, and the University of Washington.
BACK TO TOP
ISACA Career Centre is Just One of the Benefits.
Discover what else ISACA has to offer!
The job you are trying to reach from was originally posted at ISACA Career Centre.