Manager – IT Cybersecurity Compliance

This is a fully remote position, open to applicants in Virginia.

📋 Description

• The Manager – Cyber Security Compliance is tasked with developing and sustaining the overarching cyber security compliance program.

• This role will oversee a team of cyber security compliance experts, fostering a comprehensive compliance framework and ensuring readiness for regulations, standards, and contractual obligations within Sentara Healthcare.

• Responsible for managing and reporting on cyber security compliance to align with Sentara Healthcare’s requirements.

• Reporting to the Director of GRC in Cyber Security, this position guarantees adherence to regulatory, industry, and contractual standards.

• Additionally, the Manager will formulate the strategy and implement effective processes, methodologies, and technology solutions to enhance the cyber defense of Sentara Healthcare, with an emphasis on continuous improvement, data protection, governance, risk management, and mitigation.

• As an expert in compliance and assurance, engage with both management and technical teams to refine strategies, identify control weaknesses, assess risks, and pinpoint opportunities to establish a comprehensive and robust compliance function.

• Moreover, improve engagement with business and technology control owners.

• Develop a framework and process to conduct readiness assessments for compliance with cybersecurity standards and requirements.

• Lead a team of cyber security compliance professionals to evaluate compliance against a wide range of control requirements, both internally and externally.

• Own the cyber security compliance strategy, programs, and related initiatives, including regulatory audits, compliance management, controls testing, medical device security, metrics, and risk and performance indicators.

• Have a deep understanding of key security and compliance frameworks, including but not limited to HIPAA, HICP 405(d), NIST800-171, SOC2, ISO27001, and relevant laws/regulations.

• Manage compliance initiatives to ensure control effectiveness with applicable laws and regulations, along with internal policies and procedures.

• Oversee activities in assigned IT areas to ensure compliance with internal policies and standards.

• Participate in the creation and implementation of new business initiatives involving compliance to ensure necessary functionality for supporting required compliance.

⛳️ Requirements

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (Preferred) OR 7+ years in a cyber security management position, ideally in Governance, Risk, or Compliance without a Bachelor's Degree (Required)

• Certification/Licensure CISSP (Certified Information Systems Security Professional) (Preferred)

• CISM (Certified Information Security Manager) (Preferred)

• CRISC (Certified in Risk and Information Systems Control) (Preferred)

• CISA (Certified Information Systems Auditor) (Preferred)

• 5+ years of experience in a cyber security management role, preferably in Governance, Risk, or Compliance with a Bachelor's Degree (Required)

• 7+ years of experience in a cyber security management role, preferably in Governance, Risk, or Compliance without a Bachelor's Degree (Required)

• Ideal candidates will have progressed through the ranks of Cyber Security Governance, Risk, and Compliance.

• Familiarity with various industry regulations and frameworks (PCI, HIPAA, Data Privacy Laws, ISO27001/2, NIST, HITRUST, etc.)

• Experience with GRC tools such as Service Now, Archer, etc.

• Background working in a highly regulated environment.

• Experience in information security and auditing with increasing responsibilities.

• Strong foundation in security controls, auditing, networking, and system security.

• Ability to articulate complex technical concepts in business terms.

• Assess the effectiveness of the internal security control framework and recommend modifications as business needs evolve.

• Capability to build and lead a highly motivated team.

• Detail-oriented and organized, with the ability to work under deadlines in a dynamic environment and manage multiple projects concurrently.

• Proven track record of managing and mentoring cyber security analysts at all levels.

🏝️ Benefits

• Medical, Dental, Vision plans

• Adoption, Fertility and Surrogacy Reimbursement up to $10,000

• Paid Time Off and Sick Leave

• Paid Parental & Family Caregiver Leave

• Emergency Backup Care

• Long-Term, Short-Term Disability, and Critical Illness plans

• Life Insurance

• 401k/403B with Employer Match

• Tuition Assistance – $5,250/year and discounted educational opportunities through Guild Education

• Student Debt Pay Down – $10,000

• Reimbursement for certifications and complimentary access to complete CEUs and professional development

• Pet Insurance

• Legal Resources Plan

• Colleagues have the opportunity to earn an annual discretionary bonus if established system and employee eligibility criteria is met.