Director of Governance, Risk, and Compliance Jobs in Woodlawn Park OK | IT Security,Healthcare IT,Director & Executive Level Job Recruiters
For Job Seekers Search Jobs Employment Opportunities Benefits Refer a Colleague
Why Queen? Engagement Options Specialties Case Studies
Healthcare Financial Services Pharma/Life Sciences Government Higher Ed
Our Story Diversity & Inclusion Queen Cares Our Team Join Our Team Testimonials

Director of Governance, Risk, and Compliance

Woodlawn Park, OK | Fully Remote

Posted: 09/23/23 Category: Director & Executive Level, Healthcare IT, IT Security Job Number: 22154

Job Description


Position: Director of Governance, Risk, and Compliance
Location: Oklahoma City, OK - Hybrid
Job Type: Direct Hire

Job Description:
General Description:
The Director Governance Risk and Compliance (GRC) is a direct report to the Chief Information Security Officer and a member of the Office of the CISO Leadership Team. Under the direction of the CISO, the Director GRC is responsible for leading a strategic, risk-based program for the Company Information Security Department and will have primary responsibility for defining, creating and managing IT security, privacy and organizational policies, programs and standards; conducting risk assessments, due diligence evaluations and compliance evaluations for internal operations, vendors and third-party service providers; managing HIPAA, PCI, and privacy compliance requirements; issuing reports, developing policies, implementing training and providing guidance in support of IT, Legal, Internal Audit, Procurement eCommerce, Human Resources and other corporate teams,  as well as Hospital Operations.   
 
Essential Responsibilities:
Responsibilities listed in this section are core to the position. Inability to perform these responsibilities with or without an accommodation may result in disqualification from the position.
Working closely with a cross-functional team from, Information Technology, Hospital Operations, Legal, Internal Audit and other key corporate departments and stake holders, key responsibilities will include:
  • Work with the CISO to develop security program maturity metrics and align security initiatives with the maturity roadmap.
  • Establishes, manages, monitors and controls a cybersecurity program in a multi-entity academic healthcare setting.
  • Design, build and operationalize security, privacy and risk assessment and compliance programs, policies and processes to raise the overall security and compliance posture of the organization.
  • Work with Senior IT and Business Management leadership to provide strategic security direction as outlined by the Office of the CISO. Builds relationships to facilitate communication and meet business objectives. 
  • Define and establish Information Security policies and standards in support of NIST, HITRUST CSF, and ISO requirements.
  • Perform security and compliance assessments on new and existing systems, processes, technology.
  • Conduct and oversee vendor and third-party service provider due-diligence and assessments and help lead overall third-party risk management efforts.
  • Work with various business units to ensure controls are adequate, appropriate, and effective.
  • Support internal and external audit process for relevant compliance concerns including HIPAA, SOC-1, SOC-2.
  • Participate in disaster recovery and business continuity planning as necessary.
  • Perform business impact analysis and assist with development of Information Security BCP risk register.
  • Perform periodic gap assessments to validate compliance with programs, processes and standards on an ongoing basis.
  • Conduct the annual Information Security Enterprise Risk Assessment Survey and work with the CISO to deliver the resulting report, heat maps and strategic recommendations.
  • Assist in developing and providing security awareness training as required.
  • Remain current with hospital, credit card, regulatory, and legal requirements relevant to technology, security, compliance, and privacy.
 
Minimum Qualifications:
  • Education:  Bachelor’s degree in related field or equivalent work experience
  • Experience: 10+ years in an Information Security, Risk Management, Audit or Compliance related role or function, preferably in a highly regulated industry or with public audit, regulatory and compliance requirements. Previous management or supervisory experience with proven leadership, coaching and mentoring skills.
Or equivalent combination of education and experience
  • License(s)/Certification(s)/Registration(s) Required: One or more of the following certifications is required: CISA, CISSP, CISA, CRISC, HITRUST CCSFP, CIPP, CIPM, CIPT. PMP or Six Sigma certifications are a plus. Experience as a HITRUST External Assessor or conducting ISO 27001 or SOC-2 assessments is not required but is a plus.
 
Knowledge, Skills and Abilities:  
  • A highly motivated, flexible, hands-on self-starter with strong attention to detail, exceptional organizational skills and the ability to multi-task and prioritize.
  • Strong leadership presence, technical acumen and proven credentials, preferably in previous highly regulated industries. Prior healthcare industry experience also a plus.
  • The ability and willingness to work flexibly, under pressure, and to consistently meet deadlines without prompting.
  • A collaborative, team player with a willingness to build strong partnerships, who can motivate and manage others, and ensure assigned tasks and deliverables are being accomplished, reported and completed.
  • Demonstratable, successful, regular exposure and interactions to and with VP level executives and above within IT, corporate and business units, as well as external clients and stakeholders.
  • Strong technical knowledge in all aspects of various security risk management frameworks, IT general control frameworks and audit methodologies.
  • Strong understanding of fundamental information security concepts and technology.
  • Broad understanding of compliance and assessment methodologies, audit frameworks, regulatory environments, IT General Control requirements and privacy.
  • Comprehensive experience working with risk and compliance frameworks including ISO, NIST, HITRUST CSF, PCI-DSS, UGF, FISMA or similar.
  • Experience operating or advising programs that effectively right size risk management controls across the relevant contexts of a distributed architecture and applications.
  • Experience supporting an organization through HITRUST CSF or ISO 27001 readiness, obtaining and maintaining certification.
  • Experience supporting an organization through a SOC 2 Type 2 audits.
  • Experience developing, writing, responding to and/or working with SOC-1, SOC-2, PCI-DSS, and audit assessment reports.
  • Excellent judgment and decision-making skills.
  • A polished, professional, friendly and approachable demeanor.
  • Strong written, verbal and presentation communication skills.
  • Previous experience implementing an IRM/GRC platform is not required but is a plus.
  • Unquestionable integrity.
  • Must possess the ability and willingness to reach out and work closely with teams from across the organization in order to understand the various operational and control environments currently in place, how to leverage those controls, and how to enhance and/or implement new, customized solutions and processes when improvements are need with minimal disruption to business operations.


#LI-HYBRID

Meet Your Recruiter

Abbey Boardman

Apply Online

Send an email reminder to:

Share This Job:

Related Jobs: