Back to job search

Senior Principal, Cyber Risk and Governance

Bumrungrad Hospital Public Company Limited
Bumrungrad Hospital Public Company Limited (Vadhana)
Bangkok, Thailand 🇹🇭
Bumrungrad Hospital Public Company Limited
Bumrungrad International Hospital stands as arguably the most impressive medical facility in the region. It has 55 specialty centers, an internationally certified lab and pharmacy, clinical research centers, advanced imaging facilities, and a 24-hour emergency care unit. Bumrungrad is home to more than 1300 physicians and surgeons, 300 of whom hold US-board certifications and international fellowships. As part of its ongoing commitment to exceptional care, Bumrungrad receives ongoing independent reviews and distinctions, including its consistent accreditation by the Joint Commission International (JCI) since 2002, the first in Asia. In its state-of-the-art campus in the heart of Bangkok, Bumrungrad Hospital treats over 1.1 million patients every year, with over 520,000 of these patients coming from more than 190 countries worldwide. The hospital specializes in treating complicated conditions, and is internationally recognized as one of the top hospitals in the world. Along with its impressive tertiary and specialty facilities, Bumrungrad International’s Medical Coordination Office is a well-oiled machine that facilitates seamless transitions from the first inquiry all the way through after-care. This exclusive and comprehensive support is offered free of charge to patients, and it includes everything from language and cultural support to travel and accommodation services.

Detail posisi

The Senior Principal, Cyber Risk and Governance is responsible for developing and managing the cybersecurity risk management framework in alignment with the hospital's enterprise risk management framework, ensuring compliance with healthcare regulations, and collaborating with various teams to enhance cybersecurity resilience.

Kewajiban

• Develop cybersecurity risk management framework aligning to IT and hospital’s enterprise risk management (ERM) framework, ensuring alignment
• Identify, assess, and prioritize risks related to hospital operations, IT systems, and patient data.
• Assess risks related to the hospital’s IT systems, including electronic health records (EHR).
• Prepare regular risk management reports for senior IT leadership and Hospital Operational Risk Management
• Monitor emerging risks in the healthcare and cybersecurity landscape.
• Collaborate with the Cybersecurity team to identify threats and ensure resilience.
• Ensure compliance with healthcare regulations (e.g., HIPAA, PDPA) and hospital accreditation standards JCI and others.

Kualifikasi

• Bachelor’s degree, Cybersecurity, computer science, IT management or any related
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Security Auditor (CISA)
• Minimum 8 years of experience in cyber risk management or a similar role.
• Proven experience in security domains and frameworks including applicability to key regulations or industry standards (NIST, ISO, HITRUST, HIPAA, PCI, etc).
• Familiarity with capabilities across Cyber Risk Management and governance, risk, and compliance (GRC) Solutions.
• Prior experience in the Healthcare, Insurance or Retail Industries