Current jobs related to Director, Information Security Governance, Risk and Compliance - Buffalo, New York - Roswell Park Comprehensive Cancer Center

• 

  Information Security Risk Analyst

  3 weeks ago

  ---

  Buffalo, New York, United States M&T Bank Full time

  Position Overview:The role of an Information Security Risk Analyst is pivotal in safeguarding the organization's data and information systems. This professional will focus on maintaining the integrity and robustness of security protocols by identifying and analyzing potential risks.Key Responsibilities:- Conduct thorough investigations into security threats...

• 

  IAM Governance and Compliance Specialist

  1 week ago

  ---

  Buffalo, New York, United States Mindlance Full time

  About the RoleWe are seeking an experienced IAM Governance Specialist to join our team at Mindlance. As a key member of our Cyber Security team, you will be responsible for implementing and maintaining our Identity Governance platform, SailPoint IIQ.Key ResponsibilitiesDevelop and implement IAM governance policies and proceduresConduct risk assessments and...

• 

  Risk Governance Specialist

  4 weeks ago

  ---

  Buffalo, New York, United States M&T Bank Full time

  Position Overview: This role is pivotal in delivering comprehensive Enterprise Risk Management services aligned with organizational policies, industry benchmarks, and stakeholder expectations. The incumbent will play a crucial role in navigating the dynamic risk management landscape, identifying efficiencies in execution and practices across various business...

• 

  Armed Diplomatic Security Officer

  2 weeks ago

  ---

  Buffalo, New York, United States Inter-Con Security Full time

  About the RoleWe are seeking a highly skilled and experienced Armed Diplomatic Security Officer to join our team at Inter-Con Security Systems, Inc. As a key member of our security operations team, you will be responsible for providing high-level protection services to diplomats and high-risk individuals across multiple locations in the United States.Key...

• 

  Director of Workplace Safety and Risk Management

  2 days ago

  ---

  Buffalo, New York, United States Stark Tech Full time

  {"h1": "Director of Workplace Safety & Risk Management", "p": "At Stark Tech, we're committed to creating a safe and healthy work environment for our employees and customers. As our Director of Workplace Safety & Risk Management, you'll play a critical role in developing and implementing our risk management programs and ensuring compliance with regulatory...

• 

  AI Governance Expert

  7 days ago

  ---

  Buffalo, New York, United States M&T Bank Full time

  AI Governance ConsultantAt M&T Bank, we're committed to leveraging AI technologies in a responsible and ethical manner. As an AI Governance Consultant, you'll play a critical role in empowering our organization to navigate the AI landscape with confidence and integrity.Key Responsibilities:Develop and implement comprehensive AI governance frameworks,...

• 

  AI Governance Expert

  6 days ago

  ---

  Buffalo, New York, United States M&T Bank Full time

  OverviewAs an AI Governance Consultant at M&T Bank, you will play a critical role in empowering the organization to harness the power of AI technologies in a responsible and ethical manner. You will collaborate closely with internal stakeholders to develop and maintain policies, procedures, and strategies that ensure the effective and compliant use of AI...

• 

  AI Governance Specialist

  23 hours ago

  ---

  Buffalo, New York, United States M&T Bank Full time

  OverviewM&T Bank is seeking a highly skilled AI Governance Consultant to join our team. As an AI Governance Consultant, you will play a critical role in empowering the organization to leverage AI technologies ethically, responsibly, and in adherence to relevant laws, regulations, and standards.Key ResponsibilitiesDevelop, implement, and maintain...

• 

  AI Governance Specialist

  13 hours ago

  ---

  Buffalo, New York, United States M&T Bank Full time

  OverviewAs an AI Governance Consultant at M&T Bank, you will play a critical role in empowering the organization to leverage AI technologies ethically, responsibly, and in adherence to relevant laws, regulations, and standards. You will work closely with internal stakeholders to develop and maintain policies, procedures, and strategies that help them...

• 

  Vice President of Cybersecurity Risk Management

  3 weeks ago

  ---

  Buffalo, New York, United States M&T Bank Full time

  Company Overview:M&T Bank stands as a prominent national financial institution committed to leveraging technology while ensuring the utmost security for our clients' financial assets. As we enhance our vulnerability management initiatives, we seek a forward-thinking leader to spearhead our Attack Surface Management approach, making a substantial impact...

• 

  Chief Information Security Officer

  7 days ago

  ---

  Buffalo, New York, United States VirtualVocations Full time

  VirtualVocations is seeking a seasoned Enterprise Security Architect to lead the design and implementation of our IT security architecture. The ideal candidate will have a deep understanding of risk management principles and practices, as well as extensive experience in designing and developing IT architectures. Key responsibilities include IT architecture...

