Sentara Healthcare Jobs

Manager IT-Cybersecurity Compliance

Sentara Healthcare

Manager IT-Cybersecurity Compliance

Posted 5 Days Ago

Be an Early Applicant

Hiring Remotely in Norfolk, VA, USA

In-Office or Remote

Senior level

Healthtech

The Role

Lead a team to develop and run a cyber security compliance program: assess controls, manage regulatory and contractual compliance (HIPAA, NIST, SOC2, ISO27001), coordinate audits, drive remediation, implement GRC tooling and continuous improvement, and advise business and technology owners on security compliance.

Summary Generated by Built In

City/State

Norfolk, VA

Work Shift

First (Days)

Overview:

Overview

The Manager – Cyber Security Compliance is responsible for establishing and maintaining the overall cyber security compliance program. This position will lead a team of cyber security compliance professionals by enabling a holistic compliance framework and assurance readiness for regulations, standards, and contract obligations within Sentara Healthcare. Managing and reporting on cyber security compliance in a manner that meets Sentara Healthcare’s requirements. Reporting to the Director of GRC in Cyber Security, this leader ensures compliance against regulatory, industry and contractual requirements. Further, set the strategy and drive effective process, methodology and technology solutions to support the cyber defense of Sentara Healthcare, focusing on continuous improvement, data protection, governance, risk management, and mitigation.

As a domain expert in compliance and assurance, engage at management and technical levels to develop/refine strategy, identify control breakdowns, risks, and opportunities to deliver a comprehensive and robust compliance function. In addition, elevate how we engage with business and technology control owners. Establish a framework and process to execute readiness assessments for compliance against cyber security standards and requirements.

Primary Responsibilities:

Lead team of cyber security compliance professionals to measure compliance against a broad range of control requirements, both internally and externally.
Ownership of cyber security compliance strategy, programs and related initiatives including regulatory audits and compliance management, Controls testing, medical device security, metrics and risk and performance indicators.
Understand key security and compliance frameworks including but not limited to HIPAA, HICP 405(d), NIST800-171, SOC2, ISO27001, and laws/regulations.
Manage compliance initiatives to ensure control effectiveness with applicable laws and regulations, as well as internal policies and procedures.
Monitor activities of assigned IT areas to ensure control assurance of internal policies and standards.
Participate in the development and implementation of new business initiatives involving compliance to ensure functionality required to support required compliance.
Provide guidance to business functions on compliance/security-related matters and lead investigations.
Coordinate audit-related tasks to ensure the readiness of managers and their teams for audit testing and facilitate corrective actions process for ownership and timely remediations.
Initiate improvement activities to reduce risk, ensure compliance, lower cost, and improve quality within IT processes.
Refine and revise existing policies

Education

Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (Preferred)

7+ years in a cyber security management role, preferably in Governance, Risk or Compliance without a Bachelor's Degree (Required)

Certification/Licensure

CISSP (Certified Information Systems Security Professional)(Preferred)
CISM (Certified Information Security Manager)(Preferred)
CRISC (Certified in Risk and Information Systems Control)(Preferred)
CISA (Certified Information Systems Auditor)(Preferred)

Experience

5+ years in a cyber security management role, preferably in Governance, Risk or Compliance with a Bachelor's Degree (Required)
7+ years in a cyber security management role, preferably in Governance, Risk or Compliance without a Bachelor's Degree (Required)
Preferred candidates will have moved up through the ranks of Cyber Security Governance, Risk and Compliance.
Experience with various industry regulations and frameworks (PCI, HIPAA, Data Privacy Laws, ISO27001/2, NIST, HITRUST, etc.)
Experience with GRC tools such as Service Now, Archer, etc.
Experience working in a highly regulated environment.
Experience in information security and auditing with increasing responsibilities.
Strong background in security controls, auditing, network, and system security.
Ability to express complex technical concepts in business terms.
Evaluate effectiveness of the internal security control framework and recommend adjustments as business needs change.
Ability to build and manage a highly motivated team
Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.
Proven ability to manage and mentor cyber security analysts at all levels.

Keywords: Talroo - IT

Benefits: Caring For Your Family and Your Career

• Medical, Dental, Vision plans

• Adoption, Fertility and Surrogacy Reimbursement up to $10,000

• Paid Time Off and Sick Leave

• Paid Parental & Family Caregiver Leave

• Emergency Backup Care

• Long-Term, Short-Term Disability, and Critical Illness plans

• Life Insurance

• 401k/403B with Employer Match

• Tuition Assistance – $5,250/year and discounted educational opportunities through Guild Education

• Student Debt Pay Down – $10,000

• Reimbursement for certifications and free access to complete CEUs and professional development

•Pet Insurance
•Legal Resources Plan
•Colleagues have the opportunity to earn an annual discretionary bonus if established system and employee eligibility criteria is met.

Sentara Health is an equal opportunity employer and prides itself on the diversity and inclusiveness of its close to an almost 30,000-member workforce. Diversity, inclusion, and belonging is a guiding principle of the organization to ensure its workforce reflects the communities it serves.

In support of our mission “to improve health every day,” this is a tobacco-free environment.

For positions that are available as remote work, Sentara Health employs associates in the following states:

Alabama, Delaware, Florida, Georgia, Idaho, Indiana, Kansas, Louisiana, Maine, Maryland, Minnesota, Nebraska, Nevada, New Hampshire, North Carolina, North Dakota, Ohio, Oklahoma, Pennsylvania, South Carolina, South Dakota, Tennessee, Texas, Utah, Virginia, Washington, West Virginia, Wisconsin, and Wyoming.

Skills Required

5+ years in a cyber security management role (with a Bachelor's degree)
7+ years in a cyber security management role (if no Bachelor's degree)
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field
Knowledge and experience with HIPAA, HICP 405(d), NIST SP 800-171, SOC2, ISO27001 and related laws/regulations
Experience with GRC tools such as ServiceNow and Archer
Experience in highly regulated environments and managing regulatory audits and compliance initiatives
Experience evaluating and testing security controls, auditing, and recommending control adjustments
Experience or knowledge of medical device security
Proven ability to build, manage, mentor, and lead cyber security analysts and teams
Ability to communicate complex technical security concepts in business terms
CISSP, CISM, CRISC, or CISA certifications
Organized, detail-oriented, able to manage multiple projects and deadlines

Sentara Healthcare Compensation & Benefits Highlights

The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Sentara Healthcare and has not been reviewed or approved by Sentara Healthcare.

Parental & Family Support — Four weeks of paid parental leave at full base pay and two weeks of job‑protected family caregiver leave support major life and care needs. Emergency back‑up care and reimbursements for infertility, adoption, and surrogacy further bolster family support.
Retirement Support — A 401(A) plan alongside 403(B)/401(K) employer matching is designed to strengthen long‑term financial security. Company‑paid life insurance with buy‑up options adds additional protection for families.
Flexible Benefits — Choice of medical plan designs and dental/vision options enables tailoring coverage to individual needs. An annual election between tuition assistance and student‑loan repayment offers flexibility to align with financial or education priorities.

Learn more about Sentara Healthcare's Compensation & Benefits →

Sentara Healthcare Insights

What's It Like to Work at Sentara Healthcare? Sentara Healthcare Culture & Values Sentara Healthcare Career Growth & Development What's the Work-Life Balance Like at Sentara Healthcare? Sentara Healthcare Leadership & Management Sentara Healthcare Company Growth, Stability & Outlook

View all jobs at Sentara Healthcare

View Sentara Healthcare Profile

Report Job

Am I A Good Fit?

beta

Get Personalized Job Insights.

Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company

HQ: Norfolk, VA

10,975 Employees

Year Founded: 1888

What We Do

Sentara Healthcare celebrates a 130-year history of innovation, compassion and community benefit. Based in Norfolk, VA, Sentara is a diverse not-for-profit family of 12 hospitals, an array of integrated services and a team of nearly 30,000 strong on a mission to improve health every day. This mandate is pursued through a disciplined strategy to achieve Top 10% performance in key measures through shared best practices, transformation of primary care through clinical integration and strategic growth that adds value to the communities we serve in Virginia and North Carolina.