We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
PCORI jobs

Sr Manager, Information Security

PCORI
145000.00 To 165000.00 (USD) Annually
life insurance
United States, D.C., Washington
1828 L Street Northwest (Show on map)
Feb 06, 2025

About Us

The Patient-Centered Outcomes Research Institute (PCORI) is an independent nonprofit organization authorized by Congress in 2010. Its mission is to fund research that will provide patients, their caregivers and clinicians with the evidence-based information needed to make better-informed healthcare decisions. PCORI is committed to continually seeking input from a broad range of stakeholders to guide its work.

Position Summary

The Senior Manager, Information Security and Compliance, will be part of the DIGITAL (Data, Information Security, Governance, Information Technology, Analytics, Learning & Innovation) team reporting to the Director, Information Security and Services. The position will have key Information Security team members reporting to it. The position will be primarily responsible for implementing and operationalizing the enterprise information security program at PCORI.

Key responsibilities of this role include securing enterprise information by designing and enforcing security controls, safeguards, policies, and procedures. This role will be a subject matter expert (SME) for all information security platforms and will play a lead role in developing the organization's information security architecture, as well as auditing information security policies and procedures to ensure compliance and investigating/responding to information security events. He/she will play a central role in actively promoting a culture of information security throughout the organization.

Duties and Responsibilities

The core duties and responsibilities of the Senior Information Security Manager are to provide direct oversight, supervision, and involvement (wherever needed) in the following areas -

* Developing and Enhancing the PCORI Information Security Framework:

o Develop and enhance PCORI's Information security framework based on industry standards [e.g., ISO 2700X, ITIL, ENISA, ISA-62443, COBIT/Risk IT, CIS and NIST Cybersecurity Framework]

o Create and manage a unified and flexible, risk-based control framework to integrate and normalize the wide variety and ever-changing requirements resulting from US laws, standards, and regulations

o Manage the development, implementation, continuous updates, and enforcement of security policies, standards, guidelines, and procedures to ensure ongoing security governance and oversee the approval/publication of these information security policies and practices.

o Create a framework for roles and responsibilities regarding information ownership, classification, accountability, and protection of information assets

o Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, increase the maturity of the information security, and review it with stakeholders at the executive and employee levels

* Operationalizing PCORI Information Security Framework:

o Create a risk-based process for the assessment and mitigation of any information security risk across PCORI

o Ensure all information owned, collected, or controlled by or on behalf of PCORI is processed and stored following applicable laws and other regulatory requirements, such as data privacy

o Partner with PCORI legal team to define and facilitate the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings

o Ensure Information security is embedded in the project delivery process by providing the appropriate information security policies, practices, and guidelines

o Oversee technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk

o Manage information security incidents and events to protect corporate IT assets, intellectual property, regulated data, and the company's reputation

o Monitor the external threat environment for emerging threats, and advises relevant stakeholders on the appropriate courses of action

o Develop and oversee effective disaster recovery policies and standards in partnership with the internal teams to align with the enterprise business continuity management (BCM) program

o Coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support, and in-house consulting in these areas

o Security assessments of third-party vendors, products

Incumbent(s) in this position may be required to perform other duties and special assignments not specifically stated above.

Statements outlined in this section are designated as essential job functions in accordance with the Americans with Disabilities Act of 1990.

Required Skills

o Providing direction and leadership to team members directly through direct supervision or matrix management. This includes directing, reviewing, and assigning work to team members.

o Demonstrated knowledge of common information security management frameworks and controls, such as ISO/IEC 27001, ITIL, COBIT, CIS, and NIST Cybersecurity Framework

o Knowledge of network and cloud infrastructure security architecture

o Demonstrated knowledge of information security risk management

o Exposure to cybersecurity tools and technologies in areas such as security threats & vulnerability management, intrusion detection & prevention, penetration testing, security awareness training for the end-users, etc.

o Excellent stakeholder and project management skills

o Effective communication, collaboration, and negotiation skills; ability to work effectively and efficiently in a fast-paced and dynamic environment in the context of scaling and accelerating growth and adapting to change

Required Experience

o At least 10 years of progressive, hands-on experience in building, operationalizing, and governing information security programs for organizations.

o Master's or bachelor's degree in Computer Science, Information Security or a related field from an accredited Institution

o Preferred Certifications - Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials

Compensation and Benefits

Salary Range: $145,000 - $165,000

The above range represents the salary range expected for the position; however, final offers are based on several factors such as the position's responsibilities; the candidate's experience, education, and skills; location; travel required; and current market conditions.

Subject to the terms and conditions of the applicable plans then in effect, eligible employees may participate in PCORI-sponsored medical, dental, vision, and basic life insurance plans for the employee and the employee's eligible dependents.

Conflict of Interest.

PCORI wants to ensure that prospective employees are aware of its conflict-of-interest policies so that employment deliberations take into consideration this aspect of PCORI employment. PCORI requires all PCORI employees to disclose upon commencement of their employment and on an annual basis all individual and close relatives financial, business, and personal association with the potential to bias or that have the appearance of biasing one's decisions relating to PCORI. All disclosures made by employees are made publicly available on PCORI's website. Disclosures must include all financial and business and personal associations with any health or healthcare-related organizations and include all associations with any other organizations that have the potential to bias or that have the appearance of biasing one's decisions relating to PCORI, including but not limited to vendors or other third parties with whom PCORI has a contract or that PCORI has funded. For more information please visit PCORI-Conflict-of-Interest-Policies-Outside-Employment-Policy.pdf

PCORI conducts reference and background checks on all applicants.

PCORI recommends all members of the PCORI workforce adhere to the CDC recommendations regarding staying up to date on COVID-19 vaccination.

#LI - VL1

#LI-Hybrid

Applied = 0
MORE JOBS LIKE THIS

(web-6f6965f9bf-g8wr6)