Sr. Security Risk Management Consultant

Conexess Group, LLC

Livonia, MI

JOB DETAILS
SKILLS
Artificial Intelligence (AI), Automation, Best Practices, Budgeting, Business Development, Business Processes, CISA - Certified Information Systems Auditor, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Change Control, Clinical Information Systems, Cloud Computing, Coaching, Communication Skills, Communications Protocols, Computer Security, Continuous Improvement, Contract Negotiation, Contract Requirements, Corrective Action, Cost Analysis, Cross-Functional, Data Analysis, Data Visualization Tools, Decision Support, Due Diligence, Enterprise Protection, Establish Priorities, Executive Relationships, FISMA - Federal Information Security Management Act, Federal Information Processing Standards (FIPS), Federal Laws and Regulations, HIPAA (Health Insurance Portability and Accountability Act), Healthcare, Hospital, ISO (International Organization for Standardization), ITIL (IT Infrastructure Library), Identity Data Management, Improvement Metrics, Incident Response, Information Technology & Information Systems, Information/Data Security (InfoSec), Internet Security, Leadership, Legal, Machine Tool, Management Consulting, Management Strategy, Material Audit, Mentoring, Metrics, Monitor Regulations, Multitasking, Negotiation Skills, Network Security, Operational Strategy, Organizational Skills, People Management, Performance Metrics, Policy Development, Power BI, Predictive Modeling, Presentation/Verbal Skills, Problem Solving Skills, Process Improvement, Project Management Professional (PMP), Project Planning, Project/Program Management, Psychology, Regulations, Regulatory Compliance, Regulatory Requirements, Relationship Management, Reporting Dashboards, Reporting Skills, Risk, Risk Analysis, Risk Management, Risk Modeling, Sales Management, Security Consulting, Security Monitoring, Security Policy, Service Delivery, ServiceNow, Set Goals, Six Sigma, Standards Development, State Laws and Regulations, Strategic Planning, Tableau, Team Lead/Manager, Team Player, Time Management, U.S. National Institute of Standards and Technology (NIST), Vendor/Supplier Evaluation, Writing Skills
LOCATION
Livonia, MI
POSTED
1 day ago
Purpose
The Senior Security Risk Management Consultant serves as a strategic advisor, liaison, and subject matter expert, driving enterprise-wide security risk management strategies that support our mission and operational excellence. This role partners with senior leadership, security, IT, and business stakeholders to identify, assess, and mitigate cybersecurity risks while ensuring alignment with organizational priorities and regulatory requirements. Responsibilities include leading complex risk assessments, guiding risk treatment strategies, influencing enterprise decision-making, and strengthening overall risk posture through governance, metrics, and continuous improvement.
Program and Regulatory Compliance
  • Supports the development and execution of our Information Security Third Party Risk and Integrated Risk Management Program, contributing to definition of team goals, scope of work, and deliverables aligned to Enterprise Information Security (EIS) priorities.
  • Serves as a trusted advisor and liaison to stakeholders, ensuring initiatives align with organizational mission, values, operational goals, and applicable regulatory, legal, and contractual requirements.
  • Leads and coordinates team participation in regulatory audits and investigations, including the preparation, validation, and delivery of required evidence, while supporting overall audit readiness and response efforts.
People Leadership (Mentorship/Advisory)
  • Contributes to a high-performing team of security risk professionals by providing guidance and support in third-party and integrated risk management, risk-based prioritization, and enterprise risk remediation coordination.
  • Serves as a mentor and trusted resource to team members, offering subject matter expertise and helping to drive consistency, accountability, and quality in work delivery.
  • Supports the development and refinement of team practices, including role clarity, competencies, and growth pathways aligned to organizational expectations.
  • Provides ongoing coaching, knowledge sharing, and development support to colleagues, fostering professional growth and preparing team members for expanded responsibilities.
  • Promotes a collaborative and inclusive team environment, encouraging open communication, psychological safety, and data-informed decision-making.
  • Demonstrates authentic and professional influence, building trust through clear communication, partnership, and effective engagement with peers, leadership, and stakeholders.
Information Security Governance,Risk & Compliance (GRC)
  • Supports and contributes to third-party and integrated risk management activities within our GRC platforms, identifying opportunities for process improvement and adapting to evolving control frameworks and risk requirements.
  • Performs and reviews vendor tiering and risk assessments, partnering with team members and providing guidance on complex or higher-risk cases as needed.
  • Contributes to the execution and ongoing refinement of the third-party cyber risk lifecycle, including intake, due diligence, control assessment, remediation tracking, and ongoing monitoring.
