• Information Security Risk and Compliance Lead

    Job ID
    Information Services
    Info Technology
    Job Location
  • Overview

    St. Jude is a seeking full-time, senior level IT risk and cybersecurity professional with demonstrated experience in the areas of GRC and IT Risk Management. The St. Jude Risk Management Lead is responsible for maintaining a consistent, repeatable lifecycle process for cybersecurity risk management across the institution. The ideal candidate would have GRC consulting experience or healthcare cybersecurity experience. Candidates must demonstrate strong leadership and communication skills, a positive, can-do attitude and the ability to work well with cross functional teams in a dynamic environment


    • Develops and maintains a consistent, repeatable process for identifying risks, qualitatively and quantitatively assessing risks, determining risk treatment, and managing associated findings and remediation plans. Scope of risk management domain includes but is not limited to asset risk management, third party risk management, and vulnerability risk management.
    • Develops and reports security risk and compliance metrics for the institution, departments and processes, and individual assets.
    • Develops information security policies, standards, procedures, and guidelines in accordance with the overarching Information Security Risk Framework.
    • Supports ongoing compliance activities and monitoring efforts across applicable Regulations and Standards (e.g. HIPAA, PCI).
    • Serves as a GRC subject matter expert for information risk by supporting complex analysis and leading risk management capability improvement.
    • Manages SJCRH policy exceptions, identifies rationale and risks underlying exception requests, weighs effectiveness of compensating controls, and makes recommendations around exception requests.
    • Influences technical and strategic direction of the Risk Management and Compliance program

    Minimum Education

    • Bachelor's degree in Management of Information Systems or related field is required
    • Master's Degree or MBA is preferred

    Minimum Experience

    • Six (6) years' progressive experience in information security is required
    • Must have experience and demonstrated proficiency in IT Security Risk Management and Compliance program leadership and execution, managing complex and large process change projects, and advanced knowledge of cybersecurity threats
    • Experience with cloud and mobile security is preferred

    Other Credentials

    • One or more of the following certifications is required:
    • Certified Information Systems Security Professional OR
    • Certified Information Systems Auditor OR
    • Certified Information Security Manager OR
    • Certified in Risk and Information Systems Control
    • Project Management Professional (PMP) or equivalent is preferred

    EEO Statement

    St. Jude is an Equal Opportunity Employer

    No Search Firms:

    St. Jude Children's Research Hospital does not accept unsolicited assistance from search firms for employment opportunities. Please do not call or email. All resumes submitted by search firms to any employee or other representative at St. Jude via email, the internet or in any form and/or method without a valid written search agreement in place and approved by HR will result in no fee being paid in the event the candidate is hired by St. Jude.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Stay connected

    We're breaking new ground at St. Jude. Stay up-to-date on our latest news and career opportunities in the areas you're most interested in by becoming a St. Jude Careers Insider.

    Search all St. Jude Jobs, including postdoctoral research fellowships, clinical fellowships and faculty appointments.