We are looking for someone with a high level of knowledge in information security risk management and remediation practices, third party cyber risk, consultancy to Sr. Business Leadership, with knowledge in a broad range of security disciplines and technology areas to manage our Cyber Risk Management groups.
The Director, Cybersecurity Risk Management is a senior information assurance leader with corporate responsibility to direct and oversee all enterprise information security risk assessment, risk remediation, and third-party cyber risk management functions at Tenet. You will develop and implement strategy, vision and plans to manage information security risk to acceptable levels. This person will work closely with organizational leadership to understand business requirements to ensure identification of information related threats and vulnerabilities and alignment, implementation, and maintenance of controls according to risk profiles. The Director, Cybersecurity Risk Management manages IT Audit and Compliance Program Managers and teams as well as assisting the Chief Information Security Officer to develop and implement the enterprise information protection strategy.
Work closely with business and technology counterparts to understand enterprise objectives, initiatives, and cyber information security risk
Define, implement, and oversee the enterprise cyber information security risk and conformance management strategy
Manage the IT Audit & Compliance Program and managers to oversee the enterprise cyber information security risk management lifecycle including the completion of risk assessments, planning, treatment, tracking, and control
Manage the Third-Party Cyber Risk Assessment team to help drive cyber risk scoring of third-party suppliers and vendors
Develop, maintain, and enforce Tenet cyber information security risk management policies and standards
Ensure the identification, analysis, management, and timely communication of information related threats and vulnerabilities through management of the security risk analysis process
Evaluate and report on Tenet cyber information security risk practices and results
Perform various personnel actions ranging from interviewing, hiring, and training employees; planning, assigning, and directing work; appraising performance; rewarding and developing employees; addressing complaints and resolving problems
Manage budget, resource allocation, and forecasting tools to ensure effective use of all resources. Manage status, productivity and other management reports to ensure staff meets optimal performance
Stays abreast of relevant security regulations, laws and technologies and adjusting programs and processes as required. Drive continuous improvement in this space.
Security Compliance (SRA): Develops programs and manages a team Information Security professionals to ensure risks to Tenet data are identified and mitigated in a timely fashion including the annual HIPAA / MU security risk analysis. Drives and tracks completion of individual SRAs for all Tenet hospitals, physician practices and outpatient centers. Ensures that Security Risk Analysis continues to meet evolving threat landscape and regulatory (e.g. HIPAA/Meaningful Use) requirements.
Security Compliance (Vendor): Develops and continually refines program and manages team that ensures vendors are properly vetted and that security posture of new and existing vendors is known prior to execution of contracts.
IT Audit: Develops multiple programs and manages team of IT Auditors / Analysts that ensure Tenet is meeting regulatory, legal and other governance obligations (e.g. SOX 404, HIPAA, PCI). Defines, implements, tracks, and drives completion of multiple audits as required to ensure Tenetï¿½s internal controls are reliable. Identifies gaps in existing programs and assists in defining remediation plans.
Data Compliance: Manages team that develops and executes on programs to identify, classify and properly protect Tenet data in all areas of the company (data classification). Develops programs and leads team that defines, deploys and maintains continuous auditing plans to ensure that access to data is appropriate and that controls are effective across the enterprise.
Actively participates in efforts to define and implement the vision, strategies and goals for the governance, security, risk management and compliance framework and activities.
Identify and define projects required to maintain and improve Tenetï¿½s security, audit and compliance posture. Develop and present required documentation including business cases, cost/benefit analyses, proposals, project charters, project milestones and estimates for time-frame, budget and resources.
Bachelorï¿½s degree or equivalent work experience required
CISA, CISSP, CISM or other related certification is required
Minimum of 5-7 years of experience in a role coordinating information security and/or IT audit work
Minimum of 5 years of experience in a leadership role with multiple direct-reports
Demonstrated ability to manage multiple complex projects simultaneously
Ability to identify/assess business process and IT risks, design appropriate audit steps and plan, execute and close audits
Good working knowledge of SOX, HIPAA, HITECH, PCI and ISO principles, concepts and practices
Strong interpersonal skills and excellent organizational skills
Self-motivated, able to lead a team independently
Detail oriented, able to multitask and meet deadlines
Strong working knowledge of SharePoint lists and libraries
Advanced knowledge of Excel
Proficiency in documenting process workflows with Visio or similar tool desired
Familiarity with audit tools would be considered an asset
Primary Location: Dallas, Texas
Facility: 979-Dallas, Texas
Job Type: Full-time
Shift Type: Days
Employment practices will not be influenced or affected by an applicantâ��s or employeeâ��s race, color, religion, sex (including pregnancy), national origin, age, disability, genetic information, sexual orientation, gender identity or expression, veteran status or any other legally protected status. Tenet will make reasonable accommodations for qualified individuals with disabilities unless doing so would result in an undue hardship.
Internal Number: 1905033817
“Tenet Healthcare Corporation is a diversified healthcare services company with 115,000 employees united around a common mission: to help people live happier, healthier lives. Through its subsidiaries, partnerships and joint ventures, including United Surgical Partners International, the Company operates general acute care and specialty hospitals, ambulatory surgery centers, urgent care centers and other outpatient facilities. Tenet's Conifer Health Solutions subsidiary provides technology-enabled performance improvement and health management solutions to hospitals, health systems, integrated delivery networks, physician groups, self-insured organizations and health plans.