IT Security Risk Mgr
JPS Health Network · Fort Worth, TX · 5 days ago
FinanceFull-time
Job Summary
The IT Security Risk Manager is a key member of the Enterprise Risk Management team within the Tarrant County Hospital District’s Office of Legal Affairs. Reporting to the Deputy General Counsel, this role is responsible for leading the identification, assessment, monitoring, and mitigation of information technology and security risks across the health system.
The IT Security Risk Manager plays a critical role in ensuring that information systems are appropriately protected and aligned with applicable regulatory requirements, industry standards, and internal policies.
Essential Job Functions & Accountabilities
- Conducts risk assessments and reviews of the IT control framework to identify control gaps and risk exposures.
- Partners with IT, cybersecurity, infrastructure, and business leaders to assess and reduce technology and security risk.
- Provides risk guidance and recommendations for new initiatives, technologies, system implementations, and significant system changes.
- Facilitates IT security risk workshops, training sessions, and awareness programs for employees and stakeholders.
- Assists with cybersecurity incident investigations, including root cause analysis and remediation tracking.
- Participates in business continuity and disaster recovery planning, testing, and evaluation activities.
- Recommends and evaluates controls to enhance system resilience and minimize operational and security impact.
- Identifies and supports the implementation of practical and cost-effective solutions to IT security and risk issues.
- Provides aggregated risk oversight and supervision for high-impact IT service areas.
- Develops, analyzes, and presents reports on key IT risk metrics, assessments, and activities to management and stakeholders.
- Builds and maintains effective working relationships with risk team members, Enterprise Risk Management, Legal, IT, Compliance, and other key partners.
- Provides guidance in the development, implementation, and communication of IT risk-related policies, standards, and procedures.
- Establishes and maintains an external professional network with IT risk peers, industry groups, and applicable risk forums.
- Coordinates and works collaboratively with internal and external auditors, as requested.
- Evaluates alternative strategies to reduce the organization’s exposure to catastrophic and operational loss.
- Supports Office of Legal Affairs projects and strategic initiatives related to IT risk and security.
Qualifications
- Bachelor’s degree in information technology, Computer Science, Cybersecurity, Risk Management, or related field of study from accredited college, or university. 5+ years of experience in IT risk management, cybersecurity, IT audit, or IT governance; to include; experience with IT risk frameworks, cloud platforms and conducting vendor risk assessments and third-party reviews.
- Preferred qualifications: Master’s Degree in Information technology, Computer Science, Cybersecurity, Risk Management, or related field of study from accredited college, or university. Experience in IT cloud environments and incident response. Experience managing enterprise-wide risk programs. Experience working in IT or Risk Management in the healthcare sector, and supporting regulatory, audit, or compliance programs. Certified in one of the following: CRISC (Certified in Risk and Information Systems Control), CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), and CEH, CompTIA Security+, or other cybersecurity certifications.