We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search

Job posting has expired

#alert
Back to search results / More jobs like this
Back to search results
New
Global Medical Response jobs

Manager Cyber Security GRC

Global Medical Response
paid time off, 401(k)
United States, Colorado, Denver
Nov 22, 2024

Manager Cyber Security Governance Risk Compliance (GRC)

Remote Colorado

Annual Compensation: $121,000 to $161,000 DOE

Why Choose GMR? Global Medical Response (GMR) and its family of solutions are dedicated to delivering compassionate, quality medical care, primarily in the areas of emergency and patient relocation services. Here you'll embark in meaningful work that will make an impact on you and the customers we service. View our employees' stories on how we provide care to the world at www.AtaMomentsNotice.com.

Job Summary:

Under the Cyber Security GRC Director's guidance, the CSS GRC Manager will oversee planning, developing, implementing, and evaluating policies and procedures for GRC cyber security workstreams and projects. They will document cyber security risks and associated remediation plans for security compliance, lead the GRC team operations supporting client and internal security risk assessment, contract review, vendor assessment, security exception processing and related project deliverables to IT partners, auditors, and stakeholders. Additionally, they will perform as an individual contributor when necessary and identify and assess security risks and requirements to stakeholders to enhance GMR's security posture and promote information security awareness.

Essential Duties and Responsibilities:

  • Work under the supervision and guidance of the Cyber Security GRC Director to scope, plan, implement and manage GRC cyber security workstreams and projects.
  • Execute activities to oversee and support GRC workstreams and related projects for internal and external security assessment, security vendor/supplier assessment, contract and security policy and risk evaluation and exceptions. While overseeing a team, this position requires performing in an individual contributor role as needed to ensure deliverables are met.
  • Staff, train, manage, and mentor GRC team resources supporting each workstream and ensuring compliance with security policies and information governance.
  • Manage and assist in performance of risk analyses and remediation requirements through activities such as the following:
    • Respond to business and client assessment and audit requests
    • Participate with Integration Management Office or others to respond to RFI/RFP requests
    • Conduct research, document, and evaluate threats, risk impact, risk likelihood, and recommended remediation.
    • Gather technical, administrative, physical security or other enterprise information related to threats, existing controls, and residual risks
    • Oversee support for vendor risk and compliance assessment and communicate and track remediation requirements.
  • Oversee development and support for Vendor Risk and Compliance assessments and communicate remediation requirements.
  • Collaborate with business, legal, Privacy and Compliance, IT, client and other stakeholders to oversee review and provide security requirements and revisions for contracts, ISA, and BAA agreements.
  • Partner to create and maintain GMR policies, standards and procedures to safeguard the integrity of and access to GMR systems, files, and data elements and communicate regulatory and security framework requirements.
  • Analyze security policy compliance and development of information security policy exceptions including coordinating interviews, evidence collection and responses from appropriate subject matter experts, and approvals.
  • Provide oversight to investigate, recommend, implement, support, and utilize risk management platforms.
  • Lead and/or partner with GMR security engineers to evaluate and recommend information technology and information security products, services, and processes to reduce risk and maintain compliance with applicable policies, mandates, laws, and regulations.
  • Maintain knowledge of changing technologies, and provide recommendations for adaptation of new technologies, processes, or policies.
  • Provide leadership and stakeholder reporting to advise of critical information security issues and risks that may affect the company's business objectives and/ or compliance and remediation recommendations and status.
  • Manage development and delivery of required information technology and security awareness training and annual updates for GMR Workforce.
  • Provide GRC and information security expertise and functional delivery for projects, risk analysis, product, vendor RFI/RFP, IMO and regulatory or other initiatives aligned to other GMR organizations. Be the trusted champion of new security technologies.
  • Support GMR audits and Privacy and Compliance programs and other compliance programs as applicable.
  • Progress job knowledge by tracking and understanding emerging security practices and standards, maintaining credentials, participating in educational opportunities, reading professional publications, developing professional networks, participating in professional organizations.
  • Perform other security-related duties as assigned

QUALIFICATIONS

Experience:
* A minimum of 6 years of experience related to areas of position responsibilities and a minimum 2 years information security work experience
* Minimum 1-year experience leading people, or must complete Leadership Fundamentals training within 6 months of hire
* Prior GRC healthcare experience preferred
* Experience with GRC platforms such as RSA Archer, Allgress and/or RSAM
* Working knowledge of compliance frameworks and security management standards (e.g. NIST 800-53 or NIST CSF, HITRUST, PCI DSS, HIPAA, ISO 27002, COBIT)

Education:
* Bachelor's degree in Computer Science, Information Security and Risk Management, Information Systems, Engineering or related major. 6 years of security related experience can be substituted.

Skills: * Knowledge of GRC and metrics gathering / reporting processes.
* A broad-based understanding of Information Technology, Information Security, and Risk identification and evaluation that spans technical, administrative, physical, and operational security areas.

* Collaborate well with individuals across the business and IT, as well as at all levels of the organization.
* Interpret internal or external business issues and recommends best practices.
* Requires excellent analytical ability, consultative skills, strong judgment and the ability to work effectively in a cross-functional, multi-disciplinary, team environment.
* Ability to adjust to changing priorities while multitasking effectively.
* An analytical demeanor and the ability to effectively communicate with individuals across all levels the organization.
* Requires strong verbal and written communication skills to effectively communicate across various levels with the ability to influence others is critical to success.
* Proven ability to understand and develop expertise on new technologies quickly.
* Must be well organized with excellent follow up skills to meet deadlines, coordinates work of others while fostering teamwork and cooperation, handling multiple concurrent tasks.

Credentials/Licenses:
* CISA, CIPP, CISSP, or CRISC certification (or passing of test) is preferred.

The application window for this position is anticipated to close on 11/29/24


EEO Statement

Global Medical Response and its family of companies are an Equal Opportunity Employer, which includes supporting veterans and providing reasonable accommodations for individuals with a disability.

Check out our careers site benefits page to learn more about our comprehensive benefit options, which include medical, vision, dental, 401k, disability, FSA, HSA, EAP, vacation and paid time off.

(web-5584d87848-9vqxv)