• Information Security Program Manager - GRC

    Job ID
    Regular Full-Time
    Seattle Cancer Care Alliance
    Information Technology
  • Overview

    The Seattle Cancer Care Alliance (SCCA), located in Seattle, Washington, is part of a dynamic collaboration among three organizations known nationally and internationally for their patient care and research: Fred Hutchinson Cancer Research Center, University of Washington, and Seattle Children's. Over the past 25 years, these institutions have worked together to support their mission of adult and pediatric oncology patient care services, research and education.

    The Information Security Program Manager, GRC will be responsible for developing, managing and executing the organization’s information security governance, risk, and compliance programs. The program manager will evaluate, assess, and monitor the organization's compliance with applicable information security standards and frameworks, industry best-practices and guidelines, and applicable laws and regulations. The program manager will work closely with the Chief Information Security Officer to help coordinate and maintain SCCA’s Information Security Program and assist staff in implementing security policy objectives that align with business objectives.


    • Lead the effort of building the Information Security Management System (ISMS) by interpreting and implementing security frameworks, regulatory requirements, and compliance audits.
    • Develop and maintain a consistent, repeatable process for identifying risks, qualitatively and quantitatively assessing risks, determining risk treatment, and managing associated findings and remediation plans.
    • Implement and maintain IT security controls, including IT security policy changes required by technical, business, or compliance changes; review and develop policies, procedures, and standards, and track exceptions when identified
    • Facilitate periodic security compliance reviews and audits of on-premises and hosted environments, including AWS and Azure.
    • Maintain compliance documentation, including managing and tracking policy exceptions.
    • Maintain and improve information security awareness training.
    • Assist in the assessment and review of new and existing technology infrastructure to ensure adequate levels of control are in place to address identified risks and develop risk mitigation techniques and processes when necessary.
    • Create and maintain a robust vendor risk management program.
    • Assist in the development and ongoing oversight of a robust vulnerability management program.
    • Develop, implement, and maintain IT compliance controls, including the review of existing controls for regulatory updates and perform necessary gap analysis.
    • Design and execute compliance tests for IT systems and coordinates required remediation and corrective action plans.
    • Conduct risk assessments on business and IT operational processes, procedures, and policies; interpret audit results and make conclusions on the adequacy and reliability of controls; prepare and present reports, as necessary.
    • Stay informed about current security and privacy laws and provide guidance to the team when evaluating new projects; and perform other duties as assigned.


    • Bachelor’s degree or equivalent work experience in a technical discipline related to Information Technology
    • Minimum of 6+ years of progressive experience in audit and compliance, including 4 years in information technology shared services.
    • Minimum of 3 years of experience in healthcare highly desired.
    • Strong working knowledge of common IT security regulations and/or standards, such as NIST 800-53/Cybersecurity Framework, ISO 27001/2, HIPAA, HITRUST, CIS Benchmarks, PCI DSS, and Joint Commission requirements.
    • Industry recognized certifications in IT Security including one of the following is preferred: CISM, CISSP, CCSP, CISA, CRISC, and/or GIAC.
    • Strong understanding of IT governance controls, maturity models, key performance indicators, and GRC tools.
    • Must understand current security threats and demonstrate a strong willingness to stay at the forefront of security developments.
    • Strong analytical and decision-making skills, including the ability to prioritize and work on multiple projects under time constraints.
    • Ability to work independently as well as in a team environment, including multi-level staff and external partners.
    • Excellent interpersonal and communication skills (written and verbal).
    • Experience with cloud and mobile security is preferred

    Our Commitment to Diversity

    We are committed to cultivating a workplace in which diverse perspectives and experiences are welcomed and respected. We are proud to be an Equal Opportunity and VEVRAA Employer. We do not discriminate on the basis of race, color, religion, creed, ancestry, national origin, sex, age, disability, marital or veteran status, sexual orientation, gender identity, political ideology, or membership in any other legally protected class. We are an Affirmative Action employer. We encourage individuals with diverse backgrounds to apply and desire priority referrals of protected veterans. If due to a disability you need assistance/and or a reasonable accommodation during the application or recruiting process, please send a request to our Employee Services Center at escmail@fredhutch.org or by calling 206-667-4700.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed