The ISO is responsible for leading the organization's Security Risk Analysis (SRA), cybersecurity risk management, PCI compliance, data governance, AI governance, vendor risk management, and ...
The ISO is responsible for leading the organization's Security Risk Analysis (SRA), cybersecurity risk management, PCI compliance, data governance, AI governance, vendor risk management, and ...
The ISO is responsible for leading the organization's Security Risk Analysis (SRA), cybersecurity risk management, PCI compliance, data governance, AI governance, vendor risk management, and ...
The ISO is responsible for leading the organization's Security Risk Analysis (SRA), cybersecurity risk management, PCI compliance, data governance, AI governance, vendor risk management, and ...
... management, and cybersecurity compliance frameworks such as NIST SP 800-171 and CMMC. This is a 100 ... Experience conducting cybersecurity risk assessments. * Experience implementing Security Technical ...
... management, and cybersecurity compliance frameworks such as NIST SP 800-171 and CMMC. This is a 100 ... Experience conducting cybersecurity risk assessments. * Experience implementing Security Technical ...
... management, and cybersecurity compliance frameworks such as NIST SP 800-171 and CMMC. This is a 100 ... Experience conducting cybersecurity risk assessments. * Experience implementing Security Technical ...
... management, and cybersecurity compliance frameworks such as NIST SP 800-171 and CMMC. This is a 100 ... Experience conducting cybersecurity risk assessments. * Experience implementing Security Technical ...
AATC Cybersecurity Systems Engineer
Tucson, AZ · On-site
$54.25 - $66.50/hr
Manage external cyber surge teams as required. * Drive the implementation, assessment, and continuous monitoring of the DoD Risk Management Framework (RMF) and NIST SP 800-53 security and privacy ...
AATC Cybersecurity Systems Engineer
Tucson, AZ · On-site
$54.25 - $66.50/hr
Manage external cyber surge teams as required. * Drive the implementation, assessment, and continuous monitoring of the DoD Risk Management Framework (RMF) and NIST SP 800-53 security and privacy ...
Cyber Security Tutor
Tucson, AZ · Remote
$18 - $40/hr
Emphasizes a systematic approach to security assessment and connects cybersecurity to business risk management, compliance requirements, and ethical computing practices. * Curriculum Awareness ...
Cyber Security Tutor
Tucson, AZ · Remote
$18 - $40/hr
Emphasizes a systematic approach to security assessment and connects cybersecurity to business risk management, compliance requirements, and ethical computing practices. * Curriculum Awareness ...
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
Information System Security Officer (ISSO) - Tucson, AZ with Security Clearance
Tucson, AZ · On-site
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
Information System Security Officer (ISSO) - Tucson, AZ with Security Clearance
Tucson, AZ · On-site
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
SkillBridge Intern DoD: Information System Security Officer - Tu with Security Clearance
Tucson, AZ · On-site
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
SkillBridge Intern DoD: Information System Security Officer - Tu with Security Clearance
Tucson, AZ · On-site
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
Information System Security Officer (ISSO) - Tucson, AZ with Security Clearance
Tucson, AZ · On-site
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
Information System Security Officer (ISSO) - Tucson, AZ with Security Clearance
Tucson, AZ · On-site
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
Cybersecurity, systems security or hardening * Information Technology * Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM ...
Ongoing support in the areas of incident response and investigation, vulnerability management ... Collaborate with other teams to assess risk and coordinate response based on existing Work ...
Ongoing support in the areas of incident response and investigation, vulnerability management ... Collaborate with other teams to assess risk and coordinate response based on existing Work ...
Cybersecurity Risk Management information
See Tucson, AZ salary details
$52.9K - $63.8K
1% of jobs
$63.8K - $74.7K
4% of jobs
$74.7K - $85.6K
5% of jobs
$85.6K - $96.5K
9% of jobs
$102.5K is the 25th percentile. Wages below this are outliers.
$96.5K - $107.4K
11% of jobs
$107.4K - $118.3K
10% of jobs
The median wage is $122.5K / yr.
