H-1BEmpresa com aprovações comprovadas
REG. 1870131
Gerente de Risco e Consultoria em Segurança da Informação
Trinity Health
✓ VERIFICADO · 1 green cards (PERM) aprovados nos últimos 12 mesesRegistros públicos do Departamento do Trabalho dos EUA (DOL).
- Local: Livonia, MI
- Área: Tecnologia
- Visto provável: H-1B
- Vaga vista pela última vez em 17/07/2026
Gerente de segurança da informação remoto; empresa com 11 LCAs e 1 PERM aprovados nos últimos 12 meses.
Cadastro grátis — o contato e o link oficial da vaga ficam no portal.
Descrição da vaga (original, em inglês)
Employment Type:
Full time Shift:
Description:
The Manager, Information Security Risk and Consulting, operating under the direction of the Director of Information Security Strategy and Planning, plays a critical role in executing and maturing the organization’s third-party and integrated risk management program. This includes oversight of enterprise risk assessments across commercial off-the-shelf (COTS), open source, and internally developed applications, as well as associated system integrations. The role is responsible for identifying, assessing, and prioritizing security risks, ensuring appropriate controls are implemented, and driving continuous monitoring and risk-informed decision-making across the organization.
This position leads the development and reporting of key risk indicators (KRIs) and key performance indicators (KPIs) to provide actionable insights to leadership and support effective governance. Additionally, the role oversees the design and execution of scalable risk management processes, leveraging GRC tools and automation to enhance efficiency and consistency.
As a people leader, the Manager builds, develops, and leads a highly engaged, high-performing team of security risk professionals, fostering a culture of accountability, collaboration, and continuous improvement within a complex and evolving security environment. Essential Functions
Our Trinity Health Culture: Knows, understands, incorporates & demonstrates our Trinity Health Mission, Values, Vision, Actions & Promise in behaviors, practices & decisions.
Program and Regulatory Compliance
• Develops and leads Trinity Health’s Information Security Third Party Risk and Integrated Risk Management Program, with direct responsibility for defining team goals, scope of work, and deliverables aligned to Enterprise Information Security (EIS) priorities.
• Partners with stakeholders to ensure initiatives support the organization’s mission, values, and operational goals, while maintaining compliance with regulatory, legal, and contractual obligations.
• Leads the team’s engagement in regulatory audit and investigation activities, including the coordination and production of evidence.
People Leadership
• Responsible for developing and leading a high-performing team of security risk professionals focused on third-party and integrated risk management, risk-based prioritization, and enterprise risk remediation coordination.
• Provides hands-on leadership and direct supervision of team members, ensuring effective recruitment, performance management, training, and clear accountability for individual and team productivity.
• Designs and maintains a structured leadership development framework with clear competencies, promotion criteria, and aligned role expectations.
• Provides ongoing coaching, mentorship, and development planning to prepare employees for advancement while actively promoting psychological safety and open communication.
• Ensures fair, data-driven evaluations and fosters a collaborative, inclusive leadership culture.
• Exhibits courageous, authentic leadership—building trust through vulnerability, empathy, and clear, human-centered communication with executives and stakeholders through both formal and informal channels.
Information Security Governance, Risk & Compliance (GRC)
• Oversees and actively contributes to third-party and integrated risk management activities within Trinity Health GRC platforms, driving continuous process improvement and proactively planning for changes to control frameworks and risk questionnaires.
• Actively perform and review vendor tiering and risk assessments alongside the team, taking ownership of and/or supporting senior team members through ownership of complex or high-risk cases, as appropriate
• Define and maintain the third-party cyber risk lifecycle, including intake, inherent risk scoring, due diligence, control assessment, remediation, risk acceptance, ongoing monitoring, renewal review, material change review, and offboarding.
• Evaluate vendor controls across identity and access management, network security, cloud security, application security, data protection, encryption, vulnerability management, endpoint protection, logging and monitoring, incident response, disaster recovery, secure SDLC, privacy, and governance
• Review and advise on contractual clauses related to security controls, breach notification, incident cooperation, right to audit, data protection, encryption, access control, regulatory compliance, cyber insurance, subcontractors, business continuity, data retention, and secure data destruction
• Facilitate and lead offshore security risk compliance program.
• Translate technical findings into business risk language that enables informed decisions by senior leaders and business owners
• Prepare materials for audit, regulatory inquiries, board reporting, and internal governance reviews as needed
• Track deviations from security procedures and standards, document risk implications, drive risk remediation, and route risk acceptance (security policy exceptions) for appropriate approvals.
• Maintain hands-on involvement in day-to-day assessments to ensure quality, consistency, and timely delivery.
• Escalate overdue or unacceptable vendor risks through leadership as appropriate.
Metrics and Reporting
• Works with Strategy and Planning and Enterprise Information Security Leadership to define and report on key risk indicators (KRIs) and key performance indicators (KPIs) to provide actionable insights to leadership and support effective governance.
