Job description

US Radiology is one of the largest and most progressive radiology groups in the country. Our mission is to make the best of radiology better to improve lives. With over 3,100 team members and 145 outpatient imaging centers across 14 states, our team conducts nearly 6 million studies annually. US Radiology is a partnership of leading sub-specialized radiology groups, high-quality imaging centers and health systems built around a commitment to best-in-class clinical excellence, operations, infrastructure, and state-of-the-art technology.

US Radiology Specialists (USRS) is seeking an IT Governance, Risk, and Compliance (GRC) manager to support the USRS cybersecurity mission. The GRC manager sets standards of our IT risk management program and its individual components to determine compliance, gaps, and risks. The IT GRC Manager is accountable for developing a Governance strategy, establishing, and further evolving governance and risk standards, recommending tools and solutions to complement the program, and providing training and awareness to the USRS IT team.

Essential Duties and Responsibilities:

• Cyber Risk Management: Maintain and enhance a scalable and robust cyber-risk management program including governance, assessment, monitoring, and reporting and metrics.
• Policies: Manage, maintain, and improve Information Security policies and standards, including collaboration with IT colleagues, promote awareness and training, and revise the policies and documents
• Training and Awareness: Using commercial tools, develop and refine phishing campaigns to further improve the awareness of our information security policies and standards through formal training and develop and execute phishing awareness campaigns to end users.
• User Validations: Perform regular reviews of users of systems using automated tools and processes.
• IT Risk Management: Collect, triage, and partner with Risk owners to document remediation strategies; and report on current status and remediation progress.
• Vendor Risk Management: Scale out our Vendor Risk Management program including managing our Vendor Risk Management tool, collecting and reviewing data, performing triage, and regularly re-viewing vendors. Partner with USRS vendor relationship contacts to understand risks and document remediation strategies.
• Metrics and Dashboards: Develop security KPI/metrics to track compliance, overall status, programs maturity, and performance
• Regulatory Compliance: Continue to refine our compliance program in areas including PCI-DSS and HIPAA. Evaluate new and evolving security and privacy requirements.
• Audits Compliance: Manage client and 3rd party audits including scope and schedule as well as facilitate evidence collection, project management, and successful completion of our client’s and 3rd party audits.

Minimum Qualifications:
Education/Licensing/Certification:

• BA/BS in computer / technology or related field or equivalent and demonstrated work experience in-lieu of a degree
• Relevant security certifications (CRISC, CISSP, CCIE, CISM, CISA, CCISO, etc.) are a plus

Experience:

• 5+ years of experience working with Enterprise GRC management platforms (Archer, ServiceNow,, OneTrust, ZenGRC, etc.)
• Solid grasp of security governance concepts - policy management, control frameworks, program maturity, risk appetite, risk management, US and International laws and regulations.
• Solid grasp of risk management concepts - impact, likelihood, ALE, SLE, ARO, threat, vulnerability, asset, risk identification, risk owner, risk profile, risk appetite
• Knowledge of qualitative vs. quantitative risk management and inherent vs. residual risk to properly determine and report on technology risk levels
• Excellent written and verbal interpersonal skills.
• Highly organized, self-starter with the ability to work individually, within a team, and partner with external stakeholders.
• Possess high ethical standards, level of commitment, and ability to manage complexities

Knowledge and Skills:

• Familiar with common vulnerability management and detection tools such as Tenable and Qualys
• Familiar with User Revalidation Tool and process flows (automation)
• Familiar with training and awareness platforms including phishing campaigns and tools, training, and awareness platforms, etc.

Physical Requirements & Work Environment:

• Must be eligible to work in the United States
• Ability to travel up to 5%
• Virtual Location – in the US

US Radiology provides a competitive compensation program to attract, retain, and motivate a high-performance workforce.

US Radiology is an equal opportunity employer.

colinoncars.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, colinoncars.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, colinoncars.com is the ideal place to find your next job.