$118.3K - $129.2K
28% of jobs
$135.4K is the 75th percentile. Wages above this are outliers.
$129.2K - $140K
14% of jobs
$140K - $150.9K
11% of jobs
$150.9K - $161.8K
4% of jobs
$161.8K - $172.7K
4% of jobs
$52.9K
$123.5K
$172.7K
How much do cybersecurity risk management jobs pay per year?
Can I make $200,000 a year in cyber security?
What are some common challenges faced by professionals in Cybersecurity Risk Management, and how can they be addressed?
How much does a cybersecurity risk analyst make?
What is the difference between Cybersecurity Risk Management vs Cybersecurity Analyst?
| Aspect | Cybersecurity Risk Management | Cybersecurity Analyst |
|---|---|---|
| Certifications | CRISC, CISSP, CISM | CompTIA Security+, CEH, CISSP |
| Work Environment | Risk assessment, policy development, strategic planning | Monitoring security systems, incident response, vulnerability analysis |
| Employer & Industry Usage | Financial, healthcare, government, large enterprises | IT departments, cybersecurity firms, corporate security teams |
Cybersecurity Risk Management focuses on identifying, assessing, and mitigating security risks at an organizational level, often involving policy creation and strategic planning. In contrast, a Cybersecurity Analyst primarily monitors security systems, responds to incidents, and analyzes vulnerabilities. Both roles require similar certifications but serve different functions within cybersecurity teams.
What are the key skills and qualifications needed to thrive in Cybersecurity Risk Management, and why are they important?
What does a cyber risk manager do?
What is cybersecurity risk management?
Can you make $500,000 a year in cyber security?
Full-time
Posted 7 days ago
Job description
The Information Security Officer (ISO) is responsible for. providing enterprise leadership, accountability and subject matter expertise for information security, cybersecurity, compliance, risk management, and governance activities. The ISO serves as the organization's primary authority on the protection, governance, and responsible use of information assets, ensuring compliance with regulatory requirements while supporting organizational growth, innovation, and patient care.
This position develops and maintains enterprise-wide security, governance, and risk management frameworks that safeguard organizational data and technology resources. The ISO collaborates closely with executive leadership, Information Technology, Clinical Informatics, Compliance, Operations, Human Resources, and business stakeholders to establish policies, standards, and governance processes that support organizational objectives.
The ISO is responsible for leading the organization's Security Risk Analysis (SRA), cybersecurity risk management, PCI compliance, data governance, AI governance, vendor risk management, and regulatory compliance programs.
The ISO serves as a trusted advisor to executive leadership regarding cybersecurity strategy, HIPAA Security Rule compliance, contingency planning, data governance, AI governance, enterprise risk management, regulatory compliance, and emerging technology risks.
Marana Health is a Federally Qualified Community Health Center (FQHC), with 11 sites in Tucson and Pima County. Our mission is to improve our community by providing exceptional, whole-person healthcare.
The following qualifications are required:
- Bachelor's degree in Information Security, Cybersecurity, Information Technology, Information Systems, Computer Science, Healthcare Informatics, Business Administration, or related field required.
- Minimum seven (7) years of progressively responsible experience in information security, cybersecurity, risk management, governance, compliance, or healthcare technology leadership, including experience conducting Security Risk Analyses (SRA), risk management activities, and regulatory compliance initiatives.
- Minimum three (3) years of experience developing, implementing, or managing enterprise security, governance, or compliance programs.
- Fingerprint Clearance Card through the Arizona Department of Public Safety.
- Current Arizona driver's license with clean driving record and proof of current vehicle insurance (39-month MVR will be run by MH)
- Experience conducting risk assessments, developing policies, and implementing security controls.
- Experience managing vendor security reviews and regulatory compliance initiatives.
- Experience leading cross-functional projects and organizational initiatives.
- Experience presenting information to executive leadership and organizational stakeholders.
- Strong understanding of ambulatory healthcare workflows and healthcare operations.
The following qualifications are preferred:
- Master's degree in Information Security, Cybersecurity, Information Technology, Healthcare Informatics, Business Administration, or related field.
