Manager Information Security Architecture & Compliance - Full Time
Connecticut Children's · Hartford, CT · 1 wk ago
HybridInformation TechnologyFull-time
Responsibilities
- Partner with internal and external technical teams to design, document, and implement security architecture standards and configurations.
- Ensure alignment and adherence to established security architecture and control frameworks.
- Conduct security and compliance risk assessments across healthcare applications, systems, and business processes to identify gaps.
- Recommend and implement mitigation strategies to address identified risks and vulnerabilities.
- Monitor and evaluate the effectiveness of security controls to ensure ongoing compliance with regulatory and organizational requirements.
- Collaborate with IS, clinical, and business teams to strengthen security controls, risk management practices, and compliance processes.
- Develop, review, and maintain information security and compliance policies, standards, and procedures aligned with healthcare operations.
- Provide guidance to leadership and stakeholders on security governance and compliance expectations.
- Develop and deliver security awareness and training programs tailored to healthcare staff, including data privacy and cybersecurity best practices.
- Provide guidance on the secure handling of sensitive and protected health information.
- Affiliate in the investigation of security incidents, including documentation, root cause analysis, and corrective action recommendations.
- Participate in cybersecurity preparedness activities, disaster recovery planning, and business continuity exercises.
- Provide day-to-day guidance and support to a small number of direct reports, including prioritization of work, coaching, and performance feedback.
- Mentor junior team members and contribute to their professional development in information security and compliance practices.
- Promote knowledge sharing and consistency in security and compliance approaches across the team.
- Serve as a liaison for internal and external audits, ensuring timely and accurate collection of required documentation.
- Support audit activities, including control validation, evidence gathering, and remediation tracking.
- Ensure organizational adherence to regulatory requirements and support responses to compliance inquiries and assessments.
Qualifications
- Education and/or Experience Required: High School Diploma, GED or equivalent. 3-5 years of Information security or compliance related activities. 2 years’ supervisory or management experience.
- Education and/or Experience Preferred: Bachelor’s degree in Computer Science, Information Security, or a related field. Experience with Epic system. Experience in a healthcare organization.
- Licenses and/or Certifications Required: CISSP, CISA, CRISC, CISM, CGRC, or equivalent.
- Knowledge, Skills and Abilities: Knowledge of information security principles, risk management, and mitigation strategies. Regulatory and industry compliance standards (HIPAA, HITECH, SOX, PCI/DSS). Governance, risk, and compliance (GRC) frameworks and internal control design. Leadership and mentoring skills, with the ability to guide and develop junior staff. Information security policies, procedures, and best practices. Strong verbal and written communication. Analytical thinking and problem-solving. Ability to prioritize and manage multiple tasks simultaneously. Process improvement, project management, and audit facilitation. Customer-focused and collaborative mindset.