Manager Information Security Architecture & Compliance - Full Time

Manager Information Security Architecture & Compliance - Full Time Hartford, CT Job Details Full-time 1 day ago Qualifications Certified Information Systems Auditor Computer science Internal controls Computer Science PCI Achieving HIPAA compliance Automation Process optimization CISSP Compliance audits & assessments HIPAA Process improvement SOX Security assessment High school diploma or

GED CISM

Team development Training employees on security practices Supervising experience Policy & process development Information Security Bachelor's degree IT experience within healthcare IT security architecture Team management System risk assessment (security system operation) Task prioritization Staff training Security policy implementation Mentoring Incident Investigation Organizational skills Business continuity planning Root cause analysis Epic Senior level Cross-functional collaboration Bachelor's degree in computer science Hospital regulatory compliance Leadership 2 years Information security auditing Communication skills CRISC Cross-functional communication Staff development IT security monitoring IT disaster recovery planning Full Job Description Connecticut Children's is the only health system in Connecticut that is 100% dedicated to children. Established on a legacy that spans more than 100 years, Connecticut Children's offers personalized medical care in more than 30 pediatric specialties across Connecticut and in two other states. Our transformational growth establishes us as a destination for specialized medicine and enables us to reach more children in locations that are closer to home. Our breakthrough research, superior education and training, innovative community partnerships, and commitment to diversity, equity and inclusion provide a welcoming and inspiring environment for our patients, families and team members. At Connecticut Children's, treating children isn't just our job - it's our passion. As a leading children's health system experiencing steady growth, we're excited to expand our team with exceptional team members who share our vision of transforming children's health and well-being as one team. The Manager of IS Architecture & Compliance supports the organization's information security and compliance initiatives, ensuring adherence to internal security policies, regulatory requirements, and architectural security standards. This role partners with cross-functional teams to assess risks, implement controls, and strengthen processes across Information Technology and business functions. This role also partners with technical teams to design, document and ensure implementation compliance for new and updated Information Technology architectures. The role also develops security awareness programs, participates in disaster recovery and business continuity exercises, and assists with investigations of security incidents. Security Architecture, Risk Management, and Compliance-50% Partner with internal and external technical teams to design, document, and implement security architecture standards and configurations. Ensure alignment and adherence to established security architecture and control frameworks. Conduct security and compliance risk assessments across healthcare applications, systems, and business processes to identify gaps. Recommend and implement mitigation strategies to address identified risks and vulnerabilities. Monitor and evaluate the effectiveness of security controls to ensure ongoing compliance with regulatory and organizational requirements. Collaborate with IS, clinical, and business teams to strengthen security controls, risk management practices, and compliance processes. Identify and drive opportunities for process improvement, standardization, and automation across security and compliance functions. Policy, Standards, and Governance-15% Develop, review, and maintain information security and compliance policies, standards, and procedures aligned with healthcare operations. Ensure alignment with applicable regulatory and industry standards (e.g., HIPAA, HITECH, SOX, PCI/DSS). Provide guidance to leadership and stakeholders on security governance and compliance expectations. Security Awareness, Incident Response, and Business Continuity-15% Develop and deliver security awareness and training programs tailored to healthcare staff, including data privacy and cybersecurity best practices. Provide guidance on the secure handling of sensitive and protected health information. Assist in the investigation of security incidents, including documentation, root cause analysis, and corrective action recommendations. Participate in cybersecurity preparedness activities, disaster recovery planning, and business continuity exercises. Leadership and Team Development-10% Provide day-to-day guidance and support to a small number of direct reports, including prioritization of work, coaching, and performance feedback. Mentor junior team members and contribute to their professional development in information security and compliance practices. Promote knowledge sharing and consistency in security and compliance approaches across the team. Support the Director of Information Security in fostering a collaborative, accountable, and high-performing team environment. Audit and Regulatory Support-10% Serve as a liaison for internal and external audits, ensuring timely and accurate collection of required documentation. Support audit activities, including control validation, evidence gathering, and remediation tracking. Ensure organizational adherence to regulatory requirements and support responses to compliance inquiries and assessments. Performs Other Duties as Assigned. Education and/or

Experience Required:

Education:

High School Diploma, GED or equivalent.

Experience:

3-5 years of Information security or compliance related activities. 2 years' supervisory or management experience. Education and/or

Experience Preferred:

Education:

Bachelor's degree in Computer Science, Information Security, or a related field.

Experience:

Experience with Epic system. Experience in a healthcare organization. License and/or

Certification Required:

CISSP, CISA, CRISC, CISM, CGRC, or equivalent.

Knowledge, Skills and Abilities:

Knowledge:

Information security principles, risk management, and mitigation strategies. Regulatory and industry compliance standards (HIPAA, HITECH, SOX, PCI/DSS). Governance, risk, and compliance (GRC) frameworks and internal control design. Leadership and mentoring skills, with the ability to guide and develop junior staff. Information security policies, procedures, and best practices.

Skills:

Strong verbal and written communication. Analytical thinking and problem-solving. Ability to prioritize and manage multiple tasks simultaneously. Process improvement, project management, and audit facilitation. Customer-focused and collaborative mindset.

Abilities:

Work independently and meet deadlines. Partner with cross-functional teams to drive compliance initiatives. Provide oversight, coaching, and feedback to team members in a supportive and constructive manner.