Apply on Employer Site

Ascension · 5 hours ago

Cybersecurity Director of Risk

United States

Full-time

Remote

Director/Executive

$143K/yr - $202K/yr

12+ years exp

Ascension is a prominent healthcare organization dedicated to patient safety and technological innovation, currently seeking an experienced Cybersecurity Director of Risk. This leadership role is responsible for establishing and advancing the organization's cybersecurity risk management program to protect sensitive patient data and vital systems from evolving threats.

CharityHealth CareHospitalNon Profit

No H1B

Responsibilities

Develop, implement, and continually mature the organization's cybersecurity risk management framework (RMF), aligned with industry standards (e.g., NIST, ISO 27001) and healthcare regulations (e.g., HIPAA, HITECH)

Lead the identification, assessment, analysis, and prioritization of cyber risks across all business units, technology stacks, and third-party relationships

Establish and track key risk indicators (KRIs) and key performance indicators (KPIs) to provide executive leadership with transparent, data-driven insights into the current risk posture

Drive risk remediation efforts by collaborating with technical teams, translating complex security issues into actionable architectural and operational requirements

Possess a strong working knowledge of technical security domains such as network security, identity and access management (IAM), data loss prevention (DLP), encryption, vulnerability management, and secure software development lifecycle (SSDLC)

Evaluate technical control effectiveness and recommend architectural enhancements to ensure controls are built-in, not bolted-on

Provide strong leadership, mentorship, and direction to the risk and governance teams, fostering a culture of security awareness and risk-informed decision-making

Effectively communicate technical risks in business terms

Oversee the formal risk acceptance process, ensuring business leaders understand and formally accept residual risk

Manage regulatory compliance audits and serve as a primary liaison with internal and external auditors regarding cybersecurity risk posture

Maintain expert-level knowledge of HIPAA Security and Privacy Rules, and other relevant state and federal healthcare mandates

Ensure the risk program adequately addresses the unique challenges of a healthcare environment, including ransomware defense, patient care continuity, and securing integrated clinical technology

Qualification

Cybersecurity Risk ManagementSecurity ArchitectureRegulatory ComplianceTechnical Security DomainsRisk MethodologiesHealthcare KnowledgeProfessional CertificationsLeadershipCommunication SkillsStrategic Thinking

Required

Minimum of twelve (12) years of experience in Information Technology and/or Cybersecurity

A minimum of five (5) years in a leadership or senior management role specifically focused on Cybersecurity Risk Management, Governance, or Security Architecture

Demonstrated experience operating in a highly regulated industry, with substantial experience in the healthcare sector (Hospitals, IDNs, Payers, etc.)

Proven ability to build and mature an enterprise-level risk management framework from the ground up or significantly enhance an existing one

Deep technical understanding of modern IT and cloud architecture (IaaS, PaaS, SaaS) and associated security controls

Proficiency with industry-standard risk methodologies and control frameworks (e.g., NIST CSF, NIST 800-30)

Familiarity with clinical systems (e.g., Epic, Cerner) and the security considerations for connected medical devices

Exceptional written and verbal communication skills, with the ability to articulate complex technical risks to non-technical executive stakeholders

Strong political acumen and proven ability to build consensus and influence change across disparate groups

Demonstrated strategic thinking, problem-solving abilities, and decision-making under pressure

High School diploma equivalency with 5 years of applicable cumulative job specific experience required, with 2 of those years being in leadership/management OR Associate's degree/Bachelor's degree with 3 years of applicable cumulative job specific experience required, with 2 of those years being in leadership/management