- Experience supporting Federally Qualified Health Centers (FQHCs), healthcare systems, or ambulatory healthcare organizations.
- Experience serving as a HIPAA Security Officer or equivalent security leadership role.
- Experience implementing NIST Cybersecurity Framework, CIS Controls, HITRUST, or similar governance and security frameworks.
- Experience leading enterprise data governance initiatives.
- Experience developing AI governance programs and responsible technology governance frameworks.
- Experience managing regulatory audits, security assessments, and compliance reviews.
- Experience leading enterprise Security Risk Analyses (SRA), risk remediation programs, and regulatory compliance initiatives.
- Experience managing PCI DSS compliance programs, assessments, and remediation activities.
CERTIFICATIONS
One or more of the following certifications is preferred:
- CISSP - Certified Information Systems Security Professional
- HCISPP - Healthcare Information Security and Privacy Practitioner
- CISM - Certified Information Security Manager
- CRISC - Certified in Risk and Information Systems Control
- CISA - Certified Information Systems Auditor
- CDMP - Certified Data Management Professional
- Security+
Equivalent combination of education and experience may be considered if applicable and must be directly related to the functions and body of knowledge required to successfully perform the job.
The ideal candidate will also possess the following knowledge, skills, and abilities:
- Thorough knowledge of HIPAA Security Rule requirements and healthcare cybersecurity practices.
- Strong understanding of data governance, data stewardship, data quality, data lifecycle management, and information management principles.
- Knowledge of NIST Cybersecurity Framework, CIS Controls, HITRUST, and other industry-recognized security standards.
- Understanding of cloud security, identity and access management, network security, endpoint protection, vulnerability management, and incident response.
- Knowledge of vendor risk management, third-party security assessments, and contract security requirements.
- Understanding of AI governance frameworks, emerging technologies, and associated security and compliance risks.
- Knowledge of Security Risk Analysis (SRA) methodologies, risk assessment frameworks, and risk management best practices.
- Knowledge of PCI DSS requirements and payment card security standards.
- Ability to develop and implement organizational policies, standards, and governance frameworks.
- Ability to communicate complex technical concepts effectively to executive, clinical, operational, and non-technical audiences.
- Knowledge of contingency planning, business continuity planning, disaster recovery planning, and emergency preparedness frameworks.
- Ability to develop, implement, test, and maintain organizational contingency and recovery plans for critical business and technology functions.
- Strong analytical, organizational, problem-solving, and project management skills.
- Ability to build collaborative relationships across departments and influence organizational decision-making.
- Excellent written, verbal, presentation, and facilitation skills.
- Ability to manage multiple priorities and initiatives in a dynamic healthcare environment.
Duties and Responsibilities:
Information Security Leadership
- Develop, implement, and maintain a comprehensive enterprise information security program aligned with organizational goals and industry best practices.
- Establish and maintain information security policies, standards, procedures, and controls.
- Lead cybersecurity governance initiatives and provide strategic guidance to executive leadership.
- Develop and maintain cybersecurity, compliance, governance, and risk management metrics, dashboards, and key performance indicators (KPIs) for executive leadership and organizational reporting.
- Conduct organizational security risk assessments and develop mitigation strategies.
- Monitor and communicate emerging cybersecurity threats and risks affecting healthcare organizations.
- Provide leadership for security-related projects and organizational initiatives.
Data Governance and Information Management
- Coordinate and facilitate organizational data governance activities and maintain accountablility in partnership with Clinical Informatics, Analytics, Compliance, and operational leaders
- Establish enterprise data governance policies, standards, and procedures.
- Partner with clinical, operational, financial, and technology leaders to define data ownership, stewardship, and accountability.
- Coordinate Data Governance Committee activities and governance initiatives.
- Establish standards for data classification, retention, access, sharing, archival, and disposal.
- Promote data quality, integrity, consistency, and reliability across organizational systems.
- Maintain enterprise data inventories and support data lineage and information asset management efforts.
- Collaborate with Clinical Informatics, Enterprise Analytics, Compliance, and operational leadership to establish governance standards for clinical, operational, financial, and artificial intelligence data assets.
