What are the responsibilities and job description for the Manager Information Security Architecture & Compliance - Full Time position at Connecticut Children's?
Job Description
The Manager of IS Architecture & Compliance supports the organization’s information security and compliance initiatives, ensuring adherence to internal security policies, regulatory requirements, and architectural security standards. This role partners with cross-functional teams to assess risks, implement controls, and strengthen processes across Information Technology and business functions. This role also partners with technical teams to design, document and ensure implementation compliance for new and updated Information Technology architectures. The role also develops security awareness programs, participates in disaster recovery and business continuity exercises, and assists with investigations of security incidents.
Responsibilities
Security Architecture, Risk Management, and Compliance-50%
Qualifications
Education and/or Experience Required:
Knowledge:
Connecticut Children’s is the only health system in Connecticut that is 100% dedicated to children. Established on a legacy that spans more than 100 years, Connecticut Children’s offers personalized medical care in more than 30 pediatric specialties across Connecticut and in two other states. Our transformational growth establishes us as a destination for specialized medicine and enables us to reach more children in locations that are closer to home. Our breakthrough research, superior education and training, innovative community partnerships, and commitment to diversity, equity and inclusion provide a welcoming and inspiring environment for our patients, families and team members.
At Connecticut Children’s, treating children isn’t just our job – it’s our passion. As a leading children’s health system experiencing steady growth, we’re excited to expand our team with exceptional team members who share our vision of transforming children’s health and well-being as one team.
The Manager of IS Architecture & Compliance supports the organization’s information security and compliance initiatives, ensuring adherence to internal security policies, regulatory requirements, and architectural security standards. This role partners with cross-functional teams to assess risks, implement controls, and strengthen processes across Information Technology and business functions. This role also partners with technical teams to design, document and ensure implementation compliance for new and updated Information Technology architectures. The role also develops security awareness programs, participates in disaster recovery and business continuity exercises, and assists with investigations of security incidents.
Responsibilities
Security Architecture, Risk Management, and Compliance-50%
- Partner with internal and external technical teams to design, document, and implement security architecture standards and configurations.
- Ensure alignment and adherence to established security architecture and control frameworks.
- Conduct security and compliance risk assessments across healthcare applications, systems, and business processes to identify gaps.
- Recommend and implement mitigation strategies to address identified risks and vulnerabilities.
- Monitor and evaluate the effectiveness of security controls to ensure ongoing compliance with regulatory and organizational requirements.
- Collaborate with IS, clinical, and business teams to strengthen security controls, risk management practices, and compliance processes.
- Identify and drive opportunities for process improvement, standardization, and automation across security and compliance functions.
- Develop, review, and maintain information security and compliance policies, standards, and procedures aligned with healthcare operations.
- Ensure alignment with applicable regulatory and industry standards (e.g., HIPAA, HITECH, SOX, PCI/DSS).
- Provide guidance to leadership and stakeholders on security governance and compliance expectations.
- Develop and deliver security awareness and training programs tailored to healthcare staff, including data privacy and cybersecurity best practices.
- Provide guidance on the secure handling of sensitive and protected health information.
- Assist in the investigation of security incidents, including documentation, root cause analysis, and corrective action recommendations.
- Participate in cybersecurity preparedness activities, disaster recovery planning, and business continuity exercises.
- Provide day-to-day guidance and support to a small number of direct reports, including prioritization of work, coaching, and performance feedback.
- Mentor junior team members and contribute to their professional development in information security and compliance practices.
- Promote knowledge sharing and consistency in security and compliance approaches across the team.
- Support the Director of Information Security in fostering a collaborative, accountable, and high-performing team environment.
- Serve as a liaison for internal and external audits, ensuring timely and accurate collection of required documentation.
- Support audit activities, including control validation, evidence gathering, and remediation tracking.
- Ensure organizational adherence to regulatory requirements and support responses to compliance inquiries and assessments.
Qualifications
Education and/or Experience Required:
- Education: High School Diploma, GED or equivalent.
- Experience:
- 3-5 years of Information security or compliance related activities.
- 2 years’ supervisory or management experience.
- Education: Bachelor’s degree in Computer Science, Information Security, or a related field.
- Experience:
- Experience with Epic system.
- Experience in a healthcare organization.
- CISSP, CISA, CRISC, CISM, CGRC, or equivalent.
Knowledge:
- Information security principles, risk management, and mitigation strategies.
- Regulatory and industry compliance standards (HIPAA, HITECH, SOX, PCI/DSS).
- Governance, risk, and compliance (GRC) frameworks and internal control design.
- Leadership and mentoring skills, with the ability to guide and develop junior staff.
- Information security policies, procedures, and best practices.
- Strong verbal and written communication.
- Analytical thinking and problem-solving.
- Ability to prioritize and manage multiple tasks simultaneously.
- Process improvement, project management, and audit facilitation.
- Customer-focused and collaborative mindset.
- Work independently and meet deadlines.
- Partner with cross-functional teams to drive compliance initiatives.
- Provide oversight, coaching, and feedback to team members in a supportive and constructive manner.
Connecticut Children’s is the only health system in Connecticut that is 100% dedicated to children. Established on a legacy that spans more than 100 years, Connecticut Children’s offers personalized medical care in more than 30 pediatric specialties across Connecticut and in two other states. Our transformational growth establishes us as a destination for specialized medicine and enables us to reach more children in locations that are closer to home. Our breakthrough research, superior education and training, innovative community partnerships, and commitment to diversity, equity and inclusion provide a welcoming and inspiring environment for our patients, families and team members.
At Connecticut Children’s, treating children isn’t just our job – it’s our passion. As a leading children’s health system experiencing steady growth, we’re excited to expand our team with exceptional team members who share our vision of transforming children’s health and well-being as one team.