Information Security Risk Management
• Responsible for assigning, managing, and actively overseeing team assessment work, ensuring alignment with standards through coordinated intake and stakeholder engagement.
• Validates team members’ risk assessments to ensure new and existing solutions comply with Trinity Health information security requirements.
• Accountable for balancing workload and ensuring the team is trained and skilled to effectively deliver department services.
Executive & Stakeholder Engagement
• Builds and sustains effective relationships with executives and key stakeholders through clear, authentic, risk-informed communication; enables alignment, drives informed decision-making, and fosters shared accountability for managing security risk.
Enterprise Risk Communication & Decision Support
• Synthesizes and communicates enterprise security risk insights to executives and stakeholders in a clear, actionable manner; translates complex risk data into meaningful narratives that support informed decision-making, drive prioritization, and strengthen governance and alignment with organizational objectives.
Information Security Leadership Support
• Serves as a representative of the Director of Strategy and Planning as directed. Supports Information Security leadership by providing risk-informed insights, actionable recommendations, and clear communication to enable strategic decision-making, program prioritization, and alignment with organizational objectives.
Security Leadership & Coordination
• Leads and coordinates engagement with Enterprise Information Security leadership to ensure aligned execution of security and risk management activities, including policy and standards development, control assessments, and risk management education; drives collaboration, consistency, and integration of security practices across the organization.
Regulatory & Standards Monitoring
• Maintains a working knowledge of applicable Federal, State, and local laws and regulations, the Trinity Health Integrity and Compliance Program and Code of Conduct, and relevant policies and procedures, while staying current with industry developments and regulatory changes to ensure updates are reflected and adherence is upheld with honest, ethical, and professional behavior.
Project Management
• Provides leadership and oversight of security risk initiatives, ensuring successful delivery and alignment with organizational standards and risk management objectives.
• Leads and develops team members managing projects, ensuring consistent execution, accountability, and high-quality outcomes.
• Partners with stakeholders and senior leadership to align priorities, communicate status, and drive strategic outcomes.
• Proactively identifies risks and ensures effective mitigation to keep initiatives on track and meet organizational expectations.
Relationship Management
• Develops and manages relationships to ensure stakeholders are actively engaged throughout the project, program, or initiative life cycle.
• Works with stakeholders to ensure business process workflows; training and communication plans are completed.
• Provides appropriate tools, training, guidance, and necessary resources to resolve problems, avert potential risks and maintain engagement to support risk avoidance, risk remediation and empower champions of information security best practices throughout the organization.
Minimum Qualifications
• Bachelor’s degree in Information Security or an equivalent combination of education and experience.
• One or more security certifications: Certified Information Systems Security Professional (CISSP), International Social Security Association (ISSA), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC) Certified in Governance, Risk and Compliance (GRCP) or equivalent.
• Minimum of seven (7) years of progressive experience in information services including three (3) years working in cybersecurity governance, risk, and compliance (GRC).
• Minimum of three (3) years of management experience with demonstrated leadership effectiveness and emotional intelligence. Proven ability to lead, develop, and retain high-performing, highly engaged teams in complex security environments, including managing diverse talent and implementing tailored development strategies to drive individual and team success.
• Minimum of three (3) years of progressively responsible experience in healthcare and/or other regulated industries. Preferred candidates will have experience in complex healthcare environments with a strong understanding of operational workflows, information practices, and information systems.
• Strong knowledge of the HIPAA Security Rule and applicable industry security regulations, with the ability to rapidly build and sustain expertise; working understanding of broader HIPAA requirements, including Privacy and Breach Notification Rules.
• Proven knowledge of enterprise security principles and practices, with hands-on experience or demonstrated capability in implementing, integrating, and managing security solutions across enterprise environments.
• Working knowledge of one or more information security regulations and/or frameworks - HIPAA, ISO 27001/2, FISMA, FIPS, HITRUST and NIST security.
• Experience with GRC platforms (e.g., ServiceNow GRC, RSA Archer, OneTrust, or similar) supporting risk and compliance programs. Demonstrated ability to leverage tooling to improve process efficiency, enable reporting, and support scalable risk management practices.
• Ability to serve as a leadership representative of the Strategy and Planning Director and interface with a variety of Health Ministry and System Office Executive leaders, team members and end users, exercising effective facilitation skills, judgment, and decision-making in providing problem resolution and in meeting established goals and expectations. Ability to shape results, garner support and successfully manage complex relationships.
• Demonstrated courageous, authentic leadership through clear, human-centered communication with senior leaders and stakeholders; builds trust through empathy and vulnerability while skillfully navigating complex conversations, influencing decisions, and delivering compelling, accessible messages in both formal
Cadastro grátis — o contato e o link oficial da vaga ficam no portal.