Trinity Health is a multi-institutional healthcare network that serves over 30 million people with compassionate healing services. The health system was formed
Manager, Information Security Risk and Consulting
Location
United States
Posted
22 hours ago
Salary
0
Seniority
Lead
Job Description
Manager, Information Security Risk and Consulting
Trinity Health
Role Description The Manager, Information Security Risk and Consulting, operating under the direction of the Director of Information Security Strategy and Planning, plays a critical role in executing and maturing the organization’s third-party and integrated risk management program. This includes oversight of enterprise risk assessments across commercial off-the-shelf (COTS), open source, and internally developed applications, as well as associated system integrations. - Identifying, assessing, and prioritizing security risks. - Ensuring appropriate controls are implemented. - Driving continuous monitoring and risk-informed decision-making across the organization. - Leading the development and reporting of key risk indicators (KRIs) and key performance indicators (KPIs). - Overseeing the design and execution of scalable risk management processes. - Building, developing, and leading a highly engaged, high-performing team of security risk professionals. Qualifications - Bachelor’s degree in Information Security or an equivalent combination of education and experience. - One or more security certifications: CISSP, ISSA, CISA, CISM, CRISC, GRCP or equivalent. - Minimum of seven (7) years of progressive experience in information services. - Minimum of three (3) years of management experience. - Strong knowledge of the HIPAA Security Rule and applicable industry security regulations. - Proven knowledge of enterprise security principles and practices. - Experience with GRC platforms (e.g., ServiceNow GRC, RSA Archer, OneTrust, or similar). - Excellent oral and written communication skills. Requirements - Minimum of three (3) years of progressively responsible experience in healthcare and/or other regulated industries. - Ability to serve as a leadership representative of the Strategy and Planning Director. - Proficiency in performing third-party risk assessments and negotiating contractual security language. - Ability to operate in an ambiguous and highly matrix organizational structure. - Some knowledge of and experience with clinical application systems. Benefits - Rooted in our Mission and Core Values, we honor the dignity of every person. - We are an Equal Opportunity Employer. Physical & Mental Requirements & Working Conditions - This position operates in a typical office environment. - Manual dexterity is needed to operate a keyboard. - Hearing is needed for extensive telephone and in-person communications. - Must be capable of traveling in the course of completing project assignments. - Frequent overtime is required to meet deadlines.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Configure and operate security scanning tools to effectively identify and analyze vulnerabilities • Remediate infrastructure vulnerabilities as they appear and put in place process to preemptively avoid recurrence • Triage, investigate, and escalate security alerts with remediation recommendations • Document procedures, best practices, and technical security standards • Collaborate with internal and external engineering teams to optimize alert rules and monitoring coverage • Provide technical thought leadership regarding the security of networks and systems • Identify scanning and monitoring gaps as well as ensuring all our dependencies are being fully audited • Support debug/testing and remediation management to enhance infosec posture • Participate in an after-hours on-call rotation to investigate and triage security alerts • Develop a deep knowledge of organizational systems, environments, and security tools • Ensure that products and services meet established security standards set by the company • Monitor networks and systems for intrusions and implement protection and recovery methods • Identify and advise on security risks associated with new development or system changes • Assist in providing access to users and applications using our security standards and best practices
• Lead recurring customer security coaching sessions, including tactical reviews, advisement sessions, and executive-level security discussions. • Review threats, incidents, posture trends, identity risks, compliance insights, and Microsoft security telemetry to identify meaningful areas for improvement. • Translate technical findings into clear, business-focused recommendations, roadmaps, and next steps. • Partner with MDR/SecOps, Customer Success Managers, consultants, and analysts to align customer priorities, risks, workstreams, and communication plans. • Help customers improve their understanding of their security environment and the effectiveness of their tools, processes, and controls. • Review and provide guidance across Microsoft security capabilities, including Microsoft Defender XDR, Microsoft Sentinel, Microsoft Entra ID, Microsoft Purview, Conditional Access, MFA, PIM, email security, insider risk, and cloud app governance. • Build and maintain customer-specific security roadmaps tied to licensing, budget, risk priorities, compliance drivers, and measurable outcomes. • Conduct security architecture and adoption planning to help customers optimize the value of their Microsoft tools and licenses. • Analyze security trends and make recommendations related to external and internal threats, including malware, identity-based risk, data leakage, and attack surface reduction. • Prepare advisement materials, tactical decks, quarterly executive summaries, and customer-facing recommendations using evidence from dashboards, analytics tools, KQL queries, reports, and telemetry trends. • Guide client conversations toward additional security enhancements, roadmap initiatives, and continuous improvement opportunities. • Monitor customer security issues, escalations, and requests, validating context and converting learnings into repeatable guidance. • Contribute to playbooks, best practices, and coaching materials while mentoring supporting consultants or analysts as needed.
Senior Security Engineer I – Customer Trust
SmartsheetFounded in 2005, Smartsheet offers collaborative work management and process automation to empower greater enterprise productivity. A leading cloud-based platfo
• Own US customer trust operations: Manage intake, triage, prioritization, and completion of customer security questionnaires, vendor risk assessments, and RFIs for US-based customers. • Respond to customer security inquiries with technical depth: Complete questionnaires accurately, respond to RFIs, and address customer security concerns with responses that demonstrate understanding of Smartsheet's architecture and security controls. • Manage questionnaire queue and ensure SLA compliance: Maintain visibility into pending assessments, track completion timelines, and escalate delays. Keep customers informed of progress and manage expectations. • Build customer relationships and provide security assurance: Become a trusted resource for customer security teams. Understand their compliance requirements, ask clarifying questions, and provide responses that build confidence in Smartsheet's controls. • Support US sales teams: Work with sales and customer success teams to remove security-related deal blockers, provide compliance assurance materials, and accelerate customer buying cycles. • Escalate and collaborate on complex assessments: Identify questions requiring specialized expertise (AI security, FedRAMP, HIPAA, specific control implementations) and escalate appropriately. Work cross-functionally to gather evidence and provide comprehensive responses. • Understand industry-specific compliance: Respond to questions about HIPAA, NIST, state privacy laws (CCPA, etc.), PCI DSS, and sector-specific requirements relevant to customer industries. • Drive process improvements: Identify opportunities to improve questionnaire completion efficiency, update response templates, and recommend changes that benefit the team and customer experience.
Senior SAP Security Consultant – GRC/AC
Mollica ITRecrutando talentos de tecnologia & conectando histórias
• Gather and analyze requirements together with business areas; • Convert functional requirements into technical requirements, preparing high- and low-level architecture documents; • Participate in alignment meetings and requirements-gathering sessions with business users; • Facilitate Fit-to-Standard workshops; • Validate requirements in the system and in the SAP Fiori application library, ensuring end-to-end coverage of functionalities in Solution & Architecture documents; • Execute exploratory testing to ensure consistency of functional design documents; • Update design documents during functional testing, defect remediation, integration testing, and UAT; • Create, review, and update SAP authorization concepts; • Contribute to the creation and review of training materials; • Provide support during Hypercare activities; • Perform other routine activities within the area.




