IT Risk and Compliance Manager
"The best minds of my generation are thinking about how to make people click ads … That sucks."
In the high cost world of oncology, trial and error treatment is still the norm despite enormous advances in genomic medicine. Patients are given one-size-fits-all treatments that lead to poor outcomes.
CancerIQ is building intelligent analytical technologies aimed to optimize cancer risk prediction, prevention, and treatment. We do this by providing care providers with workflow tools built upon informed decision engines and data-driven classification models. Our mission strives to engage and educate patients, and guide them through the complex, convoluted, and intimidating journey of cancer prevention.
How do you fit in?
CancerIQ is looking for a security and compliance focused mind that is diligent, meticulous, and organized, and wants to help solidify security and privacy aspects of a modern technology platform that aims to prevent cancer-related deaths.
Protecting sensitive customer health data is of utmost importance at CancerIQ. The IT HIPAA Security Risk Manager provides leadership, innovation, and operational oversight to the technology team and architectural roadmap, concerning the fulfillment of the overall goals of security compliance and data protection and privacy.
You will provide technical and security expertise to IT and business leadership and technical teams to identify cost-effective and appropriate HIPAA compliant security technology solutions and develop security reference architectures and strategies to achieve business results. You will assure successful implementation and functionality of security requirements and appropriate Business and IT policies and procedures that are consistent with CancerIQ's goals and will aid in facilitating third-party client security assessment and auditing processes.
You will proactively maintain CancerIQ's organizational security policies and compliance framework, and perpetuate awareness of trends and issues in area of security expertise, evaluate new security technologies or technology opportunities, and provide analysis of their potential impact to advantage the business.
What are we looking for?
- Bachelor of Science in a technology related discipline or 3 years of relevant experience
- 5-7 years of experience in dedicated information security risk management or governance role
- 3-5 years of experience in information technology in an area such as; networking, desktop engineering, programming or systems administration
- Strong knowledge of risk management frameworks e.g. ISO 27005, OCTAVE, NIST and COBIT 5
- Strong knowledge of HIPAA and the HITECH act
- Strong knowledge of technology risk management concepts and their application
- Strong knowledge of security implications involving a variety of technologies including but not limited to; Microsoft, Cisco, Unix/Linux, and other market leaders in technology solutions, including mobile devices.
What are some nice-to-haves?
- Graduate degree in cyber security or related area of expertise.
- Relevant security certifications (CISSP, CISM, SABSA, GIAC)
- 5-10 years of demonstrable experience leading and developing high-performing and technical teams
- Appropriate technical skills and in-depth knowledge of business unit functions and applications, including:
- Demonstrated experience and subject matter knowledge in cyber and information security for applications, web architectures, operating systems, databases, and networks.
- Experience and proven capabilities in application risk assessment, application security architecture development, web application security, and application security testing.
- Demonstrated experience in security architecture risk assessment, requirements development, secure design analysis, architecture assessment and development, and security testing of applications and systems.
- Extensive experience developing, evaluating, and implementing cyber and information security architectures, technologies, standards, and practices to secure applications and IT systems.
- Demonstrated knowledge and experience in the implementation of governance frameworks and security risk management processes, such as NIST, ISO, and COBIT guidelines and standards.
- Demonstrated experience in addressing regulatory compliance for the security requirements in applicable laws and regulations, such as NERC CIP, SOX, PCI DSS, and HIPAA.
- Solid understanding and experience with security development lifecycle (SDL) processes for internally developed applications, including the web-based and Internet facing components.
- Knowledge and experience in application security standards, methodologies, and technologies.
- Solid capability to assess application and web architectures and operating systems for vulnerabilities and develop appropriate security countermeasures.
- Solid knowledge and experience with IT security aspects of operating systems, Active Directory, database (SQL) access, LDAP, Microsoft SharePoint, and web server configurations.
- Experience in assessing, configuring, and testing security applications and systems, such as Cisco firewalls, security appliances, IDS/IPS, SSL or TLS, IPSec, and web services security.
- Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff.
- Self-motivated learning
- Public artifacts and outreach such as blogs, open-source contributions, conference presentations
- Strong communications skills such as empathy, listening, and conflict resolution
- A good sense of humor
- Competitive pay and benefits (health insurance, travel subsidies, discount programs)
- No dress code. Funny graphic tees are encouraged. We’re even okay with fedoras.
- Transportation. We’re located in Streeterville, with easy access to buses and a the Red Line a short walk away.