Be an early applicantLess than 25 applicants

Company

Global Medical Response · 12 hours ago

Manager Cyber Security GRC

Denver, CO

Full-time

Remote

Mid, Senior Level

$121K/yr - $161K/yr

6+ years exp

Maximize your interview chances

Health CareTransportation

Actively Hiring

Insider Connection @Global Medical Response

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Work under the supervision and guidance of the Cyber Security GRC Director to scope, plan, implement and manage GRC cyber security workstreams and projects.

Execute activities to oversee and support GRC workstreams and related projects for internal and external security assessment, security vendor/supplier assessment, contract and security policy and risk evaluation and exceptions. While overseeing a team, this position requires performing in an individual contributor role as needed to ensure deliverables are met.

Staff, train, manage, and mentor GRC team resources supporting each workstream and ensuring compliance with security policies and information governance.

Manage and assist in performance of risk analyses and remediation requirements through activities such as the following:

• Respond to business and client assessment and audit requests

• Participate with Integration Management Office or others to respond to RFI/RFP requests

• Conduct research, document, and evaluate threats, risk impact, risk likelihood, and recommended remediation.

• Gather technical, administrative, physical security or other enterprise information related to threats, existing controls, and residual risks

• Oversee support for vendor risk and compliance assessment and communicate and track remediation requirements.

• Oversee development and support for Vendor Risk and Compliance assessments and communicate remediation requirements.

• Collaborate with business, legal, Privacy and Compliance, IT, client and other stakeholders to oversee review and provide security requirements and revisions for contracts, ISA, and BAA agreements.

• Partner to create and maintain GMR policies, standards and procedures to safeguard the integrity of and access to GMR systems, files, and data elements and communicate regulatory and security framework requirements.

• Analyze security policy compliance and development of information security policy exceptions including coordinating interviews, evidence collection and responses from appropriate subject matter experts, and approvals.

• Provide oversight to investigate, recommend, implement, support, and utilize risk management platforms.

• Lead and/or partner with GMR security engineers to evaluate and recommend information technology and information security products, services, and processes to reduce risk and maintain compliance with applicable policies, mandates, laws, and regulations.

• Maintain knowledge of changing technologies, and provide recommendations for adaptation of new technologies, processes, or policies.

• Provide leadership and stakeholder reporting to advise of critical information security issues and risks that may affect the company’s business objectives and/ or compliance and remediation recommendations and status.

• Manage development and delivery of required information technology and security awareness training and annual updates for GMR Workforce.

• Provide GRC and information security expertise and functional delivery for projects, risk analysis, product, vendor RFI/RFP, IMO and regulatory or other initiatives aligned to other GMR organizations. Be the trusted champion of new security technologies.

• Support GMR audits and Privacy and Compliance programs and other compliance programs as applicable.

• Progress job knowledge by tracking and understanding emerging security practices and standards, maintaining credentials, participating in educational opportunities, reading professional publications, developing professional networks, participating in professional organizations.

• Perform other security-related duties as assigned.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

GRC platformsInformation SecurityRisk ManagementCompliance frameworksHealthcare GRC experienceCISA certificationCIPP certificationCISSP certificationCRISC certification

Required

A minimum of 6 years of experience related to areas of position responsibilities and a minimum 2 years information security work experience

Minimum 1-year experience leading people, or must complete Leadership Fundamentals training within 6 months of hire

Bachelor’s degree in Computer Science, Information Security and Risk Management, Information Systems, Engineering or related major. 6 years of security related experience can be substituted.

Knowledge of GRC and metrics gathering / reporting processes.

A broad-based understanding of Information Technology, Information Security, and Risk identification and evaluation that spans technical, administrative, physical, and operational security areas.

Collaborate well with individuals across the business and IT, as well as at all levels of the organization.

Interpret internal or external business issues and recommends best practices.

Requires excellent analytical ability, consultative skills, strong judgment and the ability to work effectively in a cross-functional, multi-disciplinary, team environment.

Ability to adjust to changing priorities while multitasking effectively.

An analytical demeanor and the ability to effectively communicate with individuals across all levels the organization.

Requires strong verbal and written communication skills to effectively communicate across various levels with the ability to influence others is critical to success.

Proven ability to understand and develop expertise on new technologies quickly.

Must be well organized with excellent follow up skills to meet deadlines, coordinates work of others while fostering teamwork and cooperation, handling multiple concurrent tasks.

Preferred

Prior GRC healthcare experience preferred

Experience with GRC platforms such as RSA Archer, Allgress and/or RSAM

Working knowledge of compliance frameworks and security management standards (e.g. NIST 800-53 or NIST CSF, HITRUST, PCI DSS, HIPAA, ISO 27002, COBIT)

CISA, CIPP, CISSP, or CRISC certification (or passing of test) is preferred.