IT Security Risk and Compliance Manager

About the position

Responsibilities

• Provide supervision, guidance, and oversight of the WAHBE IT Security Risk and Compliance Team, ensuring effective execution of responsibilities and alignment with organizational goals.
• Develop, maintain, and implement cybersecurity compliance deliverables, ensuring they are regularly updated to meet evolving Centers for Medicare & Medicaid Services (CMS), the Internal Revenue Service (IRS) and WAHBE requirements. Deliverables include but are not limited to System Security Plan, Safeguard Security Report, and Annual Attestation.
• Conduct comprehensive and complex cybersecurity risk assessments to identify and evaluate potential threats and vulnerabilities.
• Independently perform thorough risk analysis, leveraging advanced technical expertise to evaluate vulnerabilities, cyber threats, and the effectiveness of security controls.
• Ensure security controls align with WAHBE IT Security standards and policies, while maintaining compliance with applicable federal regulations, including Centers for Medicare & Medicaid Services (CMS) and the Internal Revenue Service (IRS).
• Develop and implement an Information security risk management framework including gap analysis, remediation timelines, regular reviews and updates.
• Develop risk management metrics and reports to effectively communicate remediation efforts, risk treatment progress, and enhancements to WAHBE's overall security posture.
• Develop, track, and coordinate risk mitigation plans for federal reporting including Corrective Action Plan, Plan of Action and Milestones.
• Develop and implement processes to validate and verify the completion of remediation activities and reevaluate control effectiveness as needed to ensure ongoing risk mitigation.
• Collaborate with Compliance Officer, Information Security Manager, Cloud/Infrastructure Manager, Lead Product Owner, Tech Ops and other IT stakeholders for risk mitigation and control implementation.
• Manage Center for Medicare and Medicaid Services (CMS) and Internal Revenue Service (IRS) security audits and safeguard reviews.
• Manage and support third party security risk assessment as mandated by federal regulations. Develop, track, maintain and coordinate resulting risk mitigation plans for any findings.
• Maintain and update WAHBE's Information Security policies and procedures with evolving CMS, IRS and WAHBE requirements.
• Review laws, regulations and legal agreements for security and privacy language to permit authorized, collection, use, maintenance, and sharing of Personally Identifiable Information (PII) and Federal Tax Information (FTI).
• Foster innovation and manage risks during major transformations.
• Provide regular briefings and updates to CISO and engage with Enterprise Risk and Compliance Committee.
• Communicate any obstacles that hinder successful and timely completion of compliance deliverables to the CISO promptly.
• Collaborate with external partners in alignment of technology, processes and procedures to meet WAHBE policy, state and federal regulations.
• Work as liaison for technical, business and external partners for audits, assessments and reviews.
• Recruit, hire, lead, mentor, and retain

talented risk and compliance staff.

• Other duties as assigned by the CISO.

Requirements

• Bachelor's degree in engineering or technology-related major and ten years of experience with increasing management responsibilities (minimum of 5 years' experience in staff management).
• Five years of experience leading and managing staff and contractor resources within IT risk and compliance domains.
• Excellent understanding of standards and guidelines to include CMS standards such as Minimal Acceptable Risk Standards for Exchanges (MARS-E 2.2) and Acceptable Risk Controls for ACA, Medicaid, and Partner Entities (ARC-AMPE) and/or Internal Revenue Service (IRS) standards such as Publication 1075.
• Excellent understanding of audit processes, standards, and procedures.
• Strong understanding of best practices in testing methods and metrics.
• Upholds the highest ethical standards, demonstrating honesty, transparency, and consistency in words and actions. Takes responsibility for decisions, maintains confidentiality, and adheres to organizational policies and regulatory requirements.
• Motivated self-starter with initiative to take independent action and accept responsibility for your actions.
• Excellent project management skills and able to set clear timelines, defined roles, and practice effective change management.
• Ability to prioritize and manage multiple projects simultaneously and follow-through on issues in a timely manner.
• Strong interpersonal skills; ability to work with all levels of internal management and staff, as well as outside clients, vendors, diverse populations, stakeholder groups, and customers.
• Skilled in resolving conflicts and addressing disagreements among team members by utilizing active listening and fostering open dialogue.
• Creative and proactive problem solver; must possess the ability to make independent decisions and judgments about work priorities.
• Well organized, flexible, proactive, resourceful, and efficient with strong attention to detail.
• Strong understanding of contracting processes and procedures and contract management.
• Ability to maintain a high level of confidentiality. Nice-to-haves
• Excellent understanding of National Institute of Standards and Technologies (NIST) security guidelines, outlined in SP 800-53 Rev 5 and NIST Risk Management Framework (RMF), outlined in SP 800-37 Rev.,
• Proven ability to develop and implement change management strategies, including stakeholder engagement, communication plans, and training programs, to ensure smooth transitions and sustainable adoption of new processes or technologies.
• Excellent verbal and written communication skills.
• Demonstrates remarkable composure and resilience in fast-paced, high-pressure environments, consistently maintaining focus and delivering results.
• Foster a positive and collaborative approach to risk management within a dynamic, fast-paced organizational culture. Apply tot his job

Apply tot his job Apply To this Job