Be an early applicantLess than 25 applicants

Company

First Quality · 8 hours ago

Technology Risk Lead

Pennsylvania, United States

Full-time

Remote

Senior Level

6+ years exp

Maximize your interview chances

ConsumerHealth Care

Hiring Manager

Adam Rubenstein

Insider Connection @First Quality

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Perform technology risk assessments and control assessments to ensure systems and applications (on-prem and in the cloud) are complying with First Quality policies, applicable regulatory and legal requirements, and leading industry frameworks and practices.

Assist with the Cyber Business Impact Analysis (CBIAs) process to determine the overall confidentiality, integrity, and criticality of all systems and platforms.

Mature the Information Security Risk Management Program by managing the IS risk register and ensuring appropriate risk management strategies are in place and followed up on.

Meet with business stakeholders to quantify risks across the organization and maintain the top board level security risks.

Develop and drive the implementation of security best practices and standards to mature the overall IS Risk Management Program which includes defining security system and application standards of control.

Provide GRC advisory services to the business (technical and non-technical) to ensure Information Security standards are implemented and appropriate risk mitigation strategies are implemented.

Work with the Manager of Information Security Governance, Risk, Compliance and Strategy as well as senior leadership to determine the acceptable level of risk for enterprise computing platforms.

Liaise with key functional teams such as HR, IT, Digital Marketing, Finance, Internal Audit, Enterprise Risk, Quality, Office of General Counsel, and the Business to identify new applications and service providers in use and the associated security controls necessary to secure the data.

Investigates incidents and events that include potential HIPAA and other data breaches, data leakage, brand reputational risks, malware propagation, system compromises etc.

Assist with operationalizing the Data Loss Prevention (DLP) Program by reviewing and enhancing security technologies, configurations, and policy alerts from systems such as MS Purview and Compliance Center, CrowdStrike, Palo Alto, Netskope etc.

Establish and maintain Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Data Governance Security Program and initiatives.

Oversee the enterprise wide IS Security Awareness Program which includes phishing simulations, computer-based training, proactive communications on latest threats, workshops, and newsletters.

Promote a security mindset through enterprise and functional team specific presentations and initiatives.

Work with the Office of General Counsel and both the Director and Manager of Information Security Governance, Risk, Compliance and Strategy to ensure the Information Security team stays abreast of new regulatory, legal and/or compliance security and privacy requirements to compliance against.

Ensure compliance with HIPAA and applicable legal and regulatory requirements.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Information Security Risk ManagementSecurity CertificationsTechnical Risk AssessmentData GovernanceCompliance KnowledgeGRC Tools ExperienceOperational Technology SecuritySecurity Frameworks KnowledgeWindows/Mac/Linux SecurityCloud Security (Azure)SQLOracle DatabasesEndpoint Security KnowledgeNetwork Design UnderstandingSelf-management SkillsMultitasking Ability

Required

B.S. in a technology discipline (Computer Science, Information Management, Computer Engineering, Cybersecurity or equivalent)

6+ years’ experience working directly in an Information Security or Information Technology department with experience in developing testing security frameworks for compliance.

Hands-on experience with assessing security configurations in Windows/Mac/Linux environments, Azure and other cloud environments, SQL and Oracle databases.

Strong knowledge & understanding of endpoint, server, network design and topologies.

Strong understanding of a 'hacker’s' mentality.

Excellent written and oral communications skills; ability to lead discussions, present complex ideas to audiences of all sizes, and interact with all levels of the organization.

Ability to self-manage, work independently with little direction and/or supervision but also work collaboratively in a team environment.

Working knowledge of the following frameworks and regulations: ISO 27001/2, NIST 800-53, NIST CSF, CIS Benchmarks, ISF Standard of Good Practice, HIPAA Privacy Rule and Security Rule, MITTRE ATT&CK framework.

Ability to prioritize and multitask and a work approach that supports flexibility and adaptability is paramount.

Detail oriented and ability to think outside of the box to propose solutions to risks.

Ability to communicate security risks to non-technical business stakeholders.