Assistant Director - Healthcare Control Library (Chief Risk Office)

Position Overview

You will play an important role as the enabler and integrator to drive the development and management of healthcare control libraries (HCLs) in the public healthcare sector. In this role, you will be responsible for developing and continuously increasing cybersecurity maturity and capabilities through effective stakeholder management, active listening, and meeting business & policy requirements. You will apply existing solid working experience and knowledge of continuous improvement, governance, risk management, cyber security, and compliance.

Role & Responsibilities

• Be the integrator and lead contact point for Healthcare Control Library (HCL) development, awareness, and adherence while facilitating engagement and collaboration with various stakeholders in the public healthcare sector.
• Be the voice for the team from a policy, standard, and HCL perspective when evaluating stakeholders’ requirements, expectations, and interactions.
• Engage and drive alignment with both Synapxe and MOHH entities’ stakeholders including but not limited to CIOs, CISOs, and other functional leaders.
• Facilitate the rollout of consultation and roll-out on HCL.
• Support relevant initiatives to instill a cyber risk awareness culture within the public healthcare sector.
• Evaluate emerging technologies, trends, and changes in regulations.
• Maintain effective working relationships with peers, stakeholders, and regulators to seamlessly integrate policy adherence into the overall strategic objectives and activities of the sector.
• Demonstrate your domain expertise; you are expected to further your own knowledge and improve the productivity of your colleagues with activities such as creating learning content, presenting, and supporting a continuous learning culture.

Requirements

• Bachelor’s degree in computer science or STEM Majors (Science, Technology, Engineering, and Math) with over 10 years of experience.
• Recognized industry-leading certifications in relevant areas such as CISA, CISM, CRISC, CISSP, CCSP, CIPP, CIPT, CIPM, and GIAC certifications.
• Aptitude and experience in first, second, or third lines of defense and familiarity with enterprise risk management concepts including risk & control self-assessment and policy management.
• Candidates with CISA, CIA, or CISM certifications would be advantageous.

Technical Expertise:

• Experience in policy, standard, and guideline implementation in cyber security and technology risk.
• Solid technical writing and attention to detail.
• Working knowledge of well-recognized frameworks & standards such as NIST CSF, COBIT, and ISO27000 series.
• Good understanding and experience in cyber security, risk management, and compliance.
• Ability to consult and influence stakeholders on alignment of outcomes and desired solutions.
• Ability to analyze, design, and develop a solution roadmap and implementation plan based upon a current vs future state.
• Working knowledge of balancing security and business needs.
• Knowledgeable on the full range of services catalog within a cybersecurity function and able to discuss overall solutions.
• Experience sustaining operational stability through various life cycle phases.
• Able to lead early-stage customer interactions on cybersecurity design.

Business Acumen:

• Adept at navigating the organizational matrix; understanding people's roles, anticipating obstacles, identifying workarounds, leveraging resources, and rallying teammates.
• Understand how internal & external stakeholders’ priorities and facilitate active engagement.
• Able to articulate the value of what is most important to the stakeholders' desired outcomes.
• Able to produce functional area information in sufficient detail for cross-functional teams to utilize, using presentation and storytelling concepts.
• Possess extensive knowledge of cybersecurity services in the portfolio and proficiency in discussing each area.