  • Evaluates vendor security controls across multiple domains (e.g., identity and access management, network and cloud security, data protection, incident response, and business continuity), applying risk-based judgment.
  • Reviews and provides input on security-related contractual requirements, supporting alignment with organizational standards and regulatory expectations.
  • Participates in coordination of offshore security risk compliance activities, helping to ensure consistency, quality, and timeliness of deliverables.
  • Translates technical findings into clear business risk insights to support decision-making by stakeholders and business partners.
  • Prepares and supports materials for audits, regulatory inquiries, and internal governance reviews.
  • Documents and tracks risks, supports remediation efforts, and facilitates security policy exception (risk acceptance) processes in alignment with established standards.
  • Identifies security risks and manages issues by working with stakeholders to develop corrective action plans, including cost and timeline analysis, and partners with leadership to present temporary risk acceptance plans in accordance with organizational security policies, procedures, and standards. Provides guidance on governance processes and collaborates with stakeholders to embed security and compliance into operational and strategic initiatives.
  • Maintains active involvement in day-to-day assessments to ensure quality, consistency, and timely delivery.
  • Escalates risks and concerns through appropriate channels to support effective resolution and visibility.
Metrics and Reporting
  • Partners with Strategy and Planning and Enterprise Information Security leadership to develop and report on key risk indicators (KRIs) and key performance indicators (KPIs), delivering clear, actionable insights that support informed decision-making and effective governance.
  • Design, develop, and monitor robust data analysis and reporting systems, along with communication tools, to ensure accurate and timely insights.
Information Security Risk Management (Advisory & Enablement)
  • Coordinates and supports assignment of assessment work, partnering with team members and stakeholders to ensure alignment with established standards and effective intake processes.
  • Reviews and provides guidance on risk assessments to promote consistency, quality, and alignment with our information security requirements.
  • Contributes to workload balancing through collaboration and knowledge sharing, supporting team readiness and capability to deliver departmental services effectively.
Executive & Stakeholder Engagement
  • Cultivates and maintains effective relationships with executives and key stakeholders through clear, authentic, and risk-informed communication; supports alignment, enables informed decision-making, and promotes shared accountability for managing security risk.
Enterprise Risk Communication & Decision Support
  • Synthesizes and communicates enterprise security risk insights to executives and stakeholders in a clear, actionable manner, operating within established leadership direction and communication protocols; translates complex risk data into meaningful narratives that support informed decision-making, drive prioritization, and strengthen governance in alignment with organizational objectives.
Information Security Leadership Support
  • Serves as a representative of the Manager and/or Director as directed. Supports Information Security leadership by providing risk-informed insights, actionable recommendations, and clear communication to enable strategic decision-making, program prioritization, and alignment with organizational objectives.
Security Leadership & Coordination
  • Partners with Enterprise Information Security leadership to support aligned execution of security and risk management activities, including policy and standards development, control assessments, and risk management education; promotes collaboration, consistency, and integration of security practices across the organization.
Regulatory & Standards Monitoring
  • Maintains a working knowledge of applicable Federal, State, and local laws and regulations, our Integrity and Compliance Program and Code of Conduct, and relevant policies and procedures, while staying current with industry developments and regulatory changes to ensure updates are reflected and adherence is upheld with honest, ethical, and professional behavior.
Project Management
  • Leads and supports security risk initiatives and annual program activities, ensuring successful delivery aligned with organizational standards and risk management objectives.
  • Provides guidance and mentorship to team members managing projects, promoting consistency, accountability, and high-quality outcomes without direct supervisory responsibility.
  • Partners with stakeholders and leadership to align priorities, communicate status, and support achievement of strategic outcomes.
  • Proactively identifies risks and supports mitigation efforts to keep initiatives on track and aligned with organizational expectations.
Relationship Management
  • Builds and maintains effective relationships to support stakeholder engagement throughout the project, program, or initiative lifecycle.
  • Partners with stakeholders to support development and alignment of business process workflows, as well as training and communication plans.
