Cybersecurity Director of Risk

Details • Department: Security • Schedule: Full Time Monday - Friday 8-5pm CT • Location: Remote • Salary: $142,936.00 - $201,792.00 per year • Eligible for an annual bonus incentive Benefits Paid time off (PTO) Various health insurance options & wellness plans Retirement benefits including employer match plans Long-term & short-term disability Employee assistance programs (EAP) Parental leave & adoption assistance Tuition reimbursement Ways to give back to your community Benefit options and eligibility vary by position. Compensation varies based on factors including, but not limited to, experience, skills, education, performance, location and salary range at the time of the offer. Responsibilities Job Summary: Our prominent healthcare organization, dedicated to patient safety and technological innovation, is currently seeking an experienced and highly technical Cybersecurity Director of Risk. This crucial leadership position holds the responsibility for establishing and advancing the organization's enterprise-wide cybersecurity risk management program, thereby ensuring the robust protection of sensitive patient data (PHI) and vital systems from evolving threats. The preferred candidate will possess a profound technical expertise in security architecture, demonstrated leadership capabilities, and comprehensive experience navigating the regulatory environment of the healthcare sector, along with the capacity to articulate risk effectively to executive leadership. Key Responsibilities: • Risk Strategy and Management • Develop, implement, and continually mature the organization's cybersecurity risk management framework (RMF), aligned with industry standards (e.g., NIST, ISO 27001) and healthcare regulations (e.g., HIPAA, HITECH). • Lead the identification, assessment, analysis, and prioritization of cyber risks across all business units, technology stacks, and third-party relationships. • Establish and track key risk indicators (KRIs) and key performance indicators (KPIs) to provide executive leadership with transparent, data-driven insights into the current risk posture. • Drive risk remediation efforts by collaborating with technical teams, translating complex security issues into actionable architectural and operational requirements. • Technical Expertise and Architecture Guidance • Possess a strong working knowledge of technical security domains such as network security, identity and access management (IAM), data loss prevention (DLP), encryption, vulnerability management, and secure software development lifecycle (SSDLC). • Evaluate technical control effectiveness and recommend architectural enhancements to ensure controls are built-in, not bolted-on. • Leadership and Governance • Provide strong leadership, mentorship, and direction to the risk and governance teams, fostering a culture of security awareness and risk-informed decision-making. • Effectively communicate technical risks in business terms. • Oversee the formal risk acceptance process, ensuring business leaders understand and formally accept residual risk. • Manage regulatory compliance audits and serve as a primary liaison with internal and external auditors regarding cybersecurity risk posture. • Healthcare Focus • * Maintain expert-level knowledge of HIPAA Security and Privacy Rules, and other relevant state and federal healthcare mandates. • Ensure the risk program adequately addresses the unique challenges of a healthcare environment, including ransomware defense, patient care continuity, and securing integrated clinical technology. • Required Experience • Minimum of twelve (12) years of experience in Information Technology and/or Cybersecurity. • A minimum of five (5) years in a leadership or senior management role specifically focused on Cybersecurity Risk Management, Governance, or Security Architecture. • Demonstrated experience operating in a highly regulated industry, with substantial experience in the healthcare sector (Hospitals, IDNs, Payers, etc.). • Proven ability to build and mature an enterprise-level risk management framework from the ground up or significantly enhance an existing one. • Technical and Architectural Skills • Deep technical understanding of modern IT and cloud architecture (IaaS, PaaS, SaaS) and associated security controls. • Proficiency with industry-standard risk methodologies and control frameworks (e.g., NIST CSF, NIST 800-30). • Familiarity with clinical systems (e.g., Epic, Cerner) and the security considerations for connected medical devices. • Relevant professional certifications highly desirable (e.g., CISSP, CISM, CRISC, CISA, CISM). • Leadership and Soft Skills • Exceptional written and verbal communication skills, with the ability to articulate complex technical risks to non-technical executive stakeholders. • Strong political acumen and proven ability to build consensus and influence change across disparate groups. • Demonstrated strategic thinking, problem-solving abilities, and decision-making under pressure. • Job Location and Hours: • The job location for this role will be primarily remote but this role will require one to be available during all standard working hours ( 8 am to 5 pm CST, Monday through Friday) via camera and team collaboration tools. • Please note that extended hours may be required on a case by case basis. • Additionally, applicants must work from the United States. Requirements Education: • High School diploma equivalency with 5 years of applicable cumulative job specific experience required, with 2 of those years being in leadership/management OR Associate's degree/Bachelor's degree with 3 years of applicable cumulative job specific experience required, with 2 of those years being in leadership/management. Additional Preferences • Bachelor’s degree in Cybersecurity, Information Security, Risk Management, Computer Science, or a related field preferred. A Master’s degree is a plus. #LI-Remote Why Join Our Team When you join Ascension, you join a team of over 134,000 individuals across the country committed to a Mission of serving others and providing compassionate, personalized care to all. Our inclusive culture, continuing education programs, career coaches and benefit offerings are just a few of the resources and tools that team members can use to create a rewarding career path. In fact, Ascension spent nearly $46 million in tuition assistance alone to support associate growth and development. If you are looking for a career where you can grow and make a difference in your community, we invite you to join our team today. Equal Employment Opportunity Employer Ascension provides Equal Employment Opportunities (EEO) to all associates and applicants for employment without regard to race, color, religion, sex/gender, sexual orientation, gender identity or expression, pregnancy, childbirth, and related medical conditions, lactation, breastfeeding, national origin, citizenship, age, disability, genetic information, veteran status, marital status, all as defined by applicable law, and any other legally protected status or characteristic in accordance with applicable federal, state and local laws. For further information, view the EEO Know Your Rights (English) poster or EEO Know Your Rights (Spanish) poster. As a military friendly organization, Ascension promotes career flexibility and offers many benefits to help support the well-being of our military families, spouses, veterans and reservists. Our associates are empowered to apply their military experience and unique perspective to their civilian career with Ascension. Please note that Ascension will make an offer of employment only to individuals who have applied for a position using our official application. Be on alert for possible fraudulent offers of employment. Ascension will not solicit money or banking information from applicants. E-Verify Statement This employer participates in the Electronic Employment Verification Program. Please click the E-Verify link below for more information. E-Verify Apply tot his job