Head of Cybersecurity Governance & Risk Management

7 days left

Washington, District of Columbia-Washington
Sep 22, 2020
Oct 27, 2020
Full Time
YOUR NORTH STAR: build and run a world-class cybersecurity governance, risk management, compliance, and reporting program to protect Children's National and our patients, families, and staff.

The head of cybersecurity governance, risk management and reporting will manage the development, administration, and implementation of the CN GR&R program. She or he will protect Children's National by reducing the risk of a successful attack on our devices, applications, networks, data, and users. We are seeking a dynamic leader who excels at building and inspiring great teams. He or she is a doer who is equally comfortable managing direct reports, overseeing partners, influencing colleagues, and rolling up his/her sleeves and executing.


Minimum Education
Bachelor's Degree in a computer science, math, engineering or another relevant discipline (Required)

Advanced degree - MS, PhD (Preferred)

Minimum Work Experience
10 years experience in cybersecurity with a focus on risk management, program management, and/or security policy (Required)
5 years experience in a management role (Required)

Required Skills/Knowledge
1. Demonstrated ability to lead some or all of the cybersecurity governance, risk management, compliance, and reporting functions, preferably in a healthcare organization.
2. Demonstrated ability to report to and communicate with board and C-level management.
3. Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related concepts to technical as well as nontechnical audiences.
4. Breadth of knowledge across many cybersecurity frameworks and standards with deep expertise and implementation experience in at least one (e.g. NIST CSF, NIST RMF/800 series, ISO/IEC 27001/2, OWASP, Mitre ATT&CK framework, SNAS CIS, etc).
5. Experience with relevant legal and regulatory frameworks, including HIPAA and PCI/DSS.
6. Leading and responding to security audits.

Functional Accountabilities

Core areas of responsibility that fall under this role include:

1. Developing and implementing CN security standards, policies, processes, and guidelines

2. Defining cybersecurity program metrics that align to standard frameworks and best practices

3. Performing risk assessments of existing or new services, technologies, and vendors

4. Advising the CISO, stakeholders, and partners on systemic risk management issues and specific risk management recommendations

5. Coordinating with business units, and across other stakeholders (including technology, legal, risk, compliance, and privacy, and ecosystem partners) to assess, implement, and monitor security risks & mitigations

6. Managing the trade-offs required to account for varying levels of risk tolerance, risk exposure, and security controls across the organization

7. Collaborating with the CN legal, risk, compliance, and privacy staff to monitor and ensure industry and government rules and regulations (HIPAA, PCI/DSS, etc)

8. Reporting on performance against established security metrics

Preparing clear and concise briefings for the CN board, executive leadership, staff, regulators, auditors, outside partners, and other stakeholders

Leader Accountabilities

To be successful in this role you will need to be:

1. A leader who excels at building and inspiring outstanding teams

2. A manager with a proven track record of supporting staff and their personal and professional growth

3. An innovator who knows what it takes to execute and has a history of setting and meeting ambitions goals

4. A highly dependable "doer" who can work with little supervision while being resilient to change

5. A good listener who can check your ego at the door, allowing you to receive and provide candid feedback and criticism

6. Kind

7. An individual of high personal integrity who is able to act calmly in high-pressure and high-stress situations

Organizational Commitment/Identification
1. Anticipate and responds to customer needs; follows up until needs are met


1. Demonstrate collaborative and respectful behavior
2. Partner with all team members to achieve goals
3. Receptive to others' ideas and opinions

Performance Improvement/Problem-solving

1. Contribute to a positive work environment
2. Demonstrate flexibility and willingness to change
3. Identify opportunities to improve clinical and administrative processes
4. Make appropriate decisions, using sound judgment

Cost Management/Financial Responsibility

1. Use resources efficiently
2. Search for less costly ways of doing things


1. Speak up when team members appear to exhibit unsafe behavior or performance
2. Continuously validate and verify information needed for decision making or documentation
3. Stop in the face of uncertainty and takes time to resolve the situation
4. Demonstrate accurate, clear and timely verbal and written communication
5. Actively promote safety for patients, families, visitors and co-workers
6. Attend carefully to important details - practicing Stop, Think, Act and Review in order to self-check behavior and performance

Children's National Health System is an equal opportunity employer that evaluates qualified applicants without regard to race, color, national origin, religion, sex, age, marital status, disability, veteran status, sexual orientation, gender, identity, or other characteristics protected by law.

Similar jobs