This is a 6-month engagement for one of our premier clients, with the possibility of hire.

About the Role

The IT Risk Manager is responsible for establishing and maintaining UCLA Health Sciences's overall IT risk management program, which is designed to ensure that the institution’s IT systems, services, and information assets are adequately protected. The individual in this position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets regulatory and other compliance requirements. The IT Risk Manager works proactively with the various business units, vendors, other internal departments and organizations to implement practices that meet defined policies and standards for information security risk management. This position works remotely and travels to clients on a regular basis, up to 60%. 

The Ideal Candidate

The ideal candidate for this position is a proven thought leader, problem solver and integrator of people, processes and technology, as well as an effective supervisor and internal consultant capable and willing to focus on completing day-to-day tasks (hands-on). The IT Risk Manager must also possess solid domain competencies in a number of IT and IT-risk-related disciplines, including Network and Endpoint Security, IT Operations, Application Architecture, Security, Cloud, and On-premise environments, Privacy and Compliance. 

Minimum Qualifications

• Bachelor of Science required, with a focus on IT or IT-risk-related disciplines or equivalent work experience (for example, security, privacy, business continuity management, and compliance). A business degree is beneficial. 
• Professional certifications: Certified Information Security Manager, Certified Information Systems Security Professional or equivalent is beneficial. 
• Make recommendations to the CISO, Chief Compliance Security Officer, appropriate risk governance committees, line-of-business managers and directors concerning IT-risk-related controls. 
• 15 years overall IT experience with seven years of experience in IT risk management or expert knowledge of ISO Information Security standards. related discipline (for example, security, privacy, business continuity management or compliance). 
• Knowledge of regulations and standards impacting Academic Medical Centers including, but not 
• limited to HIPAA, GDPR, and FERPA as well as the NIST Cyber Security Framework, related 
• NIST publications 
• Knowledge of hardening and securing well-known versions of Windows, Apple, and Linux systems 
• Understanding of a wide variety of security threats and their potential impacts such as network intrusions, web-based attacks, malicious emails, root and user level compromises, malware, botnet infections, and other anomalous activity 
• Understanding of Network and Endpoint Security, IT Operations Processes, Application security, Application Architecture and Design in Cloud and On-premise environments 
• Knowledge of common risk management methodologies such as Control Objectives for Information and Related Technology and Committee of Sponsoring Organizations Enterprise Risk Management 
• Knowledgeable of security systems such as; Antivirus/Anti-Malware, Encryption, IDS/IPS, Firewalls, Multifactor Authentication, and Data Loss Prevention, and Logging. 

About CynergisTek

CynergisTek is a top-ranked cybersecurity and information management consulting firm dedicated to serving the healthcare industry. CynergisTek offers specialized services and solutions to help organizations achieve privacy, security, compliance, and document output goals. Since 2004, the company has served as a partner to hundreds of healthcare organizations and is dedicated to supporting and educating the industry by contributing to relevant industry associations