IT Security Risk and Compliance Manager jobs in United States
cer-icon
Apply on Employer Site
company-logo

State of Washington · 2 months ago

IT Security Risk and Compliance Manager

positionWalla Walla, WA
timeFull-time
remoteHybrid
senioritySenior Level, Lead/Staff
money$110K/yr - $165K/yr
date10+ years exp

The Washington Health Benefit Exchange is focused on improving health insurance access for residents. The IT Security Risk and Compliance Manager will oversee IT security compliance and risk management, ensuring the agency's adherence to federal and state regulations while managing a team to enhance the overall security posture.

AssociationCommunitiesEducationEmploymentEventsGovernmentInformation TechnologyNewsNon Profit

Responsibilities

Provide supervision, guidance, and oversight of the WAHBE IT Security Risk and Compliance Team, ensuring effective execution of responsibilities and alignment with organizational goals
Develop, maintain, and implement cybersecurity compliance deliverables, ensuring they are regularly updated to meet evolving Centers for Medicare & Medicaid Services (CMS), the Internal Revenue Service (IRS) and WAHBE requirements. Deliverables include but are not limited to System Security Plan, Safeguard Security Report, and Annual Attestation
Conduct comprehensive and complex cybersecurity risk assessments to identify and evaluate potential threats and vulnerabilities
Independently perform thorough risk analysis, leveraging advanced technical expertise to evaluate vulnerabilities, cyber threats, and the effectiveness of security controls
Ensure security controls align with WAHBE IT Security standards and policies, while maintaining compliance with applicable federal regulations, including Centers for Medicare & Medicaid Services (CMS) and the Internal Revenue Service (IRS)
Develop and implement an Information security risk management framework including gap analysis, remediation timelines, regular reviews and updates
Develop risk management metrics and reports to effectively communicate remediation efforts, risk treatment progress, and enhancements to WAHBE’s overall security posture
Develop, track, and coordinate risk mitigation plans for federal reporting including Corrective Action Plan, Plan of Action and Milestones
Develop and implement processes to validate and verify the completion of remediation activities and reevaluate control effectiveness as needed to ensure ongoing risk mitigation
Collaborate with Compliance Officer, Information Security Manager, Cloud/Infrastructure Manager, Lead Product Owner, Tech Ops and other IT stakeholders for risk mitigation and control implementation
Manage Center for Medicare and Medicaid Services (CMS) and Internal Revenue Service (IRS) security audits and safeguard reviews
Manage and support third party security risk assessment as mandated by federal regulations. Develop, track, maintain and coordinate resulting risk mitigation plans for any findings
Maintain and update WAHBE’s Information Security policies and procedures with evolving CMS, IRS and WAHBE requirements
Review laws, regulations and legal agreements for security and privacy language to permit authorized, collection, use, maintenance, and sharing of Personally Identifiable Information (PII) and Federal Tax Information (FTI)
Foster innovation and manage risks during major transformations
Provide regular briefings and updates to CISO and engage with Enterprise Risk and Compliance Committee
Communicate any obstacles that hinder successful and timely completion of compliance deliverables to the CISO promptly
Collaborate with external partners in alignment of technology, processes and procedures to meet WAHBE policy, state and federal regulations
Work as liaison for technical, business and external partners for audits, assessments and reviews
Recruit, hire, lead, mentor, and retain talented risk and compliance staff
Other duties as assigned by the CISO

Qualification

IT risk managementCybersecurity complianceAudit processesProject managementNIST security guidelinesStaff managementChange managementInterpersonal skillsProblem solvingAttention to detail

Required

Bachelor's degree in engineering or technology-related major and ten years of experience with increasing management responsibilities (minimum of 5 years' experience in staff management)
Five years of experience leading and managing staff and contractor resources within IT risk and compliance domains
Excellent understanding of standards and guidelines to include CMS standards such as Minimal Acceptable Risk Standards for Exchanges (MARS-E 2.2) and Acceptable Risk Controls for ACA, Medicaid, and Partner Entities (ARC-AMPE) and/or Internal Revenue Service (IRS) standards such as Publication 1075
Excellent understanding of audit processes, standards, and procedures
Strong understanding of best practices in testing methods and metrics
Upholds the highest ethical standards, demonstrating honesty, transparency, and consistency in words and actions. Takes responsibility for decisions, maintains confidentiality, and adheres to organizational policies and regulatory requirements
Motivated self-starter with initiative to take independent action and accept responsibility for your actions
Excellent project management skills and able to set clear timelines, defined roles, and practice effective change management
Ability to prioritize and manage multiple projects simultaneously and follow-through on issues in a timely manner
Strong interpersonal skills; ability to work with all levels of internal management and staff, as well as outside clients, vendors, diverse populations, stakeholder groups, and customers
Skilled in resolving conflicts and addressing disagreements among team members by utilizing active listening and fostering open dialogue
Creative and proactive problem solver; must possess the ability to make independent decisions and judgments about work priorities
Well organized, flexible, proactive, resourceful, and efficient with strong attention to detail
Strong understanding of contracting processes and procedures and contract management
Ability to maintain a high level of confidentiality

Preferred

Excellent understanding of National Institute of Standards and Technologies (NIST) security guidelines, outlined in SP 800-53 Rev 5 and NIST Risk Management Framework (RMF), outlined in SP 800-37 Rev
Proven ability to develop and implement change management strategies, including stakeholder engagement, communication plans, and training programs, to ensure smooth transitions and sustainable adoption of new processes or technologies
Excellent verbal and written communication skills
Demonstrates remarkable composure and resilience in fast-paced, high-pressure environments, consistently maintaining focus and delivering results
Foster a positive and collaborative approach to risk management within a dynamic, fast-paced organizational culture

Benefits

Employees and their families are covered by medical (including vision), dental and basic life insurance.
Staff are eligible to enroll each year in a medical flexible spending account which enables them to use tax-deferred dollars toward their health care expenses.
Employees are also covered by basic life and long-term disability insurance, with the option to purchase additional coverage amounts.
Dependent care assistance allows the employee to save pre-tax dollars for a child or elder care expenses.
Other insurance coverage for auto, boat, home, and renter insurance is available through payroll deduction.
The Washington State Employee Assistance Program promotes the health and well-being of employees.
State Employees are members of the Washington Public Employees' Retirement System (PERS).
Employees also have the ability to participate in the Deferred Compensation Program (DCP).
All state employees are covered by the federal Social Security and Medicare systems.
If you are employed by a government or not-for-profit organization, and meet the qualifying criteria, you may be eligible to receive student loan forgiveness under the Public Service Loan Forgiveness Program.
Full-time and part-time employees are entitled to paid holidays and one paid personal holiday per calendar year.
Full-time employees earn eight hours of sick leave per month.
Full-time employees accrue vacation leave at the rates specified in WAC 357-31-165(1) or the applicable collective bargaining agreement (CBA).
Washington State supports members of the armed forces with 21 days paid military leave per year.
Most employees whose family member or household member dies, or for loss of pregnancy, are entitled to five (5) days of paid bereavement leave.

Company

State of Washington

twittertwitter
Glassdoor3.7
company-logo
Washington state public employees help to create a working Washington built on education and innovation, where all Washingtonians thrive.
dateFounded in 1889
location
Olympia, Washington, USA
people-size10001+ employees
web-link
http://access.wa.gov/

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Matt Manweller
State Representative
linkedin
Company data provided by crunchbase