- Monitor organizational data quality issues and facilitate remediation efforts.
- Establish governance processes supporting responsible and ethical use of organizational data.
Cybersecurity Operations
- Oversee vulnerability management, security monitoring, incident response, and threat mitigation efforts.
- Coordinate investigations and response activities related to security incidents and data breaches.
- Lead business continuity and disaster recovery security planning activities.
- Review and provide security oversight for new systems, applications, integrations, cloud services, artificial intelligence technologies, and technology initiatives to ensure alignment with organizational security standards, regulatory requirements, and risk management objectives.
- Collaborate with Information Technology teams to implement and maintain appropriate security controls.
- Monitor organizational compliance with established security standards and policies.
Incident Response and Cybersecurity Event Management
- Serve as the organizational lead for cybersecurity incidents, coordinating incident response activities, executive communications, regulatory notification requirements, remediation efforts, and post-incident reviews.
- Coordinate with Information Technology, Compliance, Human Resources, Legal, and executive leadership during cybersecurity incidents, data breaches, and security investigations.
- Develop and maintain incident response procedures, escalation processes, and communication plans.
- Conduct periodic incident response exercises and lessons-learned reviews to improve organizational preparedness and resilience.
HIPAA Security and Regulatory Compliance
- Serve as the organization's designated HIPAA Security Officer and maintain accountability for implementation, monitoring, and ongoing compliance with HIPAA Security Rule requirements.
- Ensure compliance with HIPAA Security Rule requirements and other applicable regulatory requirements.
- Own, coordinate, and execute the organization's enterprise-wide Security Risk Analysis (SRA) program, including annual assessments, ongoing risk evaluations, risk identification, remediation planning, and executive reporting.
- Develop, maintain, and monitor corrective action plans resulting from Security Risk Analyses, security audits, penetration tests, vulnerability assessments, and compliance reviews.
- Coordinate and maintain required security risk analyses and risk management activities.
- Lead security-related audit preparation and responses.
- Develop and maintain documentation supporting regulatory compliance.
- Monitor changes in regulations and industry standards and advise leadership regarding organizational impacts.
- Collaborate with Compliance and Legal teams on privacy and security initiatives.
Contingency Planning, Business Continuity, and Disaster Recovery
- Develop, implement, and maintain the organization's contingency planning program in accordance with HIPAA Security Rule requirements and industry best practices.
- Lead the development and maintenance of Business Continuity Plans (BCPs), Disaster Recovery Plans (DRPs), Emergency Operations Plans, and technology recovery procedures.
- Conduct Business Impact Analyses (BIAs) to identify critical systems, applications, processes, and recovery priorities.
- Coordinate periodic testing, tabletop exercises, and validation of contingency, business continuity, and disaster recovery plans.
- Partner with Information Technology, Clinical Operations, Facilities, and organizational leadership to ensure continuity plans support patient care and business operations during disruptions.
- Monitor and report on organizational readiness related to business continuity, disaster recovery, and emergency preparedness activities.
- Coordinate corrective action plans resulting from contingency plan testing, disaster recovery exercises, and actual events.
- Ensure contingency planning activities align with organizational risk management, regulatory compliance, cybersecurity, and operational resilience objectives.
Vendor Risk Management
- Develop and maintain a third-party risk management program.
- Conduct security assessments of vendors, business associates, and technology partners.
- Review Business Associate Agreements (BAAs) and security requirements for third-party relationships.
- Participate in procurement and contract review processes to ensure appropriate security and compliance protections.
- Identify and mitigate risks associated with vendor relationships and system integrations.
Artificial Intelligence (AI) Governance
- Maintain accountability for AI governance standards while providing security, privacy, and risk guidance related to AI initiatives
- Evaluate privacy, security, ethical, and regulatory considerations associated with AI technologies.
- Collaborate with Clinical Informatics, Operations, Compliance, and IT leadership regarding AI initiatives.
- Establish governance frameworks supporting responsible AI adoption and use.
- Monitor emerging AI regulations, guidance, and industry best practices.
- Ensure AI initiatives align with organizational g