Director, Governance Risk & Compliance

Job Description:

Responsible for the day-to-day operation and reporting obligations of the Information Security Management Program, the management of its employees, and strategic alignment of the program.

• Development, implementation and maintenance of information privacy and security practices and procedures.
• Ensure alignment of privacy & security policies, procedures and practices.
• Perform ongoing compliance monitoring activities; establish and maintain a mechanism to track access to protected health information.
• Oversee, direct, and deliver information privacy and security training and awareness programs to educate the workforces.
• Coordinate and supervise privacy and security incident investigations.
• Coordinate information risk assessments to ensure protected health information is adequately protected.
• Establish, implement, and lead incident response team to contain, investigate and prevent breaches of protected health information.
• Work collaboratively with research and development to ensure privacy by design and satisfaction of client regulatory obligations in product features.
• Work with personnel involved in all aspects of releasing protected health information to ensure full coordination and coordination with privacy and security practices and procedures.  
• Maintain appropriate confidentiality consent, authorization forms, information notices, and materials reflecting current organization and regulatory practices and requirements.
• Maintain current knowledge of applicable federal and state privacy and security laws and accreditation standards. Monitor advancements in information privacy technologies to ensure organizational adaptation and compliance.

Education Required:

• Bachelor’s degree in Computer Science, Programming, Engineering, or similar field.
• Or, any combination of education and experience which would provide the required qualifications for the position.

Experience Required:

• 5+ years’ experience in IT, audit, compliance or education program that covers audit, compliance, cybersecurity, healthcare 
• Experience with one or more of the following frameworks: COSO, NIST Cybersecurity Framework, RMF, ISO, COBIT
• Experience working in an environment with one or more of the following: Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act (SOX), Security Operation Center (SOC), Payment Card Industry (PCI), GRC, Health.

Knowledge, Skills & Abilities:

• Knowledge of: Security vulnerability tools; architecture security planning; cloud architecture, security tools, reporting, audit and compliance, and frameworks; crisis operations, risk management, and crisis communication; audit and compliance procedures and best practices; framework adoption; access control systems and physical security systems/components; Microsoft Office Suite.
• Skill in: Working as member of a team; communicating effectively; establishing and maintaining effective working relationships.
• Ability to: Design secure networks, systems, and application architectures; work in a fast-paced environment; stay organized, prioritize workload, multi-task, and meet deadlines. Mentor and train colleagues on security protocols to raise awareness of security hygiene to lower threat risk.

The company has reviewed this job description to ensure that essential functions and basic duties have been included. It is intended to provide guidelines for job expectations and the employee's ability to perform the position described. It is not intended to be construed as an exhaustive list of all functions, responsibilities, skills and abilities. Additional functions and requirements may be assigned by supervisors as deemed appropriate. This document does not represent a contract of employment, and the company reserves the right to change this job description and/or assign tasks for the employee to perform, as the company may deem appropriate.

NextGen Healthcare is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.