Grow your career at Cedars-Sinai!
The Enterprise Information Services (EIS) team at Cedars-Sinai understands that true clinical transformation and the optimization of a clinical information systems implementation is fueled through the alignment of the right people, processes, and technologies.
Why work here?
Beyond an outstanding benefit package and competitive salaries, we take pride in hiring the best, most committed employees. Our staff reflects the culturally and ethnically diverse community we serve. They are proof of our dedication to creating a multifaceted, inclusive environment that fuels innovation and the gold standard of patient care we strive for.
What will you be doing:
The Manager, Information Security is responsible for establishing the information security architecture according to standard methodologies to safeguard confidential patient, employee, provider, and corporate information in electronic form. Leads the development, implementation, and monitoring compliance of information security policies and procedures.
The position will be responsible for:
- Cybersecurity policies and procedures, making sure that they align with Cedars-Sinai Privacy and Compliance policies.
- Run and conduct 3rd party vendor risk assessments.
- Coordinate external reviews/assessments from regulators, audit firms, and stake-holders due diligence requests.
- Maintaining the security risk register and the ongoing management of inherent and residual risks. Prepare heat maps and analytics of known risks.
- Lead all aspects of HIPAA compliance assessment, evidence collection, and reporting.
- Run and maintain compliance data in GRC tools.
- Evaluate and processes exceptions to information security policies and standards.
- Monitors compliance with the organization’s info security policies and procedures among employees, contractors, and other 3rd parties. Referring problems to appropriate dept managers and/or administrators.
- 5+ years GRC (government, risk and compliance) and security audit and/or assessment experience in the Healthcare field.
- 2+ years Growing leadership/management responsibilities.
- Experience performing information security audits or risk assessments.
- Knowledge of automated GRC platforms such as Service Now. Solid understanding of security risk management frameworks including related regulatory compliance requirements.
- Solid understanding of regulatory compliance requirements (NIST CSF & 800-53, ISO27001, HITRUST, HIPAA). Experience/skills in detailing risk and compliance activities.
Bachelor’s Degree in Information Technology or related field. (preferred)
CISSP, CISM, CISA, CIPP, or related. (preferred)
- Working Title: Manager, Info Sec Risk and Compliance
- Department: Information Security
- Business Entity: Corporate Services
- City: Los Angeles
- Job Category: Information Technology
- Job Specialty: IT Security
- Position Type: Full-time
- Shift Length: 8 hour shift
- Shift Type: Full-time
Cedars-Sinai is an EEO employer. Cedars-Sinai does not unlawfully discriminate on the basis of the race, religion, color, national origin, citizenship, ancestry, physical or mental disability, legally protected medical condition (cancer-related or genetic characteristics or any genetic information), marital status, sex, gender, sexual orientation, gender identity, gender expression, pregnancy, age (40 or older), military and/or veteran status or any other basis protected by federal or state law. If you need a reasonable accommodation for any part of the employment process, please contact us by email at Applicant_Accommodation@cshs.org and let us know the nature of your request and your contact information. Requests for accommodation will be considered on a case-by-case basis. Please note that only inquiries concerning a request for reasonable accommodation will be responded to from this email address.
Cedars-Sinai will consider for employment qualified applicants with criminal histories, in accordance with the Los Angeles Fair Chance Initiative for Hiring.
At Cedars-Sinai, we are dedicated to the safety, health and wellbeing of our patients and employees. This includes protecting our patients from communicable diseases, such as influenza (flu). For this reason, we require that all new employees receive a flu vaccine based on the seasonal availability of flu vaccine (typically during September through March each year) as a condition of employment, and annually thereafter as a condition of continued employment.Apply NowApply Later