• 

  Director of Workplace Safety and Risk Management

  2 weeks ago

  ---

  Buffalo, New York, United States Stark Tech Full time

  Job SummaryWe are seeking a highly skilled and experienced Director of Workplace Safety and Risk Management to join our team at Stark Tech. As a key member of our organization, you will be responsible for administering and overseeing our risk management programs and workers' compensation insurance program.Key ResponsibilitiesAdminister and oversee the...

• 

  Senior Risk Advisory Specialist

  4 weeks ago

  ---

  Buffalo, New York, United States M&T Bank Full time

  Position Overview: This role is integral to the provision of second line Enterprise Risk Management services, aligning with organizational policies, industry benchmarks, and managerial expectations. The incumbent will navigate the dynamic risk management landscape, contributing to the identification of efficiencies in risk management practices across...

• 

  Security Officer

  2 weeks ago

  ---

  Buffalo, New York, United States STRATEGIC SECURITY CORP. Full time

  About the JobWe are seeking a highly skilled and experienced Security Officer to join our team at Strategic Security Corp. in Amherst, NY. As a Security Officer, you will be responsible for ensuring the safety and security of our clients, employees, and visitors.Key Responsibilities:Conduct unarmed foot patrols within a Government, corporate, retail, or fast...

• 

  Senior Treasury Analyst

  2 weeks ago

  ---

  Buffalo, New York, United States Northwest Bank Full time

  Job SummaryWe are seeking a highly skilled Treasury Analyst to join our team at Northwest Bank. As a key member of our risk management team, you will be responsible for assisting in the development of quantitative/analytic models and applications in support of our interest rate and liquidity risk management efforts.Key ResponsibilitiesDevelop and implement...

• 

  Enterprise Risk Management Specialist

  4 weeks ago

  ---

  Buffalo, New York, United States M&T Bank Full time

  Position Overview: This role is integral to the provision of second line Enterprise Risk Management services, aligning with organizational policies, industry benchmarks, and stakeholder expectations. The incumbent will play a crucial role in navigating the dynamic risk management landscape, identifying opportunities for enhancing risk management practices...

• 

  Lead Treasury Risk Analyst

  4 weeks ago

  ---

  Buffalo, New York, United States Northwest LLC Full time

  The Senior Financial Risk Analyst plays a crucial role in the formulation of quantitative and analytical frameworks that support the organization's strategies for managing interest rate and liquidity risks. This position also involves oversight of transactions and reporting related to securities, foreign exchange, interest rate swaps, and borrowings....

• 

  Lead Treasury Risk Analyst

  3 weeks ago

  ---

  Buffalo, New York, United States Northwest LLC Full time

  The Senior Financial Risk Analyst plays a crucial role in the formulation of quantitative and analytical models to bolster the firm's strategies for managing interest rate and liquidity risks. This position also encompasses support for transactions and reporting related to securities, foreign exchange, interest rate swaps, and borrowings. Furthermore, the...

• 

  Lead Application Security Specialist

  18 hours ago

  ---

  Buffalo, New York, United States M&T Bank Full time

  Job SummaryWe are seeking a highly skilled Lead Application Security Engineer to join our team at M&T Bank. As a key member of our technology team, you will be responsible for providing technical leadership and expertise in application security, ensuring the highest level of security and integrity for our applications.Key ResponsibilitiesProvide technical...

• 

  Lead Treasury Risk Analyst

  4 weeks ago

  ---

  Buffalo, New York, United States Northwest LLC Full time

  The Senior Financial Risk Analyst plays a crucial role in the formulation of quantitative and analytical models to bolster the firm's strategies in managing interest rate and liquidity risks. This position also involves supporting transactions and reporting related to securities, foreign exchange, interest rate swaps, and borrowings. The individual will...

Director, Information Security Governance, Risk and Compliance

4 months ago

---

Buffalo, New York, United States Roswell Park Comprehensive Cancer Center Full time

Title: Director, Information Security Governance, Risk and Compliance

Job Type:

RegularCompany:
Roswell Park Cancer InstituteDepartment: Information Security

Time Type:
Full time

Weekly Hours:
40FTE:1Shift: First Shift (United States of America)


Summary: Oversees the processes and personnel involved in the Governance, Risk and Compliance (GRC) functions of the Information Security Department. Leads a team with a hands-on approach; ensures that risk assessments, security training and awareness, third party risk management, and other risk functions are performed in a consistent and thorough manner aligned with industry best practices and recognized security frameworks. Works with internal and external auditors to assess the maturity of the Information Security program. Furthers the maturity of the GRC program through the adoption and refinement of tools, standards, and processes in order to assist the overall Information Security Department to communicate and prioritize risk, and develop a risk-informed strategy for addressing current gaps and future threats.

Starting salary for this position is $161,676 annually which includes a comprehensive benefits package.

