Information Security Manager/UKHC

Job description

The University of Kentucky HealthCare (UKHC) is seeking an Information Security Risk Manager to lead the risk management and compliance function. Essential duties and responsibilities include but are not limited to:

• Developing and providing oversight of the risk management strategy and program
• Supporting the CISO in the formulation of information technology related policies
• Providing personnel management for GRC team
• Planning and conducting information security risk assessments to proactively identify, mitigate, and reduce risk to the organization
• Reviewing third party contracts for compliance with security requirements and recommending appropriate language as necessary
• Providing guidance and recommendations in order to comply with regulatory requirements including HIPAA, FDA, CMS, and PCI-DSS
• Preparing reports that identify technical and procedural findings, and providing recommended remediation strategies and solutions
• Communicating risk posture, security metrics, and security issues to leadership
• Guiding the development and implementation of appropriate security controls for information technology applications and infrastructure
• Collaborating with technical and non-technical teams to analyze and recommend actions related to vulnerabilities and control weaknesses
• Providing security requirements to be included in statements of work and other appropriate procurement documents
• Developing methods to monitor and measure risk, compliance, and assurance efforts
• Promoting security awareness across the organization

Job Title
Information Security Manager/UKHC

Requisition Number

Working Title
Information Security Risk Manager

Department Name
H3997:EVPHA Information Technology

Work Location
2317 Alumni Park Plaza

Grade Level

Salary Range

Type of Position

Position Time Status

Required Education


Click here for more information about equivalencies:

Required Related Experience

7 yrs

Required License/ Registration/Certification

Certified CISSP and CISM at time of hire

Physical Requirements

The physical requirements for this position include communicating effectively; building positive working relationships with individuals from diverse backgrounds; abiding by University guidelines; maintaining confidentiality; prioritizing and managing work effectively; providing exceptional customer service; performing work in a sedentary position; walking, standing, and sitting for extended periods of time; reporting to meetings at different locations both on and off campus; and interacting with individuals from various levels throughout the University.


Primarily days; 8:00 AM - 5:00 PM. However, this is an exempt position and may require additional time during evenings, weekends, and holidays to accomplish work goals.


• 7+ years experience in information security
• BS required, MS preferred, or equivalent experience
• CISSP required
• CISM required
• Expert knowledge of HIPAA, PCI, ISO 27001/27002, HITRUST, COBIT, ITIL, and risk management frameworks including ISO 27005/31000/31010, NIST SP 800-30, NIST SP 800-39 preferred
• Demonstrated ability to lead and perform risk assessment/management activities
• Strong analytical skills and the ability to resolve complex problems
• Ability to work independently
• Strong interpersonal and communication skills and ability to effectively communicate with management, staff and regulatory agencies
• Policy and procedure development

Does this position have supervisory responsibilities?

Preferred Education/Experience

Degree in Information Technology or equivalent required.

Deadline to Apply

University Community of Inclusion

The University of Kentucky is committed to a diverse and inclusive workforce by ensuring all our students, faculty, and staff work in an environment of openness and acceptance. We strive to foster a community where people of all backgrounds, identities, and perspectives can feel secure and welcome. We also value the well-being of each of our employees and are dedicated to creating a healthy place to work, learn and live. In the interest of maintaining a safe and healthy environment for our students, employees, patients and visitors the University of Kentucky is a Tobacco & Drug Free campus.

As an Equal Opportunity Employer, we strongly encourage veterans, individuals with disabilities, women, and all minorities to consider our employment opportunities.

Any candidate offered a position may be required to pass pre-employment screenings as mandated by University of Kentucky Human Resources. These screenings may include a national background check and/or drug screen.

Posting Specific Questions

Required fields are indicated with an asterisk (*).

  1. * University of Kentucky HealthCare recognizes a set of values that guide us in our daily interactions. By applying for a position within UK Healthcare, you are indicating your commitment and expressing your agreement to our five values. These values are diversity, innovation, respect, compassion, and teamwork. Please choose one of the UK Healthcare values and give a specific example when you exhibited this quality in your professional experience.

    (Open Ended Question)

  2. * Where did you first see this position advertised other than on UK's online employment system?
    • (Diverse Issues in Higher Education)
    • (Higher Education Recruitment Consortium)
    • Institute for Diversity in Health Management
    • A Colleague, Friend and/or Family Member
    • None of the Above

Applicant Documents

Required Documents
  1. Resume
  2. Cover Letter
Optional Documents





    Diversity Profile: University



    View more

    Learn more on Inside Higher Ed's College Page for University

    Arrow pointing right
    Job No:
    Posted: 4/12/2018
    Application Due: 4/26/2018
    Work Type: