Now is the time to join an organization that enables you to be a relentless force for a world of longer, healthier lives.  Here at the American Heart Association, you matter and so does your career!

The American Heart Association has an excellent opportunity for a Business Technology Risk Manager.

The Business Technology Risk Manager is responsible for identifying, analyzing, and managing technology risk across the department and the AHA organization. Responsible for conducting security assessments, maturity measurements, and threat modeling exercises. Responsible for partnering with AHA staff, vendors, and service providers to protect the confidentiality, integrity, and availability of AHA's data as well as resolving security threats and vulnerabilities.  Responsible for contributing to the overall cybersecurity and risk management plan. Candidate will focus on reviews of critical technology functions including cloud-based technology, emerging technology, SaaS offerings for both B2B and B2C markets, PCI, SOC 2 and security risks. The candidate will have a high level of exposure across lines of business and have the opportunity to work with senior Technical and Cyber Executives to build and implement innovative solutions to appropriately identify and mitigate risks within the American Heart Association.

The American Heart Association offers programs to help you maintain work/life satisfaction according to your changing needs and life situations. To help you be successful, you will have access to Heart U, our award-winning corporate university as well as various other training and support mechanisms locally and through our National Center.

#TheAHALife is our company culture, our way of life, reflecting our diversity and inclusion, our focus on work-life satisfaction, and our Guiding Values - Check out this hashtag on Facebook, Instagram, and Twitter today!

Essential Job Duties

• Serve as point of contact to lead and coordinate technical incident response. Review and analyze statistics of network events and system performance to locate and recommend remediation. Lead response planning for discovered vulnerabilities.
• Enhance Service Provider Security Assessment process by collaborating with business and technology stakeholders. Analyze and maintain security scorecards and metrics from vendors, corporate functions, and regional offices.
• Lead and oversee the annual PCI Data Security Certification, SOC 1&2, RedTeam process across the organization and in regions. Oversee the Vulnerability Management Program, including coordinating across BT Team, processing vulnerability scans, and reporting to BT leadership.
• Collaborate with team in developing and implementing strategic initiatives for the Cyber Risk Management Program (CRMP). Collaborating with Legal and Compliance regional risk management and data privacy laws.
• Prepare and ensure proper documentation of technology assessment results. Monitor remediation. Deliver all documentation developed during task execution, with status of all work in progress. Prepare and distribute weekly and monthly status reports such as technical task reports and threat management reports.
• Weigh business needs against security concerns. Articulate issues and provide proposals or recommendations to management.
• Assist project teams in the implementation of security measures to meet corporate security policies, manage risk, and meet external regulations, including various data security standards.
• Lead Business Technology Disaster Recovery process. Participate in security awareness program.

Minimum Qualifications

• Bachelor's or higher degree in one of the following areas: Computer Sciences, Computer Engineering, Information Assurance and/or Information Security
• Seven (7)years of experience applying information security controls, methods, processes, and risk management best practices in a Global-International forum. Experience should include CyberRisk framework, PCI DSS, or International Information Security Frameworks
• Five (5) years of experience in Vulnerability Management programs, including the assessment and reporting process, as well as lead remediation efforts across the technical teams and service providers.
• Most recent experience implementing PCI DSS framework. Experience with Security Controls frameworks (e.g., ISO 27001, NIST, PCI DSS, RMF, etc).
• Ability lead PCI Certification process, lead implementation of new controls, and report status to business technology management
• Ability to work optimally in an environment characterized by concurrent and competing deadlines for multiple projects and with conflicting priorities.
• Ability to communicate and develop relationships through interpersonal skills (including strong documentation skills)
• Ability to effectively communicate security-related concepts to a broad variety of technical and non-technical staff; across IT and business
• Comprehensive information security technical knowledge to assess the following processes: Threat Management Systems, Intrusion Detection System/ Intrusion Prevention System (IDS/IPS), DLP, SIEM, among others
• Certification in CISSP, CISM, or CISA

Preferred

• Ability to work as a team member as well as independently
• Information Security Certifications such as CEH, PCI, GIAC, ABCP, etc.

The American Heart Association invests in its people. Here are the main components of our total rewards package.  Visit Rewards & Benefits to see more details.

• Compensation – Our goal is to ensure you have a competitive base salary.  That’s why we regularly review the market value of jobs and make adjustments, as needed.
  
  
• Performance and Recognition – You are rewarded for achieving success by merit increases and incentive programs, based on the type of position.
  
  
• Benefits – We offer a wide array of benefits including medical, dental, vision, disability, and life insurance, along with a robust retirement program that includes an employer match and automatic contribution.  As a mark of our commitment to employee well-being, we also offer an employee assistance program, employee wellness program and telemedicine, and medical consultation.
  
  
• Professional Development – You can join one of our many Employee Resource Groups (ERG) or be a mentor/mentee in our professional mentoring program.  HeartU is the Association’s national online university, with more than 100,000 resources designed to meet your needs and busy schedule.
  
  
• Work-Life Harmonization – The Association offers Paid Time Off (PTO) at a minimum of 16 days per year for new employees.  The number of days will increase based on seniority level.  You will also have a total of 12 paid holidays off each year, which includes several days off at the end of the year.
  
  

• Tuition Assistance - We support the career development of all employees.  This program provides financial assistance to employees who wish to further their education and career in relation to their current duties and responsibilities, or for potential future positions in the organization.

The American Heart Association’s 2024 Goal: Every person deserves the opportunity for a full, healthy life. As champions for health equity, by 2024, the American Heart Association will advance cardiovascular health for all, including identifying and removing barriers to health care access and quality.

At American Heart Association | American Stroke Association, diversity, inclusion, and equal opportunity applies to both our workforce and the communities we serve as it relates to heart health and stroke prevention.

This position not a match with your skills?  Click here to see other opportunities.

EOE/Protected Veterans/Persons with Disabilities