Primary Duties Include:

• Oversees and participates in creation of and updating organizational policies aligned to the cybersecurity needs of the organization, best practices, and regulatory requirements such as HIPAA and PCI.
• Monitors compliance with organizational Information Security polices and regulatory requirements through appropriate training and tracking.
• Leads information security awareness and training initiatives to educate workforce about information risks.
• Develops new training programs to increase adoption of a culture of information security.
• Partners with Internal and External audit groups (including state and federal agencies) with the assessment of internal controls and remediation of identified risks.
• Reviews alignment with applicable cybersecurity frameworks and regulations, identifies gaps, and assists with development of remediation plans.
• Identifies and develops metrics to track performance and maturity of the Information Security Program.
• Collaborates and liaises with the data privacy officer to ensure that data privacy requirements are included where applicable.
• Coordinates assessments of internal and third-party systems, assessing the environments for risks.
• Participates with Legal for appropriate contract language.
• Maintains Risk Register.
• Responsible for Risk Acceptance process.
• Performs enterprise information security risk assessment to ensure alignment with all applicable regulations and best practices.
• Manages policy exception process with appropriate stakeholders.
• Develops and oversees Third Party Risk Management function.
• Outlines goals, training and performance metrics for members of the GRC team.
• Oversees development of GRC team members skills to improve processes and performance.
• Coaches GRC team members for performance improvement.
• Takes action on matters of discipline, promotion, salary, and other matters related to GRC team members, as needed and with assistance from the CISO.
• Performs training to internal and external staff as needed.
• Maintains established departmental policies and procedures, objectives, quality assurance programs, safety and compliance standards.
• Enhances professional growth and development by participating in educational programs, reading current literature, and participating in in-service meetings and workshops.
• Demonstrated knowledge and experience of Risk Management principles.
• Experience with Risk Management Frameworks, such as NIST CSF, NIST 800-53, HITRUST, ISO27001 and others.
• Possesses knowledge of the HIPAA Security Rule and additional government technology laws.
• Experienced in the management of physical and logical information security systems.
• Excellent technical skills (application and operating system hardening, vulnerability assessments, security audits, TCP/IP, intrusion detection systems, firewalls, etc.)

Qualifications:Required Education and Experience

Certification Requirement

Current Cybersecurity certification, such as, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), Certified Risk and Information Systems Control (CRISC), Global Information Assurance Certification (GIAC), or equivalent information security certification.

Education and Experience

• Master's degree in Computer Science, Information Systems or a related field and the equivalent of eight (8) years of full-time experience in information security related hardware, software and processes; or
• Bachelor's degree in Computer Science, Information Systems or a related field and the equivalent of ten (10) years of full-time experience in information security related hardware, software, and processes; or
• Associate's degree in Computer Science, Information Systems or a related field and the equivalent of twelve (12) years of full-time experience in information security related hardware, software, and processes; or
• High School Diploma or High School Equivalency Diploma and the equivalent of fourteen (14) years of full-time experience in information security related hardware, software and processes.

NOTE:

Required degrees must have been granted by an accredited school, college or university or one recognized by Roswell Park Comprehensive Cancer Center as following acceptable educational practices.

Preferred Qualifications:

The preferred candidate will be Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials.

they will also have prior HIPAA experience, prior management experience, and GRC tool experience.

Equal Employment Opportunity Statement

Roswell Park Cancer Institute Corporation (RPCIC) and Health Research Inc.

(HRI) Roswell Park Division believe that all persons are entitled to equal employment opportunities, and we do not discriminate against our employees, applicants or job seekers because of their race, color, religion, sex, sexual orientation, gender identity or expression, national origin, creed, age, disability, pregnancy-related condition, military or veteran status, marital or familial status, domestic violence victim status, citizenship status, genetic information, individual's relationship or association with a member of a protected category or any other protected group status as defined by law.

Reasonable Accommodation Request

RPCIC and HRI are committed to working with and providing reasonable accommodation to individuals with disabilities.

If, because of a medical condition or disability, you need a reasonable accommodation for any part of the employment process, please email HR- and let us know the nature of your request and your contact information.

Our Core Values

RPCIC and HRI are committed to providing an environment where patients, families, employees and community are treated with courtesy and respect.

We support an inclusive environment that nurtures the talents, skills and abilities of each individual to embody and reflect our core values:
Innovation, Integrity, Teamwork, Commitment, Compassion and Respect.

Historical Compensation Information Statement

Pursuant to Executive Order 161, no State entity, as defined by the Executive Order, is permitted to ask, or mandate, in any form, that an applicant for employment provide his or her current compensation, or any prior compensation history, until such time as the applicant is extended a conditional offer of employment with compensation.

If such information has been requested from you before such time, please contact the Governor's Office of Employee Relations at or via email at

Minimum Salary:

Maximum Salary:

Salary Unit:
Yearly

---

Report this job