Posted in

Sr. Manager – Cybersecurity Risk Management

Sr. Manager – Cybersecurity Risk Management

CompanySolventum
LocationWoodbury, MN, USA
Salary$207348 – $253425
TypeFull-Time
DegreesBachelor’s, Master’s
Experience LevelSenior, Expert or higher

Requirements

  • Bachelor’s Degree or higher from an accredited institution and 9 years of experience in Information Technology/Information Security.
  • OR High School Diploma/GED or higher from a (completed and verified prior to start) and thirteen (13) years of experience in Information Technology/Information Security.
  • Extensive background in Governance, Risk & Compliance, with particular focus on Risk Management in Healthcare or other highly regulated industry.
  • Experience building and optimizing best practice Enterprise Risk Management, Third Party Risk Management, Risk Quantification, as well as Data Governance and Artificial Intelligence (AI).

Responsibilities

  • Drive cybersecurity risk management taxonomy and framework/ methodology including implementing an Enterprise Control Framework (ECF) utilizing NIST/HITRUST controls that align with Enterprise Risk Management (ERM) objectives.
  • Lead a team that performs risk assessments, and identify, mitigate, and track to closure risks across the enterprise, providing actionable data and recommended solutions to organization leadership.
  • Define standardized risk assessment and exception handling processes, including defining what constitutes an exception and the criteria for managing them.
  • Develop and execute gold-standard information security governance strategy and program. Drive culture of transparency, integrity, and accountability.
  • Focus efforts to support cyber- and business resilience, ensuring the organization is well-prepared to counter risks to continuity of operations.
  • Develop the appropriate security checkpoints against software and infrastructure development lifecycles, shifting effort to prevent rework and build security by design into every project.
  • Establish a robust Findings & Remediation program that identifies trends in newly discovered risks, provides actionable reporting, identifies root cause, and works collaboratively to reduce inherent risk and technical debt.
  • Use expertise to scale programs up and down to meet the current regulatory environment and the risk appetite of the organization.
  • Establish and maintain robust data security governance, including creation, classification, retention, retrieval, and disposal of records.
  • Monitor regulatory changes and industry standards.
  • Coordinate the transfer of information into or out of the firm in compliance with organizational policies. When necessary, ensure the proper execution of destruction orders.
  • Implement supporting protocols and processes to ensure statutory, regulatory, ethical and privacy requirements are met for the management of physical and electronic information.
  • Support data governance efforts across the organization, including but not limited to data classification, data retention and disposal, data sharing, records management, archiving data, and data privacy.

Preferred Qualifications

  • Supporting certifications and coursework demonstrating continual learning. CISSP strongly preferred, or equivalent experience across a broad spectrum of Information Security disciplines
  • Seven (7) years of experience building and leading global IT, digital and/or cybersecurity programs in a private, public, government or military environment
  • Minimum three (3+) years leading Risk Management programs
  • Successful track record developing and leading risk management programs, policies, procedures, and best practices.
  • Experience working with Risk, Security and/or Audit frameworks (SOX, HiTrust, SOC2, PCI, ISO 27001/2, NIST CFS / 800-53, FedRAMP, StateRAMP, and EIC 62443, etc
  • Master’s Degree in Computer Science, Information Security or related field from an accredited institution
  • Successful track record of leading organizations through external audits and assessments. Experience writing and communicating directly with regulators and external auditors, responding appropriately to external inquiries while protecting the organization.
  • In-depth knowledge of legal and regulatory requirements, including data protection laws (e.g., GDPR, CCPA) and legal hold obligations.
  • Supporting certifications such as CRISC, CISM
  • Experience leading Business Continuity Planning and/or Cyber Resilience teams.