Description
UPMC’s Insurance Services Division is looking to hire a Manager of IT Security within the Security Risk Management team. The Manager, IT Security will lead the integrated governance, risk, and compliance (GRC) function for IT Payer Applications. The Manager, IT Security is further responsible for the identification and development of talent and for managing performance to ensure business goals and objectives are met or exceeded.
Responsibilities:
-
Manages the IT GRC program, including the controls library, risk register, policies and exception management, risk and controls assessments and reporting to produce operational and strategic risk management insights and decision support.
-
Manages performance of direct reports through performance evaluations, coaching, and mentoring.
-
Provides input on budget planning. Responsible for managing to budget.
-
Establishes and builds relationships with vendors, partners, third parties, internal teams, and groups.
-
Provides recommendations on enhancements and new initiatives.
-
Communicates effectively with team, peers, department leaders, and executive leadership. Responsible for keeping team informed on all relevant organizational information.
-
Leads and facilitates meetings.
-
Articulates business values to the team, leadership, and partners.
-
Escalates issues to the next level of management as appropriate.
Qualifications
-
Bachelor's degree required with a master's degree preferred, and at least five years of additional successive experience in a technology field in a multi-faceted user environment, with at least two years experience in a senior or lead capacity, OR Nine years of total related experience, including five years of successive experience in a technology field in a multi-faceted user environment, with at least two years experience in a senior or lead capacity.
-
Experience developing and leading an integrated, enterprise-wide governance, risk, and compliance (GRC) program.
-
Experience with IT risk management standards, practices, methods, and frameworks including FAIR, ISO 31000, OCTAVE, COBIT and NIST CSF.
-
Solid understanding of KRIs, KPIs, cyber metrics development, and operationalization.
-
Experience leading SOC 2, HITRUST, CMMC, FedRAMP or similar audits and/or certifications.
-
Security industry organization participation/leadership (ISACA, InfraGard, ISC2, ISSA, etc.)
-
Knowledge of regulatory requirements such as Health Insurance Portability and Accountability Act (HIPPA), Payment Card Industry Data Security Standards (PCI DSS).
This is a remote position
Licensure, Certifications, and Clearances:
Preferred: Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), or Certified Information Security Manager (CISM)
Preferred: Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), or Certified Information Security Manager (CISM)
UPMC is an Equal Opportunity Employer/Disability/Veteran
UPMC has a Center for Engagement and Inclusion that is charged with executing leading-edge and next-generation diversity strategies to advance the organization’s diversity management capability and its national presence as a diversity leader. This includes having Employee Resource Groups, such as Women in Information Technology (WIT) and PRIDE Health, that support the implementation of our diversity strategy.
Total Rewards
More than just competitive pay and benefits, UPMC’s Total Rewards package cares for you in all areas of life — because we believe that you’re at your best when receiving the support you need: professional, personal, financial, and more.
Our Values
At UPMC, we’re driven by shared values that guide our work and keep us accountable to one another. Our Values of Quality & Safety, Dignity & Respect, Caring & Listening, Responsibility & Integrity, Excellence & Innovation play a vital role in creating a cohesive, positive experience for our employees, patients, health plan members, and community. Ready to join us? Apply today.
