Cybersecurity Risk Manager - Healthcare

JOB SUMMARY Hybrid position

The Cybersecurity Risk Manager plays a key role in strengthening the cyber risk management capabilities across a large, complex healthcare environment. This position leads a team responsible for identifying, assessing, and managing risks that impact clinical systems, patient data, operational continuity, and enterprise information assets.

You will collaborate with technology, clinical, compliance, and operational teams to ensure risk?management practices are:

• Well?structured, repeatable, and aligned with industry frameworks such as NIST CSF 2.0.
• Compliant with regulatory requirements, including the HIPAA Security Rule.

• Lead a team of cybersecurity analysts executing risk identification, analysis, scoring, and monitoring.
• Guide the development and continual enhancement of risk?management processes using industry frameworks (e.g., NIST CSF 2.0, HIPAA).
• Provide coaching, performance feedback, and professional development support to team members.
• Promote alignment and consistency across cybersecurity and IT functions regarding risk practices and governance.

• Develop clear, concise risk reporting through associated tooling, tailored for senior leaders and operational stakeholders.
• Track and measure progress through Objectives & Key Results (OKRs) aligned to cybersecurity and organizational priorities.
• Identify opportunities to streamline processes, drive operational excellence, and improve transparency into cyber risk.

• Oversee enterprise-wide cyber risk assessments, including but not limited to EHR systems, medical devices, IoT clinical equipment, and cloud-hosted PHI.
• Lead threat modeling and control evaluations based on NIST CSF 2.0 categories (Identify, Protect, Detect, Respond, Recover, Govern).
• Coordinate mitigation strategies with IT, Clinical Engineering, and operational leaders.
• Support risk-related governance forums and risk review discussions with leadership.
• Maintain risk registers and compliance monitoring.

• Continuously refine cyber risk processes informed by healthcare threat intelligence, regulatory changes, and HIPAA Security Rule requirements.
• Oversee periodic audits and corrective action tracking.
• Ability to execute tasks through tooling such as Service Now, M365, and Power BI.

• Master?s Degree is preferred in Cybersecurity, Information Systems, Risk Management, or related field.
• Strong understanding of healthcare technology environments (e.g., EHR systems, clinical devices, PHI handling).
• Demonstrated ability to communicate risk effectively to both technical and non-technical audiences.
• Experience working within Agile delivery environments.
• Experience with NIST CSF 2.0, HITRUST, HIPAA Security Rule, and healthcare technology environments.
• Strong understanding of clinical workflows, EHR systems, and medical device cybersecurity.
• Proficiency with GRC and risk platforms.
• Certifications such as CISSP, CISM, CRISC, HCISPP, HITRUST CCSFP, or other relevant industry certifications are strongly preferred.

• Immediate eligibility for health and welfare benefits
• 401(k) savings plan with dollar-for-dollar match up to 5%
• Tuition Reimbursement
• PTO accrual beginning Day 1

Note:

Benefits may vary based upon position type and/or level

• Education - Bachelor's or 4 years of work experience above the minimum qualification
• Experience - 5 Years of Experience