What are the responsibilities and job description for the Director, Information Security Governance, Risk and Compliance position at Roswell Park Comprehensive Cancer Center?
Title
Director, Information Security Governance, Risk and Compliance
Job Type
Regular
Company
Roswell Park Comprehensive Cancer Center
Department
Information Security
Time Type
Full time
Weekly Hours
40
Fte
1
Shift
First Shift (United States of America)
Summary
Oversees the processes and personnel involved in the Governance, Risk and Compliance (GRC) functions of the Information Security Department. Leads a team with a hands-on approach; ensures that risk assessments, security training and awareness, third party risk management, and other risk functions are performed in a consistent and thorough manner aligned with industry best practices and recognized security frameworks. Works with internal and external auditors to assess the maturity of the Information Security program. Furthers the maturity of the GRC program through the adoption and refinement of tools, standards, and processes in order to assist the overall Information Security Department to communicate and prioritize risk, and develop a risk-informed strategy for addressing current gaps and future threats. Salary is commensurate with experience.
Qualifications
Required Education and Experience
Certification Requirement
Current Cybersecurity certification, such as, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), Certified Risk and Information Systems Control (CRISC), Global Information Assurance Certification (GIAC), or equivalent information security certification.
Education and Experience
Equal Employment Opportunity Statement
Roswell Park Cancer Institute Corporation (RPCIC) and Health Research Inc. (HRI) Roswell Park Division believe that all persons are entitled to equal employment opportunities, and we do not discriminate against our employees, applicants or job seekers because of their race, color, religion, sex, sexual orientation, gender identity or expression, national origin, creed, age, disability, pregnancy-related condition, military or veteran status, marital or familial status, domestic violence victim status, citizenship status, genetic information, individual’s relationship or association with a member of a protected category or any other protected group status as defined by law.
Reasonable Accommodation Request
RPCIC and HRI are committed to working with and providing reasonable accommodation to individuals with disabilities. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the employment process, please email HR-PayAndBenefits@RoswellPark.org and let us know the nature of your request and your contact information.
Our Core Values
RPCIC and HRI are committed to providing an environment where patients, families, employees and community are treated with courtesy and respect. We support an inclusive environment that nurtures the talents, skills and abilities of each individual to embody and reflect our core values: Innovation, Integrity, Teamwork, Commitment, Compassion and Respect.
Historical Compensation Information Statement
Pursuant to Executive Order 161, no State entity, as defined by the Executive Order, is permitted to ask, or mandate, in any form, that an applicant for employment provide his or her current compensation, or any prior compensation history, until such time as the applicant is extended a conditional offer of employment with compensation. If such information has been requested from you before such time, please contact the Governor’s Office of Employee Relations at (518) 474-6988 or via email at info@goer.ny.gov.
Director, Information Security Governance, Risk and Compliance
Job Type
Regular
Company
Roswell Park Comprehensive Cancer Center
Department
Information Security
Time Type
Full time
Weekly Hours
40
Fte
1
Shift
First Shift (United States of America)
Summary
Oversees the processes and personnel involved in the Governance, Risk and Compliance (GRC) functions of the Information Security Department. Leads a team with a hands-on approach; ensures that risk assessments, security training and awareness, third party risk management, and other risk functions are performed in a consistent and thorough manner aligned with industry best practices and recognized security frameworks. Works with internal and external auditors to assess the maturity of the Information Security program. Furthers the maturity of the GRC program through the adoption and refinement of tools, standards, and processes in order to assist the overall Information Security Department to communicate and prioritize risk, and develop a risk-informed strategy for addressing current gaps and future threats. Salary is commensurate with experience.
Qualifications
Required Education and Experience
Certification Requirement
Current Cybersecurity certification, such as, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), Certified Risk and Information Systems Control (CRISC), Global Information Assurance Certification (GIAC), or equivalent information security certification.
Education and Experience
- Master's degree in Computer Science, Information Systems or a related field and the equivalent of eight (8) years of full-time experience in information security related hardware, software and processes; or
- Bachelor's degree in Computer Science, Information Systems or a related field and the equivalent of ten (10) years of full-time experience in information security related hardware, software, and processes; or
- Associate's degree in Computer Science, Information Systems or a related field and the equivalent of twelve (12) years of full-time experience in information security related hardware, software, and processes; or
- High School Diploma or High School Equivalency Diploma and the equivalent of fourteen (14) years of full-time experience in information security related hardware, software and processes.
Equal Employment Opportunity Statement
Roswell Park Cancer Institute Corporation (RPCIC) and Health Research Inc. (HRI) Roswell Park Division believe that all persons are entitled to equal employment opportunities, and we do not discriminate against our employees, applicants or job seekers because of their race, color, religion, sex, sexual orientation, gender identity or expression, national origin, creed, age, disability, pregnancy-related condition, military or veteran status, marital or familial status, domestic violence victim status, citizenship status, genetic information, individual’s relationship or association with a member of a protected category or any other protected group status as defined by law.
Reasonable Accommodation Request
RPCIC and HRI are committed to working with and providing reasonable accommodation to individuals with disabilities. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the employment process, please email HR-PayAndBenefits@RoswellPark.org and let us know the nature of your request and your contact information.
Our Core Values
RPCIC and HRI are committed to providing an environment where patients, families, employees and community are treated with courtesy and respect. We support an inclusive environment that nurtures the talents, skills and abilities of each individual to embody and reflect our core values: Innovation, Integrity, Teamwork, Commitment, Compassion and Respect.
Historical Compensation Information Statement
Pursuant to Executive Order 161, no State entity, as defined by the Executive Order, is permitted to ask, or mandate, in any form, that an applicant for employment provide his or her current compensation, or any prior compensation history, until such time as the applicant is extended a conditional offer of employment with compensation. If such information has been requested from you before such time, please contact the Governor’s Office of Employee Relations at (518) 474-6988 or via email at info@goer.ny.gov.