We are redirecting you to the source. If you are not redirected in 3 seconds, please click here.

Lead - IT Risk Management & Compliance at St. Jude Children's Research Hospital. Location Information: Remote - TN, United States. About St. Jude . There’s a reason St. Jude Children’s Research Hospital consistently earns a Glassdoor Employee Choice Award and is named to its "Best Place to Work" list. At our world-class pediatric research hospital, every one of our professionals shares our commitment to make a difference in the lives of the children we serve. There is a unique bond when you are part of a team that gives their all to advance the treatments and cures of pediatric catastrophic diseases. The result is a collaborative, positive environment where everyone, regardless of their role, receives the resources, support, and encouragement to advance and grow their careers. . Job Overview. The Lead of IT Risk Management & Compliance is responsible for leading St. Jude's IT governance, risk, and compliance (GRC) program. This role will oversee the identification, assessment, and mitigation of technology risks, help ensure and track compliance with regulatory and internal standards and drive the implementation of policies and controls across the enterprise. The position requires strong leadership skills, a solid understanding of cybersecurity frameworks, and the ability to collaborate across business and technical teams to foster a risk-aware culture.. This position may be eligible for the possibility of remote work.. Job Responsibilities:. Identify and assess technology risks across systems, projects, and third parties to support risk-informed decision making and maintain an accurate risk register.. Collaborate with control owners to implement and validate security and compliance controls based on frameworks and regulations such as NIST 800-171, HIPAA, and NIST CSF.. Participate in the security review of significant changes and projects, ensuring risks are identified and addressed throughout the lifecycle.. Monitor and track the effectiveness of risk mitigations and control activities, and support the timely remediation of open findings and exceptions.. Supervise and manage staff that support the IT Risk management program. Provide feedback, coaching, and counseling to staff. Monitor, document, and review team performance.. Serve as a liaison to internal and external auditors by coordinating evidence requests, supporting walkthroughs, and facilitating control owner responses.. Support vulnerability response efforts by helping to risk-rank remediation campaigns, direct remediation efforts and priorities and partner with remediation teams to ensure timely remediation of the most critical vulnerabilities.. Develop and maintain policies, standards, and procedures that support a consistent approach to security governance and align with existing St. Jude policies as well as industry best practices.. Work with awareness and training team to help improve awareness and training related to the IT risk management program and institutional policies.. Maintain and mature security metrics to evaluate the effectiveness of the risk remediation program, patching effectiveness, and other IT risk related efforts.. Stay up to date with the latest security trends, threats, best practices, and cybersecurity regulations to keep the program relevant, effective and continuously improve the program.. Perform other duties as assigned to meet the goals and objectives of the department and institution.. Maintain regular and predictable attendance.. Minimum Education and/or Training:. Bachelor's degree in business administration, computer science, data science, information science or related field required.. MBA or related Masters in technology field preferred.. Minimum Experience:. Minimum Experience: 5+ years of demonstrable work experience in Security, IT Risk Management and Compliance, preferably in healthcare research industry.. Prefer at least 5 additional years of work experience in a cybersecurity leadership role.. Significant experience with working with IT technology (e.g. cloud, SaaS, network/server management) with an insight into IT Risk, threat actors, and attack vectors.. Some experience with operational management, and budget planning & management within area.. Proven performance in earlier role/comparable role.. Experience managing cross-functional, complex IT security processes/ projects.. Experience providing technical guidance, mentorship, management within IT cybersecurity.. Licensure, Registration and/or Certification Required by SJCRH Only:. Professional certifications related to IT risk management or information security, such as CRISC, CISA, CISSP, or similar to be obtained one year.. Special Skills, Knowledge and Abilities:. Able to draw insights from different sets of data and quickly understand why issues are happening.. Solves problems quickly by identifying the root causes.. Encourages others to see the opportunities ahead amidst changing circumstances even when the details have not been finalized.. Leads team meetings on an as needed basis and effectively communicates with cross-functional teams for results.. Understands and uses digital tools of communication as needed.. Speaks up in meetings, raises concerns, and shares information with team.. Remains calm in challenging and uncertain times by focusing on the end goals and solving problems.. Defuses any unforeseen developments and problems by leveraging data analysis and insights. Maintains focus on goals.. Drives engagement and ownership for group to deliver ambitious results and solutions.. Promptly and effectively responds to customer queries and requests.. Explores optimal solutions for customer needs.. Escalates/redirects effectively for quicker customer support.. Effectively oversees proper configuration, deployment, and functioning of security systems, including periodic testing of systems.. Is able to translate security risks into business understandable risks and narratives.. Proactively advises/alerts relevant business teams to security risks and advises on remediation plans.. Drives contingency plans and addresses complex escalation across areas to address security incidents and threats.. Proposes and implements process improvements to mitigate security risks systematically.. Thinks holistically and plans for interdependencies and impact of work and processes with other teams within and outside of IT.. Always focused on quality, costs, sustainability from a complete ownership mindset and approach.. Demonstrates a strong collaborative style with emotional empathy and is able to work/ negotiate through challenging situations.. Compensation. In recognition of certain U.S. state and municipal pay transparency laws, St. Jude is including a reasonable estimate of the compensation range for this role. This is an estimate offered in good faith and a specific . salary. offer takes into account factors that are considered in making compensation decisions including but not limited to skill sets, experience and training, licensure and certifications, and other business and organizational needs. It is not typical for an individual to be hired at or near the top of the salary range and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current salary range is $104,000 - $186,160 per year for the role of Lead - IT Risk Management & Compliance.. Explore our exceptional . benefits. !. St. Jude is an Equal Opportunity Employer. No Search Firms. St. Jude Children's Research Hospital does not accept unsolicited assistance from search firms for employment opportunities. Please do not call or email. All resumes submitted by search firms to any employee or other representative at St. Jude via email, the internet or in any form and/or method without a valid written search agreement in place and approved by HR will result in no fee being paid in the event the candidate is hired by St. Jude.. .