Description
-
Manages the IT GRC program, including the controls library, risk register, policies and exception management, risk and controls assessments and reporting to produce operational and strategic risk management insights and decision support.
-
Manages performance of direct reports through performance evaluations, coaching, and mentoring.
-
Provides input on budget planning. Responsible for managing to budget.
-
Establishes and builds relationships with vendors, partners, third parties, internal teams, and groups.
-
Provides recommendations on enhancements and new initiatives.
-
Communicates effectively with team, peers, department leaders, and executive leadership. Responsible for keeping team informed on all relevant organizational information.
-
Leads and facilitates meetings.
-
Articulates business values to the team, leadership, and partners.
-
Escalates issues to the next level of management as appropriate.
Qualifications
-
Bachelor's degree required with a master's degree preferred, and at least five years of additional successive experience in a technology field in a multi-faceted user environment, with at least two years experience in a senior or lead capacity, OR Nine years of total related experience, including five years of successive experience in a technology field in a multi-faceted user environment, with at least two years experience in a senior or lead capacity.
-
Experience developing and leading an integrated, enterprise-wide governance, risk, and compliance (GRC) program.
-
Experience with IT risk management standards, practices, methods, and frameworks including FAIR, ISO 31000, OCTAVE, COBIT and NIST CSF.
-
Solid understanding of KRIs, KPIs, cyber metrics development, and operationalization.
-
Experience leading SOC 2, HITRUST, CMMC, FedRAMP or similar audits and/or certifications.
-
Security industry organization participation/leadership (ISACA, InfraGard, ISC2, ISSA, etc.)
-
Knowledge of regulatory requirements such as Health Insurance Portability and Accountability Act (HIPPA), Payment Card Industry Data Security Standards (PCI DSS).
Preferred: Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), or Certified Information Security Manager (CISM)
Total Rewards
More than just competitive pay and benefits, UPMC’s Total Rewards package cares for you in all areas of life &emdash; because we believe that you’re at your best when receiving the support you need: professional, personal, financial, and more.
Our Values
At UPMC, we’re driven by shared values that guide our work and keep us accountable to one another. Our Values of Quality & Safety, Dignity & Respect, Caring & Listening, Responsibility & Integrity, Excellence & Innovation play a vital role in creating a cohesive, positive experience for our employees, patients, health plan members, and community. Ready to join us? Apply today.