Senior Information Risk Advisor

Company: enGen Job Description: Job Summary Join our dynamic team as a Senior Information Risk Advisor, where your expertise will shape the future of M&A cybersecurity integration and elevate our risk management governance across multiple acquisitions. This hybrid role requires your in-office presence on Tuesdays, Wednesdays, and Thursdays at our Camp Hill, Buffalo, or Pittsburgh offices. As a U.S. Citizen, you will be instrumental in driving our cybersecurity initiatives to new heights. In this position, you will lead the Cybersecurity Integration Management Office (C-IMO), ensuring our security requirements are seamlessly integrated during pre- and post-acquisition phases. You'll provide vital leadership in policy management, control assurance, and the enhancement of our information security program, ensuring compliance with HIPAA, NIST CSF 2.0, PCI DSS, and SOC frameworks. As a trusted advisor, you'll guide your team and cross-functional partners, ensuring governance excellence and delivering compelling executive-ready reporting. Essential Responsibilities Conduct thorough information risk assessments and review documentation to compile necessary materials for evaluation. Effectively document and communicate risk assessment findings to stakeholders, ensuring clarity and understanding. Evaluate risk based on threat, vulnerability, likelihood, impact, and existing security controls, determining appropriate scoring. Maintain a comprehensive risk register inventory to track risk statements and scores systematically. Proactively follow up on risk exceptions, acceptance, corrective action plans, and mitigation strategies. Clearly communicate methodologies for risk treatment, avoidance, acceptance, and transference to relevant parties. Collaborate on various projects to implement security architecture requirements and devise solutions for identified security gaps. Work closely with HM Health Solutions teams to uphold compliance documentation related to PCI-DSS, HITRUST, and ISO 27001. Prepare and present impactful solution decks tailored to both technical and management audiences. Ensure strict adherence to established standards, procedures, guidelines, and organizational processes. Perform additional related duties as assigned. Required Education Bachelor's Degree in Information Security, Information Systems, Information Assurance, Computer Science, or a related field. Experience Minimum: 7-10 years of experience in Information Security and/or Information Risk Management. 5-7 years focused on Information Security Governance, Risk, or Compliance activities. 7-10 years of expertise in developing and presenting Information Security and Risk Management concepts. Familiarity with technologies including IPS, firewalls, endpoint protection, DLP, SEIM, and virtualization. Preferred: 10-15 years of experience in Information Security/Risk Management, particularly in leading cybersecurity governance during M&A. Experience with policy management in alignment with HIPAA and NIST CSF 2.0. Proven leadership in control assurance and improvement initiatives aimed at maturity growth. Strong background in interpreting security policies and regulatory requirements. Demonstrated ability to coordinate governance forums and create executive-ready dashboards. Familiarity with governance tools such as RSA Archer and policy management systems. Aptitude for mentoring team members and steering cybersecurity governance programs. Knowledge, Skills & Abilities In-depth knowledge of HITRUST CSF, NIST 800-83, PCI, HIPAA, and ISO 27001/2. Understanding of the NIST Risk Assessment methodology. Familiarity with secure SDLC best practices and OCTAVE risk methodologies. Able to thrive in high-performance, multi-disciplinary teams. Strong teamwork and interpersonal skills. Travel Requirement: 0% - 25% Physical, Mental Demands, and Working Conditions The demands and conditions stated are representative of what an employee must meet to successfully perform the essential functions of this role. Reasonable accommodations will be made as necessary to enable individuals with disabilities to perform essential duties. Additional Information Pay Range Minimum: $78,900.00 Pay Range Maximum: $147,500.00 This position offers a competitive salary based on qualifications, experience, expected contributions, and business considerations. We are committed to diversity and inclusion and prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities.

Created: 2026-03-12