IT Risk

Responsible for assessing and documenting NMC’s compliance and risk posture as they relate to information assets. Development and implementation of the information security risk management program.

**Accountabilities**
- Ensure the smooth functioning of the department and maintain the reputation of the organization as a viable health care provider.
- Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to the investigation, impact, and analysis of security incidents, decisions regarding risk, and measures for computer and network security in addition to project management activities, including development of project plans and budget/resource estimates

Risk
- Lead the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored.
- Internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the University's information and technology systems.

Policy/Compliance
- Lead system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
- Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
- Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI DSS, ITAR, HIPAA, NIST 800-171 and FISMA
- Develop strategies to address awareness and training for all stakeholders as well as technical solutions

Audit
- Work with Internal & External Audit, outside consultants as appropriate on required security assessments and audits
- Coordinate and track all information technology and security related audit timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts NMC in its best light. Provide guidance, evaluation and advocacy on audit responses.

Problem-Solving Skills
- Troubleshooting computer hardware, software, and systems for security risks or violations and work with IT Dept. and technology vendors to recommend solutions.
- Handle complex multi-location projects as well as identify and implement appropriate corrective measures to resolve issues as they arise.

Contingency planning (IRP, BCP, DRP)
- Ensure that the Incident Response Plans are updated and tested frequently
- Work collaboratively with all the process owners across and keep the BCM program live and Build the BCM Culture across the Enterprise.
- Ensure the Disaster Recovery plan is updated and tested for the business-Critical Applications.
- The relevant documentations are updated and concerned personnel are trained base on a yearly training calendar.

Employee duties are not limited only to the above-mentioned Accountabilities; he/she may perform other duties as assigned.

**Work Environment**
- Indoors : 100%
- Outdoors : 0%
- Working Days : 5 Working Days
- Days off : 2 Days Off
- Working Hours : 8:00 AM - 6:00 PM (1 hour break) (on call)

**Job Requirement**

**Education
- **Bachelor’s or Masters degree in information technology or other related field
**Experience
- **3-5 years of advanced IT skills with high level of information security experience, managing security projects.Expertise in Health Care or Retail Sector is Preferred
**Skills
- **Knowledge of information local security risk management frameworks and compliance practices and securing network technologies, client, and server operating systems Understanding of common security standards and regulations relating to a higher education environment (e.g., PCI DSS, NIST, ISO2700x, ISO22310, etc.)**:

- **Experience responding to, analyzing, and communicating information security incidents**:

- **Must be well versed with laws affecting the healthcare providers in the following areas such as (Data privacy / Security, Health Care / HL7 / HEPAA, Cyber Insurance, State Regulations)**:

- **Information security related training or certifications such as CISSP or CRISC.
**Languages
- **English**:

- **Arabic