City/State

Work Shift

Overview:

Overview

We are seeking an experienced Cybersecurity Risk Manager to lead our organization's cybersecurity risk management program. This role is critical to protecting our healthcare systems, patient data, and organizational assets from evolving cyber threats. The ideal candidate will combine technical cybersecurity expertise with strong leadership, stakeholder management, and project management capabilities.

Key Responsibilities

Risk Management & Governance

• Lead team of cyber security risk professionals to design, implement and operationalize Sentara Healthcare’s risk management program.
• Provide management oversight and serve as the leadership point of contact for the cyber security risk team.
• Ownership of cyber security risk strategy and programs risk and performance indicators, executive and board reporting
• Be responsible for overall cyber security risk management using continuous self-assessments and executive reporting.
• Provide continuous input to leadership and help measure the cyber security risk posture of Sentara Healthcare.
• Understand key security and risk frameworks including but not limited to HIPAA, HITRUST, NIST800-171, PCI, and laws/regulations.
• Provide leadership and engage with the business to perform security assessments and ensure timely execution of projects and programs while mitigating any security risks.
• Work closely with internal groups such as Human Resources, Enterprise Risk Management, Internal Audit, Privacy, Legal, and Compliance on matters of policy and risk management.
• Develop and improve KPI/KRIs, metrics, risk register and trending.
• Mentor, coach, and train security staff.
• Maintain risk registers and ensure timely remediation of identified risks

Leadership & Team Management

• Manage day-to-day operations of the cybersecurity risk management function
• Provide coaching and professional development opportunities for team members
• Foster a culture of security awareness and risk-conscious decision-making

Stakeholder Engagement & Communication

• Collaborate with executives, clinical leaders, IT teams, legal, compliance, and other stakeholders across the organization
• Lead cross-functional meetings to discuss risk priorities, mitigation strategies, and security initiatives
• Present cybersecurity risk reports and recommendations to senior leadership and board committees
• Translate complex technical risks into business terms for non-technical audiences
• Build strong relationships to promote security and best practices throughout the organization

Program & Project Management

• Lead cybersecurity risk assessment engagements from initiation through completion
• Manage multiple concurrent projects and programs related to cybersecurity risk reduction
• Develop project plans, timelines, and resource allocation strategies
• Track project milestones and ensure deliverables meet quality standards and deadlines
• Coordinate third-party risk assessments for vendors and business partners

Strategic Planning & Continuous Improvement

• Stay current with emerging threats, vulnerabilities, and healthcare cybersecurity trends
• Recommend and implement improvements to cybersecurity controls and risk management processes
• Participate in incident response activities and post-incident risk assessments
• Support the development of cybersecurity policies, standards, and procedures
• Contribute to the organization's overall cybersecurity strategy and roadmap

Education:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (preferred)

(OR)

• Experience in lieu of Bachelor's Degree- 7+ years of experience in cybersecurity, with at least 3 years in risk management

Certification/Licensure

• CISSP (Certified Information Systems Security Professional) (Preferred)
• CISM (Certified Information Security Manager)(Preferred)
• CRISC (Certified in Risk and Information Systems Control)(Preferred)
• CISA (Certified Information Systems Auditor)(Preferred)

Experience

• 5+ years of experience in cybersecurity, with at least 3 years in risk management with a degree (Required)
• 7+ years of experience in cybersecurity, with at least 3 years in risk management without a degree) (Required)
• 3+ years of experience in a leadership or management role
• Experience in healthcare or other highly regulated industries preferred
• Deep understanding of cybersecurity frameworks (NIST CSF, NIST 800-53, ISO 27001, HITRUST)
• Knowledge of healthcare regulations (HIPAA, HITECH) and their technical requirements
• Familiarity with risk assessment methodologies and tools
• Understanding of security technologies, controls, and best practices
• Experience with GRC (Governance, Risk, and Compliance) platforms such as ServiceNOW, OneTrust

Keyword, Cybersecurity Risk, TPRM Talroo - IT

We provide market-competitive compensation packages, inclusive of base pay, incentives, and benefits. The base pay rate for Full Time employment is:$116,729.60-$216,777.60. Additional compensation may be available for this role such as shift differentials, standby/on-call, overtime, premiums, extra shift incentives, or bonus opportunities.

Sentara Health is an equal opportunity employer and prides itself on the diversity and inclusiveness of its close to an almost 30,000-member workforce. Diversity, inclusion, and belonging is a guiding principle of the organization to ensure its workforce reflects the communities it serves.

In support of our mission “to improve health every day,” this is a tobacco-free environment.

For positions that are available as remote work, Sentara Health employs associates in the following states:

Alabama, Delaware, Florida, Georgia, Idaho, Indiana, Kansas, Louisiana, Maine, Maryland, Minnesota, Nebraska, Nevada, New Hampshire, North Carolina, North Dakota, Ohio, Oklahoma, Pennsylvania, South Carolina, South Dakota, Tennessee, Texas, Utah, Virginia, Washington, West Virginia, Wisconsin, and Wyoming.