Director Information Security Risk Management

  • Full-Time
  • Nashville, TN
  • Change Healthcare
  • Posted 3 years ago – Accepting applications
Job Description
Transforming the future of healthcare isn’t something we take lightly. It takes teams of the best and the brightest, working together to make an impact.

As one of the largest healthcare technology companies in the U.S., we are a catalyst to accelerate the journey toward improved lives and healthier communities.Here at Change Healthcare, we’re using our influence to drive positive changes across the industry, and we want motivated and passionate people like you to help us continue to bring new and innovative ideas to life.

If you’re ready to embrace your passion and do what you love with a company that’s committed to supporting your future, then you belong at Change Healthcare.

Pursue purpose. Champion innovation. Earn trust. Be agile. Include all.

Empower Your Future. Make a Difference.

Title
Director Information Security Risk Management

Overview of Position
Change Healthcare is looking for a seasoned leader to drive our Information Security Risk Management program, consisting of enterprise security assessments, information security risk council, risk register, threat modeling, Governance, Risk and Compliance (GRC) Tool, and risk acceptance process. This position is critical to the overall security posture of Change Healthcare and requires the ability to exercise influence at all levels of the company including executive level across diverse business units.

The goal of the program is to reduce enterprise security risk by effectively identifying, prioritizing, and managing security risks across a variety of IT domains and tracking risks through closure. The leader will focus on enhancing our risk assessment approach and update as necessary, by staying abreast of current trends and threat intel in information security.

The candidate will drive continuous improvement of the risk management program by evaluating current program maturity, establishing clear organizational objectives and plans, and tracking progress against a maturity plan. The leader will leverage their ability to influence both executives and technical teams to drive strategic approaches to addressing risks.

What will be my duties and responsibilities in this job?

  • Proactively report program status and planning regularly to senior leadership
  • Conduct periodic and ad hoc risk assessments by reviewing control maturity with relevant control owners.
  • Enhance security risk management functions to enable the effective management of risks across the enterprise
  • Conduct risk assessments of business/IT process and procedures to identify areas of significant risk and identify root causes
  • Lead a GRC migration to automate components of the risk management program, enabling effective and efficient risk prioritization, tracking, reporting, and remediation
  • Design and implement an effective risk acceptance process, with consideration for relevant organizational requirements
  • Develop and implement enterprise risk tracking capabilities, capturing key attributes for effective reporting
  • Deliver risk reporting to IT leadership and partner with enterprise risk management functions
  • Develop risk management staff to operate key risk functions independently


What are the requirements needed for this position?

  • Bachelor's degree in MIS, IT, Related Field, or equivalent experience
  • 8+ years of experience in leading a risk management program/function
  • Experience in performing security assessments
  • Proficient within the Microsoft Office Suite
  • Preferred Certifications: Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Contrrol (CRISC), or equivalent.

What other skills/experience would be helpful to have?

  • Hands on experience with Maintain Risk Register and Threat Models
  • Previous experience migrating to new Governance, Risk and Compliance (GRC) Tool and Maintain GRC
  • Previous experience overseeing Policy Exception and Risk Acceptance Processes
  • Create and deliver powerful metrics, as well as supporting deliverables
  • Ability to partner with key stakeholders across IT and business functions to assess, articulate, and support remediation of security risks
  • Previous experience mentoring, hiring, and managing risk assessment resources, both FTE and vendor sourced

Join our team today where we are creating a better coordinated, increasingly collaborative, and more efficient healthcare system!

Equal Opportunity/Affirmative Action Statement

Change Healthcare is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, genetic information, national origin, disability, or veteran status. To read more about employment discrimination protections under federal law, read EEO is the Law at https://www.eeoc.gov/employers/eeo-law-poster and the supplemental information at https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf.

If you need a reasonable accommodation to assist with your application for employment, please contact us by sending an email to applyaccommodations@changehealthcare.com with "Applicant requesting reasonable accommodation" as the subject. Resumes or CVs submitted to this email box will not be accepted.

Click here https://www.dol.gov/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf to view our pay transparency nondiscrimination policy.

Change Healthcare maintains a drug free workplace and conducts pre-employment drug-testing, where applicable, in accordance with federal, state and local laws.

Apply to this Job