American Heart Association (AHA)

Business Technology Risk Manager

American Heart Association (AHA)

Job Description

This job opportunity is located in Dallas, Texas Overview

Are you ready to join an organization where you can be a relentless force for a world of longer, healthier lives?

Envision all Americans enjoying ideal cardiovascular health free of heart disease and stroke. At the American Heart Association and American Stroke Association, we get to work toward that goal every single day. Is it easy? No. Is it worthwhile? you bet! This is satisfying work that makes a real difference in people's lives. You can achieve professional growth with personal fulfillment. You will connect with people and make a lifesaving impact. You will partner with individuals, schools, lawmakers, healthcare providers and others to ensure everyone has access to healthier lifestyle choices and proper healthcare.


The American Heart Association (AHA) has an excellent opportunity for a Business Technology Risk Manager in our National Center office located in Dallas, Texas .

In this role, you will be responsible for identifying, analyzing, and managing technology risk across the department and the AHA organization. Additional responsibilities include conducting Security assessments, maturity measurements, and threat modeling exercises and partnering with AHA staff, vendors, and service providers to protect the confidentiality, integrity, and availability of AHA's data as well as resolving security threats and vulnerabilities. The Risk Manager is responsible for contributing to the overall cybersecurity and risk management plan.

*Due to the current pandemic, all staff are currently working from home. In the future, this position will resume being based in the local office.* Essential Job Duties:

  • Serve as point of contact to lead and coordinate technical incident response. Review and analyze statistics of network events and system performance to locate and recommend remediation. Lead response planning for discovered vulnerabilities.
  • Enhance Service Provider Security Assessment process by collaborating with business and technology stakeholders. Analyze and maintain security scorecards and metrics from vendors, corporate functions, and regional offices.
  • Lead and oversee the annual PCI Data Security Certification process across the organization and in regions. Oversee the Vulnerability Management Program, including coordinating across BT Team, processing vulnerability scans, and reporting to BT leadership.
  • Collaborate with team in developing and implementing strategic initiatives for the Cyber Risk Management Program (CRMP.
  • Prepare and ensure proper documentation of technology assessment results. Monitor remediation. Deliver all documentation developed during task execution, with status of all work in progress. Prepare and distribute weekly and monthly status reports such as technical task reports and threat management reports.
  • Weigh business needs against security concerns. Articulate issues and provide proposals or recommendations to management.
  • Assist project teams in the implementation of security measures to meet corporate Security Policies, manage risk, and meet external regulations, including various data security standards.
  • Lead Business Technology Disaster Recovery process. Participate in security awareness program.
Want to help get your resume to the top? Take a look at the experience we require:


  • Bachelor's or higher degree in one of the following areas: Computer Sciences, Computer Engineering, Information Assurance and/or Information Security.
  • Minimum of seven (7) years of experience applying information security controls, methods, processes, and risk management best practices in a Global-International forum. Experience should include CyberRisk framework, PCI DSS, or International Information Security Frameworksfive.
  • Minimum of five (5) years of experience in Vulnerability Management programs, including the assessment and reporting process, as well as lead remediation efforts across the technical teams and service providers.
  • Recent experience implementing PCI DSS framework. Experience with Security Controls frameworks (e.g., ISO 27001, NIST, PCI DSS, RMF, etc.
  • Ability lead PCI Certification process, lead implementation of new controls, and report status to business technology management
  • Ability to work effectively in an environment characterized by concurrent and competing deadlines for multiple projects and with conflicting priorities.
  • Ability to communicate and develop relationships through interpersonal skills (including strong documentation skills)
  • Ability to effectively communicate security-related concepts to a broad range of technical and non-technical staff; across IT and business
  • Comprehensive information security technical knowledge to assess the following processes: Threat Management Systems, Intrusion Detection System/ Intrusion Prevention System (IDS/IPS), DLP, SIEM, among others
  • Certification in CISSP, CISM, or CISA.
Here are some of the preferred skills/experience we are looking for:

  • Ability to work as a team member as well as independently
  • Information Security Certifications such as CEH, PCI, GIAC, ABCP, etc.
So, are you ready to work for the largest voluntary health organization dedicated to fighting heart disease, stroke and other cardiovascular diseases? Compensation & Benefits


Pay is commensurate with experience; geographic differentials may apply.

Benefit Plans:

Our Rewards & Benefits package not only gives you the total benefits you want, but also goes above and beyond with innovative programs to develop your skills – helping you grow and thrive at the American Heart Association. To learn more about our benefit offerings please visit: At American Heart Association | American Stroke Association, diversity, inclusion, and equal opportunity applies to both our workforce and the communities we serve as it relates to heart health and stroke prevention.

  EOE/Protected Veterans/Persons with Disabilities Location US-TX-Dallas Posted Date 13 hours ago (7/21/2021 5:22 PM) Requisition ID 2021-6926 Job Family Group Business Operations Job Category Information Technology Location: Dallas, TX American Health Associasion (AHA) does not indicate an expiration date for vacancies. Please apply timely not to miss an opportunity.

Apply Now