DESCRIPTION:
The Cybersecurity Risk Coordinator reports to the Manager of Cybersecurity Risk Services. This position will work in a collaborative effort with Cybersecurity Risk Specialists, IT, and all system leadership (Supervisor and above) to assure incoming requests are addressed and distributed to the proper team members. Additionally, this role works closely with Cybersecurity Risk Specialists to support all employee and non-employee roles, including, but not limited to vendors, contractors, consultants, and partners to support the mission and goals of Henry Ford Health Cybersecurity Risk Management strategy. PRINCIPLE DUTIES AND RESPONSIBILITIES:
The Cybersecurity Risk Coordinator handles supporting tasks related to performing cyber/third party risk assessments of applications, infrastructure, business, and technology vendors against a defined risk framework. These assessments will be performed either through a formalized risk assessment program or through other risk reporting activities (e.g., policy exception, risk acceptance, controls). Must have the ability to develop work with minimal supervision, maintain and report against a work plan, give appropriate updates and status reports, and serve as a point of contact and liaison with internal and external auditors, assessors, vendors and clients and assist other staff members.
- Responsible for understanding the Cybersecurity Risk Services department and Information Privacy and Security Office services, functional IT services, and the business unit processes/ systems to provide world-class cybersecurity risk services.
- Validating Risk Intake Request Forms for employees and non-employees via technology platform and triaging it to the Cybersecurity Risk Specialists capable of starting their tasks.
- Assist in corporate process creation and revision using MS Office including Visio.
- Supporting, creating processes for intake of forms, streamline/update existing processes, procedures, and checklists.
- Liaison with internal / external stakeholders as needed.
- Contributes to the development and maintenance of supporting technology platforms and Corporate Information Security policies and procedures.
- Manage Group Outlook Mailbox and assign a ticket in the technology platform to Cybersecurity Risk Specialists to start their tasks.
- Supports managing checklists, and continuously improves the work instructions with the team.
- Initializes cyber/third party risk assessments reports for the Cybersecurity Risk Specialists to review for closure.
- Support IPSO and IT teams via integrated workflow.
- Supports client due diligence requests including the completion of questionnaires.
- Supports project and strategy advisory services and supports as needed.
- Capable of following documented work instructions with limited guidance.
- Other duties may be assigned.
EDUCATION AND EXPERIENCE:
- Associate's degree in information systems, Computer Science or related field preferred, relevant work experience/certification considered.
- 2+ years of experience in IT risk mgt, IT Controls mgt or IT Audit mgt.
- Demonstrates strong and effective verbal, written, and interpersonal communication skills, with experience in all at the executive level.
- Ability to prioritize and multi-task in a dynamic, fast paced, and challenging environment.
- Knowledge of IT systems and functions, process development, change management, and service and implementation lifecycle.
- Knowledge of information security best practices, NIST Cybersecurity Framework and common risk frameworks.
- Can conform to shifting priorities, demands and timelines through analytical and problem-solving capabilities.
Additional Information
- Organization: Corporate Services
- Department: Privacy&Security Risk Mgmt Svc
- Shift: Day Job
- Union Code: Not Applicable
|
Henry Ford Health System
Feb 24, 2025