Conexess – Conexess Design Skip to main content

IT Risk & Compliance Manager

Job Title
IT Risk & Compliance Manager
Job ID
967610
Location
Brentwood,  TN
Other Location
Description
IT Risk & Compliance Manager

 
Summary:
The role of the IT Risk & Compliance Manager will be to support and maintain numerous proactive risk programs. The programs this role will interact with include, but will not be limited to, the following:
  • Incident Response Management 
  • Disaster Recovery & Business Continuity 
  • Vendor Risk Management Program 
  • IT Compliance Management 
  • Internal Business Process Risk Management
  • Policy & Procedure Development and Maintenance 
  • Contractual Language and BAA Review 
  • Security Awareness Training Compliance & Management 
  • Systems Security Documentation
 
This role entails regular interactions with upper management across various internal departments, as well as regular interactions with client program and risk assessment representatives. As such, this position will entail equal parts customer-facing and internal-facing efforts. This position requires considerable elements of documentation generation and maintenance to a level that is both professional and client presentable.


Essential Functions:
  • Develop or implement risk-assessment models or methodologies
    • Gather risk-related data from internal or external resources on a regularly set basis
    • Maintain input or data quality of risk management systems
  • Develop executive level monthly risk reports which recommend ways to control or reduce risk
  • Identify key risks and mitigating factors of potential investments, such as asset types and values, legal and ownership structures, professional reputations, customer bases, or industry segments.
  • Lead inter-departmental teams in the establishment, coordination, and implementation of risk management programs. 
  • Maintain company compliance registrars including those relating to HIPAA/HITECH, PCI-DSS, ISO, and NIST 800 Series. 
  • Review existing and proposed contractual language with both clients and vendors to determine acceptability. 
  • Respond to and manage client security audits, risk assessments, and data calls. 
  • Manage organizational security and privacy policies
  • Manage employee acceptance and acknowledgement of policies
  • Develop Business Continuity planning & activities
    • Systems recovery plans for physical locations with critical assets such as data centers.
    • Business operations continuity plans for multiple diverse business units, in cooperation with respective departmental representation. 
    • Analyze impact on, and risk to, essential business functions or information systems to identify acceptable recovery time periods and resource requirements.
    • Develop emergency management plans for recovery decision making and communications, continuity of critical departmental processes, or temporary shut-down of non-critical departments to ensure continuity of operation and governance.
    • Establish, maintain, or test call trees to ensure appropriate communication during disaster.
    • Lead and document live disaster recovery exercises, conduct calling trees. 
    • Conduct Business Impact Analysis as systems and architectures change.
 
Requirements
  • A Bachelor’s degree from an accredited university 
  • Strong background in diverse risk management areas in the IT, healthcare, and federal sectors. 
  • Strong background in Information Security and Privacy policy development and management. 
  • Working knowledge of key compliancy regulations and requirements specific to HIPAA, ITIL, ISO 27001, PCI-DSS, HITRUST, & NIST 800 series.
  • Thorough knowledge in Information Security principles, procedures and practices, web application security, proven knowledge of information controls and audit methodology for business systems and data processing environments. 
  • Demonstrated experience working with risk management, incident response, BCP/DR programs. 
  • Working knowledge of current and emerging quality/risk management theory, industry best practices and quality frameworks such as ISO, Lean Six Sigma, CMMi and ITIL. 
  • Strong working knowledge and application of Microsoft Office Suite (Word, Excel, PowerPoint, SharePoint). 
  • Exceptional written, presentation and oral communication skills.

Option 1: Create a New Profile