Cyber Governance, Risk and Compliance Manager

Job Description: 

•    Develop and maintain the organization's cyber governance, risk and compliance strategy, framework, and roadmap, and ensure alignment with the organization's vision, mission, values, and objectives.
•    Establish and enforce cyber policies, standards, and procedures, and provide guidance and support to stakeholders on cyber governance, risk and compliance matters.
•    Conduct cyber risk assessments and audits, identify and evaluate cyber risks and controls, and recommend and implement appropriate mitigation measures and action plans including contract reviews, IT or business process reviews, and action plans from prior risk assessments as applicable.
•    Monitor and report on the performance and effectiveness of cyber controls and compliance, and identify and address any gaps or issues.
•    Responsible for maintaining audit/assessment documentation (controls inventory, risk register, policies and procedure, risk assessments and associated remediation plans, and other commonly requested policy and compliance documentation) for ready representation when Scottish Rite for Children (“SRC”) undergoes audits or assessments.  
•    Liaise and collaborate with internal and external stakeholders, such as senior management, IT, legal, audit, regulators, vendors, etc., on cyber governance, risk and compliance initiatives and activities.
•    Stay abreast of the latest cyber trends, threats, regulations, and best practices, and provide advice and recommendations on how to improve the organization's cyber posture and resilience.
•    Perform other duties as assigned by the supervisor or director.
•    Responsible for reviewing opportunities within IT operations to standardize or improve processes, naming conventions, unautomated (undefined or vaguely defined) processes and facilitate the documentation and operationalization of these processes into an appropriate workflow engine (helpdesk software, ERP system, etc.)
•    Follows all SRH Policy, Procedures, Standards, and Guidelines.


This staff member may be required to perform other reasonably related duties assigned by the immediate supervisor or other management.

Job/Education Experience and Requirements:
•    Bachelor’s degree in computer science, Information Technology, or a related field.
•    At least 5 years of experience in cybersecurity, risk management, or a related field.
•    Strong knowledge of IT security and cybersecurity best practices.
•    Excellent communication and interpersonal skills.
•    Ability to work independently and as part of a team.
•    Strong analytical and problem-solving skills
•    Or an appropriate combination of the 6 aforementioned education and experience requirements


Posting Summary:

Texas Scottish Rite Hospital for Children is excited to announce this opening for a Cyber Governance, Risk and Compliance Manager. Reporting to the Director, ITS, the Cyber Governance, Risk and Compliance Manager is responsible for overseeing the organization's cybersecurity policies, standards, and procedures, and ensuring alignment with legal and regulatory requirements. The manager will also lead the development and implementation of a risk management framework, conduct cyber risk assessments and audits, and monitor and report on the effectiveness of cyber controls and compliance.

The ideal candidate will have:

• A bachelor's degree in computer science, information systems, cybersecurity, or a related field, and a minimum of five years of experience in cyber governance, risk and compliance, or a similar role.
• A certification in one or more of the following: CISSP, CISM, CRISC, CISA, or equivalent.
• A strong knowledge of cybersecurity best practices, frameworks, and standards, such as NIST, ISO, COBIT, PCI-DSS, etc.
• A solid understanding of cyber risks and threats, and the ability to evaluate and mitigate them.
• A proven track record of developing and implementing cyber policies, standards, and procedures, and ensuring adherence to them across the organization.
• Excellent communication, presentation, and interpersonal skills, and the ability to communicate technical concepts to non-technical audiences.
• A high level of analytical, problem-solving, and decision-making skills, and the ability to prioritize and manage multiple tasks and projects.
• A strong sense of ethics, integrity, and professionalism, and the ability to handle confidential and sensitive information.