  • Provides guidance, tools, and resources to help stakeholders address challenges, mitigate risks, and sustain engagement, promoting risk-aware decision-making and adoption of information security best practices across the organization.
Minimum Qualifications
  • Bachelor's degree or an equivalent combination of education and experience.
  • One or more security certifications: Certified Information Systems Security Professional (CISSP), International Social Security Association (ISSA), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC) Certified in Governance, Risk and Compliance (GRCP) or equivalent.
  • Minimum of seven (7) years of progressive experience in information services including three (3) years working in cybersecurity governance, risk, and compliance (GRC).
  • Minimum of three (3) years of progressively responsible experience in healthcare and/or other regulated industries.
  • Strong knowledge of the HIPAA Security Rule and applicable industry security regulations, with the ability to rapidly build and sustain expertise; working understanding of broader HIPAA requirements, including Privacy and Breach Notification Rules.
  • Proven knowledge of enterprise security principles and practices, with hands-on experience or demonstrated capability in implementing, integrating, and managing security solutions across enterprise environments.
  • Working knowledge of one or more information security regulations and/or frameworks - HIPAA, ISO 27001/2, FISMA, FIPS, HITRUST and NIST security.
  • Experience with GRC platforms (e.g., ServiceNow GRC, RSA Archer, OneTrust, or similar) supporting risk and compliance programs. Demonstrated ability to leverage tooling to improve process efficiency, enable reporting, and support scalable risk management practices.
  • Ability to serve as a leadership representative of the Manager and/or Director, interfacing with a variety of Health Ministry and System Office Executive leaders, team members and end users, exercising effective facilitation skills, judgment, and decision-making in providing problem resolution and in meeting established goals and expectations. Ability to shape results, garner support and successfully manage complex relationships.
  • Actively building skills in courageous, authentic leadership through clear, human-centered communication with senior leaders and stakeholders; builds trust through empathy and vulnerability while skillfully navigating complex conversations, influencing decisions, and delivering compelling, accessible messages in both formal and informal settings.
  • Excellent oral and written communication skills. Facilitates meetings between diverse groups and interests and prepare communications that includes independent advisory recommendations. Ability to communicate with non-technical leaders and business owners providing a clear understanding of appropriate technology solutions to support and enhance business needs.
  • Proficiency in performing third-party risk assessments and negotiating contractual security language
  • Proficiency in performing third-party risk assessments and negotiating contractual security language
  • Proven ability to apply appropriate project management methodology. Excellent project leadership, organization, integration, and execution skills required.
  • Knowledge of and experience with change control, risk management, project planning, relationship management, budgeting, and scheduling.
  • Ability to operate in an ambiguous and highly matrix organizational structure. Ability to manage multiple and ever-changing priorities in a highly autonomous self-directed manner.
  • Some knowledge of and experience with clinical application systems (i.e., hospital work environment, technical terminology, etc.).
  • Considerable knowledge of multiple technologies and experience with enterprise-wide applications and systems in an integrated work environment.
  • Proven ability to operate with speed and focus, driving measurable value through high-quality delivery of time-sensitive initiatives.
  • Must demonstrate a strong commitment to continuous personal and professional growth, maintain a proactive mindset, and consistently go above and beyond to deliver exceptional value with acceptable security controls.
  • Ability to work independently, manage multiple priorities, and effectively adapt to rapidly changing technology and business needs with demonstrated ability to prioritize projects and workload.
Preferred Qualifications
  • Master's degree from an accredited college/university
  • One or more enterprise technology vendor certifications (e.g. PMP, Six Sigma, ITIL)
  • Experience with risk quantification models (e.g. FAIR) or building custom risk scoring approaches.
  • Familiarity with data visualization tools (e.g., Tableau, Power BI) for building risk dashboards
  • Experience working cross-functionally to evaluate security controls and business processes, translating findings into meaningful risk insights
  • Experience in managing risk in a healthcare environment
  • Experience with Artificial Intelligence (AI) as a strategic tool to enhance efficiency in day-to-day business processes and strengthen risk assessment capabilities through automation, predictive analytics, and intelligent decision support.
  • Demonstrated proficiency in executive-level communication and presence, including emotional intelligence, negotiation skills, and the ability to deliver compelling presentations to senior leadership and stakeholders.
#LI-ME1

About the Company

C

Conexess Group, LLC