Senior Regional Information Security Manager

Summary

As a Senior Regional Information Security Manager (RISM), you will be accountable for all security-related deliverables and compliance requirement for the accounts in your assigned region. In a typical engagement, you operate as a leader and trusted advisor in the organization, working with executive leadership, senior management and focusing specifically on health care industry regulated security requirements and environments in relation to client business objectives. The RISM helps understand and mitigate operational issues and concerns, as the accountable leader, that will plan and manage the delivery for the accounts under purview. Additionally, as a Senior RISM responsibility may include support of special information security projects and programs assigned as part of the Office of the Chief Information Security Officer (CISO) as leadership discretion.

This requires the ability to interact and influence at a senior managerial level within client organizations such as Information Governance and IT Security leads. You will be able to demonstrate industry expertise and understanding of the security governance and compliance. Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the National Institute of Standards and Technology (NIST) 800-53 framework is what the Information Security Organization will be reviewing, maintaining, and helping to assess on each designated account or health care product within Gainwell Technologies and its partners.

Your role in our mission

• Lead Security operational governance activities of multiple Accounts and/or Products.
• Escalation contact for designated region and accounts that align under the region.
• Multi-3rd party services and supplier management.
• Driving delivery excellence in security tooling and business operations (Ensuring avoidance of non-performance / non-compliance contractual penalties).
• Ensure that vulnerability management that aligns to account service level agreements (SLAs).
• Relationship management with Gainwell Technologies suppliers to client.
• Ensure that the account security plan for the selected account(s) and Products is current and working.
• Manage and report security incidents to upper management, engage as a point of leadership for incidents.
• Ensure Audit preparation, facilitation and remediation for each account and Product(s).
• Escalation contact for all Security and Compliance within given region and/or Product(s).
• Manage Security Risk and Exception to standards management.
• Ensure knowledge and implementation of security fundamentals, policies and standards (regulatory and contractual).
• Escalate and resolve Security Incidents with the Security Incident Response team.
• Coordinate delivery of Security Metrics and Reporting in support of contractual commitment.

What we're looking for

• At least 8 years management experience as a service delivery manager with 12 or more employees.
• At least 10 years’ experience working in a risk management, audit, security or technical delivery role.
• Experience as a manager of security staff, consultants, architects and/or engineers.
• Experience in working with senior security management including information governance and compliance’.
• Good understanding of Assurance Practices and Risk Management, with hands on experience.
• Experience of security processes and standards, in particular NIST 800-53, and/or ISO27001.
• Knowledge of security audit and accreditation processes.
• Ability to adapt to new security regimes.

What you should expect in this role

• Functionally reports to the Director of Information Security as part of the office of the Chief Information Security Officer (OCISO) to coordinate effort, solutions, and promote Security Practices.
• Works in conjunction with the Account Delivery Executives and Client Delivery Leaders.
• Partners and collaborates with Information Security staff and partners to leverage existing solutions and promote common standards.

The deadline to submit applications for this posting is January 20, 2025.