Cybersecurity Manager of Risk

Your future role at a glance

Location: Remote

Department: Security

Schedule: Full-Time, Days

Salary range: $129,942.00 - $183,447.00 per year

Life at Ascension: Where purpose meets opportunity

Ascension is a leading nonprofit Catholic health system with a culture and associate experience grounded in service, growth, care and connection. We empower our 99,000+ associates to bring their skills and expertise every day to reimagining healthcare, together. Recognized as one of the Best 150+ Places to Work in Healthcare and a Military-Friendly Gold Employer, you’ll find an inclusive and supportive environment where your contributions truly matter.

Benefits that help you thrive

• Comprehensive health coverage: medical, dental, vision, prescription coverage and HSA/FSA options
• Financial security & retirement: employer-matched 403(b), planning and hardship resources, disability and life insurance
• Time to recharge: pro-rated paid time off (PTO) and holidays
• Career growth: Ascension-paid tuition (Vocare), reimbursement, ongoing professional development and online learning
• Emotional well-being: Employee Assistance Program, counseling and peer support, spiritual care and stress management resources
• Family support: parental leave, adoption assistance and family benefits
• Other benefits: optional legal and pet insurance, transportation savings and more

Benefit options and eligibility vary by position, scheduled hours and location. Benefits are subject to change at any time. Your recruiter will provide the most up-to-date details during the hiring process.

How you’ll make an impact in this Cybersecurity Manager of Risk role

• Compliance: Ensure that risk management activities support and align with healthcare regulatory and compliance requirements.
• Control Evaluation: Evaluate the effectiveness and maturity of cybersecurity controls against recognized frameworks (e.g., NIST CSF, ISO 27001, CIS Controls) and internal policies.
• Remediation Tracking: Manage the risk register, track identified risks and corresponding remediation plans, and ensure timely closure of findings.
• Reporting: Prepare and present detailed risk reports, dashboards, and metrics to IT leadership and executive management, clearly communicating the organization's current risk exposure and trends.

Education

What minimum requirements you’ll need

• High School diploma equivalency with 3 years of cumulative experience OR Associate's degree/Bachelor's degree with 2 years of cumulative experience OR 7 years of applicable cumulative job specific experience required.
• 3 years of leadership or management experience preferred.

What Additional Preferences We're Seeking

• Regulated Industry Expertise: Minimum of 8–10 years in Cybersecurity Risk Management or Governance, with a mandatory focus on the healthcare sector (Hospitals, IDNs, or Payers) and deep proficiency in NIST CSF and NIST 800-30 frameworks.
• Strategic Executive Communication: Proven ability to translate complex technical risks into actionable insights for non-technical stakeholders, supported by a Bachelor’s degree in Cybersecurity, Risk Management, or Computer Science.
• Domestic Remote Operational Excellence: Must be based in the United States and available for consistent, high-fidelity collaboration during standard hours (8 am – 5 pm CST), with the flexibility to support extended-hour escalations as needed.

Key skills/competency

• Cybersecurity Risk Management
• Healthcare Regulatory Compliance
• NIST CSF
• ISO 27001
• CIS Controls
• Risk Register Management
• Remediation Planning
• Executive Reporting
• Strategic Communication
• Leadership