Job #: 2405
Title: GRC Director
Functional Title: GRC Director
We are seeking a qualified candidate for the position of Governance, Risk Management, Compliance (GRC) Director for a 6‐month contract with preference of converting to permanent position based on performance.
2. Principal Duties and Responsibilities
Support the Chief Information Security Officer (CISO) in the development and execution of risk analysis and risk mitigation strategies
Develop information security policies, standards and procedures; as directed by the organization’s Information Security Policy Steering Committee and in conjunction with related policies
Conduct and participate in all relevant audits and risk assessment activities. Respond to request from regulating bodies such as NYS, OCR, CMS, DSRIP and Joint Commission.
Track and manage security assessments and audit findings in a GRC tool
Serve as an information security liaison and subject matter expert for users of clinical, financial and administrative systems
Develop effective working relationships with business and clinical leadership to champion information security initiatives and provide strategic influence throughout the region
Develop security awareness and training program
Participate in emergency preparedness and disaster recovery planning exercises
Work with site management and hospital security to coordinate periodic site walkthroughs to ensure compliance with HIPAA and security policies
Keep informed on current threats and industry regulations
Qualifications / Required Skills
Bachelor’s in Information Systems required
CISSP, CISM, CISA, CRISC or other relevant security qualification required
At least 15 years of IT experience with at least 7 years dedicated to IT Security Audit/Assessment, Policy Development, Security Training, or Security Architecture
At least 5 years of people management and team leadership experience
Healthcare industry experience required with good knowledge of HIPAA, Joint Commission, CMS, PCI DSS, and other regulatory legislation pertinent to the healthcare industry
Working knowledge of information security frameworks such as NIST and COBIT, and standards such as ISO 27001/27002
Experience in conducting and responding to information security assessments and audits.
Meaningful Use Risk Analysis experience preferred.
Strong analytical skills and the ability to resolve complex security vulnerabilities and design compensating controls
Excellent written and verbal communication skills; interpersonal and collaborative skills; and the ability to communicate information security and risk related concepts to technical and nontechnical audiences.
Participate in special projects as needed and perform other duties as assigned
Must be able to work independently as well as work as part of a fast‐moving team
Must be able to work at various locations when necessary along with working various shifts