<p>Connecticut Children's is the only health system in Connecticut that is 100% dedicated to children. Established on a legacy that spans more than 100 years, Connecticut Children's offers personalized medical care in more than 30 pediatric specialties across Connecticut and in two other states. Our transformational growth establishes us as a destination for specialized medicine and enables us to reach more children in locations that are closer to home. Our breakthrough research, superior education and training, innovative community partnerships, and commitment to diversity, equity and inclusion provide a welcoming and inspiring environment for our patients, families and team members.</p> <p>At Connecticut Children's, treating children isn't just our job - it's our passion. As a leading children's health system experiencing steady growth, we're excited to expand our team with exceptional team members who share our vision of transforming children's health and well-being as one team.</p> <p>The Manager of IS Architecture & Compliance supports the organization's information security and compliance initiatives, ensuring adherence to internal security policies, regulatory requirements, and architectural security standards.</p> <p>Education and/or Experience Required:</p> <ul> <li>Education: High School Diploma, GED or equivalent. </li><li>Experience: </li><li>3-5 years of Information security or compliance related activities. </li><li>2 years' supervisory or management experience. </li></ul> <p>Education and/or Experience Preferred:</p> <ul> <li>Education: Bachelor's degree in Computer Science, Information Security, or a related field. </li><li>Experience: </li><li>Experience with Epic system. </li><li>Experience in a healthcare organization. </li></ul> <p>License and/or Certification Required:</p> <ul> <li>CISSP, CISA, CRISC, CISM, CGRC, or equivalent. </li></ul> <p>Knowledge, Skills and Abilities:</p> <p>Knowledge:</p> <ul> <li>Information security principles, risk management, and mitigation strategies. </li><li>Regulatory and industry compliance standards (HIPAA, HITECH, SOX, PCI/DSS). </li><li>Governance, risk, and compliance (GRC) frameworks and internal control design. </li><li>Leadership and mentoring skills, with the ability to guide and develop junior staff. </li><li>Information security policies, procedures, and best practices. </li></ul> <p>Skills:</p> <ul> <li>Strong verbal and written communication. </li><li>Analytical thinking and problem-solving. </li><li>Ability to prioritize and manage multiple tasks simultaneously. </li><li>Process improvement, project management, and audit facilitation. </li><li>Customer-focused and collaborative mindset. </li></ul> <p>Abilities:</p> <ul> <li>Work independently and meet deadlines. </li><li>Partner with cross-functional teams to drive compliance initiatives. </li><li>Provide oversight, coaching, and feedback to team members in a supportive and constructive manner. </li></ul> <p>Security Architecture, Risk Management, and Compliance-50%</p> <ul> <li>Partner with internal and external technical teams to design, document, and implement security architecture standards and configurations. </li><li>Ensure alignment and adherence to established security architecture and control frameworks. </li><li>Conduct security and compliance risk assessments across healthcare applications, systems, and business processes to identify gaps. </li><li>Recommend and implement mitigation strategies to address identified risks and vulnerabilities. </li><li>Monitor and evaluate the effectiveness of security controls to ensure ongoing compliance with regulatory and organizational requirements. </li><li>Collaborate with IS, clinical, and business teams to strengthen security controls, risk management practices, and compliance processes. </li><li>Identify and drive opportunities for process improvement, standardization, and automation across security and compliance functions. </li></ul> <p>Policy, Standards, and Governance-15%</p> <ul> <li>Develop, review, and maintain information security and compliance policies, standards, and procedures aligned with healthcare operations. </li><li>Ensure alignment with applicable regulatory and industry standards (e.g., HIPAA, HITECH, SOX, PCI/DSS). </li><li>Provide guidance to leadership and stakeholders on security governance and compliance expectations. </li></ul> <p>Security Awareness, Incident Response, and Business Continuity-15%</p> <ul> <li>Develop and deliver security awareness and training programs tailored to healthcare staff, including data privacy and cybersecurity best practices. </li><li>Provide guidance on the secure handling of sensitive and protected health information. </li><li>Assist in the investigation of security incidents, including documentation, root cause analysis, and corrective action recommendations. </li><li>Participate in cybersecurity preparedness activities, disaster recovery planning, and business continuity exercises. </li></ul> <p>Leadership and Team Development-10%</p> <ul> <li>Provide day-to-day guidance and support to a small number of direct reports, including prioritization of work, coaching, and performance feedback. </li><li>Mentor junior team members and contribute to their professional development in information security and compliance practices. </li><li>Promote knowledge sharing and consistency in security and compliance approaches across the team. </li><li>Support the Director of Information Security in fostering a collaborative, accountable, and high-performing team environment. </li></ul> <p>Audit and Regulatory Support-10%</p> <ul> <li>Serve as a liaison for internal and external audits, ensuring timely and accurate collection of required documentation. </li><li>Support audit activities, including control validation, evidence gathering, and remediation tracking. </li><li>Ensure organizational adherence to regulatory requirements and support responses to compliance inquiries and assessments. </li></ul> <p>Performs Other Duties as Assigned.</p>