Lead Information Risk Consultant

Company: enGen Job Description: Job Summary We are seeking a highly motivated Lead Information Risk Consultant to join our team. This role will focus on the strategic leadership of M&A cybersecurity integration while driving governance and assurance across multiple concurrent acquisitions. This is a hybrid role, with in-office presence required on Tuesdays, Wednesdays, and Thursdays at our Camp Hill, Buffalo, or Pittsburgh offices. Must be a US Citizen due to contractual requirements. The Lead Information Risk Consultant will establish and manage the Cybersecurity Integration Management Office (C-IMO), ensuring the alignment of security requirements during both pre- and post-acquisition phases. Additionally, you will provide expert leadership in policy stewardship, control assurance, and the growth of our information security program, enhancing compliance with HIPAA, NIST CSF 2.0, PCI DSS, and SOC frameworks. In this role, you will act as a trusted advisor, guiding team members and cross-functional stakeholders, while delivering governance excellence and executive-ready reporting. Essential Responsibilities Conduct information risk assessments and analyze relevant documentation to gather materials necessary for assessment results. Document and communicate risk assessment findings clearly and concisely with stakeholders. Determine risk scoring based on threat, vulnerability, likelihood, impact, and security controls. Maintain the risk register inventory, tracking risk statements and scores. Follow up on risk exceptions, acceptance, corrective action plans, and mitigation strategies. Communicate methodologies for risk treatment, avoidance, acceptance, and transference. Collaborate with various projects to apply security architecture requirements and develop solutions to address security gaps. Work with HM Health Solutions teams to maintain compliance documentation related to PCI-DSS, HITRUST, and ISO 27001. Prepare and present solution decks tailored to different management levels and technical audiences. Ensure adherence to required standards, procedures, guidelines, and organizational processes. Perform additional duties as assigned. Required Education Bachelor's Degree in Information Security, Information Systems, Information Assurance, Computer Science or related field. Experience Minimum: 7-10 years in Information Security and/or Information Risk Management. 5-7 years in Information Security Governance, Risk, or Compliance activities. 7-10 years developing and presenting Information Security and Risk Management concepts. Familiarity with technologies like IPS, firewalls, endpoint protection, DLP, SEIM, and virtualization. Preferred: 10-15 years in Information Security/Risk Management, including leadership in cybersecurity governance for M&A. Experience in policy management aligned with HIPAA and NIST CSF 2.0. Leadership in control assurance and maturity improvement initiatives. Strong background in interpreting security policies and regulatory requirements. Proven ability to coordinate governance forums and create executive-ready dashboards. Familiarity with governance tools like RSA Archer and policy management systems. Aptitude for mentoring team members and directing cybersecurity governance programs. Knowledge, Skills & Abilities Knowledge of HITRUST CSF, NIST 800-83, PCI, HIPAA, and ISO 27001/2. Understanding of NIST Risk Assessment methodology. Familiarity with secure SDLC best practices and OCTAVE risk methodologies. Able to work in high-performance, multi-disciplinary teams. Strong teamwork and interpersonal skills. Travel Requirement: 0% - 25% Physical, Mental Demands, and Working Conditions The demands and conditions outlined here represent the requirements an employee must meet to successfully perform the essential functions of this job. Reasonable accommodations will be made as necessary to enable individuals with disabilities to perform essential duties. Additional Information Pay Range Minimum: $78,900.00 Pay Range Maximum: $147,500.00 This role offers a competitive salary based on qualifications, experience, expected contributions, and business considerations. We are committed to diversity and inclusion and prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities.

Created: 2026-03-04