Cybersecurity Risk Manager - Healthcare

JOB SUMMARY Hybrid position The Cybersecurity Risk Manager plays a key role in strengthening the cyber risk management capabilities across a large, complex healthcare environment. This position leads a team responsible for identifying, assessing, and managing risks that impact clinical systems, patient data, operational continuity, and enterprise information assets. You will collaborate with technology, clinical, compliance, and operational teams to ensure risku2011management practices are: u00b7 Wellu2011structured, repeatable, and aligned with industry frameworks such as NIST CSF 2.0. u00b7 Compliant with regulatory requirements, including the HIPAA Security Rule. ESSENTIAL FUNCTIONS OF THE ROLE Risk Management Leadership + Lead a team of cybersecurity analysts executing risk identification, analysis, scoring, and monitoring. + Guide the development and continual enhancement of risku2011management processes using industry frameworks (e.g., NIST CSF 2.0, HIPAA). + Provide coaching, performance feedback, and professional development support to team members. + Promote alignment and consistency across cybersecurity and IT functions regarding risk practices and governance. Reporting & Continuous Improvement + Develop clear, concise risk reporting through associated tooling, tailored for senior leaders and operational stakeholders. + Track and measure progress through Objectives & Key Results (OKRs) aligned to cybersecurity and organizational priorities. + Identify opportunities to streamline processes, drive operational excellence, and improve transparency into cyber risk. Risk Management & Assessment + Oversee enterprise-wide cyber risk assessments, including but not limited to EHR systems, medical devices, IoT clinical equipment, and cloud-hosted PHI. + Lead threat modeling and control evaluations based on NIST CSF 2.0 categories (Identify, Protect, Detect, Respond, Recover, Govern). + Coordinate mitigation strategies with IT, Clinical Engineering, and operational leaders. + u00b7Support risk-related governance forums and risk review discussions with leadership. + Maintain risk registers and compliance monitoring. Compliance & Regulatory Alignment + Continuously refine cyber risk processes informed by healthcare threat intelligence, regulatory changes, and HIPAA Security Rule requirements. + Oversee periodic audits and corrective action tracking. + Ability to execute tasks through tooling such as ServiceNow, M365, and Power BI. KEY SUCCESS FACTORS + Masteru2019s Degree is preferred in Cybersecurity, Information Systems, Risk Management, or related field. + Strong understanding of healthcare technology environments (e.g., EHR systems, clinical devices, PHI handling). + Demonstrated ability to communicate risk effectively to both technical and non-technical audiences. + Experience working within Agile delivery environments. + Experience with NIST CSF 2.0, HITRUST, HIPAA Security Rule, and healthcare technology environments. + Strong understanding of clinical workflows, EHR systems, and medical device cybersecurity. + Proficiency with GRC and risk platforms. + Certifications such as CISSP, CISM, CRISC, HCISPP, HITRUST CCSFP, or other relevant industry certifications are strongly preferred. BENEFITS Our competitive benefits package includes the following- Immediate eligibility for health and welfare benefits- 401(k) savings plan with dollar-for-dollar match up to 5%- Tuition Reimbursement- PTO accrual beginning Day 1Note: Benefits may vary based upon position type and/or level QUALIFICATIONS - EDUCATION - Bachelor's or 4 years of work experience above the minimum qualification - EXPERIENCE - 5 Years of ExperienceAs a health care system committed to improving the health of those we serve, we are asking our employees to model the same behaviours that we promote to our patients. As of January 1, 2012, Baylor Scott & White Health no longer hires individuals who use nicotine products. We are an equal opportunity employer committed to ensuring a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

Created: 2026-02-02