Director, IT Compliance

Position Summary:

The Director, IT Compliance will play a critical role in maintaining the integrity, confidentiality, and availability of an organization's IT systems, processes, and data while ensuring compliance with applicable laws and regulations. Reporting to the Chief Information Security Officer, the Director will be responsible for regulatory compliance, policy development, risk management, audits and assessments, training and awareness, and incident response. 

Essential Functions and Job Responsibilities:

• Develop and implement strategies to ensure IT systems align with regulatory requirements, industry standards, and best practices. Provide strategic direction to the IT compliance team to achieve organizational objectives effectively.
• Oversee compliance with relevant regulations such as GDPR, SOX, HIPAA, PCI-DSS, and other industry-specific standards. Stay abreast of regulatory changes and assess their impact on IT operations, initiating necessary adjustments to maintain compliance.
• Collaborate with finance and accounting teams to ensure that IT systems and processes support accurate and timely reporting of financial information to the Securities and Exchange Commission (SEC) and other regulatory bodies.
• Develop, review, and enforce IT policies, procedures, and standards to mitigate risks and ensure compliance with regulatory requirements. Collaborate with legal and other departments to ensure alignment with corporate governance objectives.
• Conduct risk assessments to identify potential vulnerabilities and gaps in IT compliance. Develop and implement mitigation strategies to address identified risks and ensure the integrity and security of IT systems and data.
• Manage internal and external audits related to IT compliance. Coordinate audit activities, provide necessary documentation, and oversee remediation efforts to address audit findings promptly and effectively.
• Develop and deliver training programs to increase awareness of IT compliance requirements across the organization. Foster a culture of compliance by educating employees on their roles and responsibilities in maintaining IT security and regulatory adherence.
• Evaluate and monitor the compliance of vendors and third-party service providers with contractual and regulatory requirements. Establish processes for vendor risk management and ensure compliance throughout the vendor lifecycle.
• Develop and implement incident response procedures to address IT compliance breaches promptly. Lead investigations into compliance incidents, identify root causes, and implement corrective actions to prevent recurrence.
• Evaluate new technologies and IT systems to ensure compliance with regulatory requirements and organizational policies. Collaborate with IT teams to integrate compliance considerations into the technology selection and implementation process.
• Prepare regular reports and presentations for executive management and board of directors on IT compliance activities, status, and issues. Communicate effectively with stakeholders to foster transparency and support decision-making processes.
• Maintain patient confidentiality and function within the guidelines of HIPAA.
• Completes assigned compliance training and other educational programs as required.
• Maintains compliant with AdaptHealth’s Compliance Program.
• Performs other related duties as assigned.

Management / Supervision:

• Responsible for selection and hiring of qualified staff, ensuring an effective on-boarding, and providing comprehensive training and regular feedback. 
• Accomplishes staff results by communicating job expectations; planning, monitoring, and appraising job results; coaching, counseling, and disciplining employees; developing, coordinating, and enforcing systems, policies, procedures, and productivity standards. 
• Establishes annual goals and objectives for the department based on the organization’s strategic goals. 
• Responsible for achieving organizational performance and retention goals, including timely completion of performance evaluations. 

Competency, Skills, and Abilities:

• Deep understanding of regulatory requirements and standards such as GDPR, SOX, HIPAA, PCI-DSS, etc.
• Strong leadership skills with the ability to drive cross-functional teams and influence stakeholders at all levels of the organization.
• Excellent communication and presentation skills, with the ability to translate complex technical concepts into clear and actionable recommendations.
• Strategic thinking and problem-solving abilities, with a focus on continuous improvement and innovation.
• Experience with IT audit processes, risk management frameworks, and incident response procedures.
• Demonstrated critical thinking and knowledge of data analysis tools and techniques and decision-making abilities.
• Demonstrated experience in highly dynamic environment undergoing change; ability to deal with competing priorities.
• Ability to analyze and modify processes in a complex and growing environment. 
• Detail-oriented, process-oriented, control-oriented.
• Exceptional communication skills, ability to manage expectations of management and team.
• Excellent analytical skills, the ability to manage multiple projects under strict timelines, and the ability to meet overall objectives while working well in a demanding, dynamic environment.
• Project management skills including financial/budget management, scheduling, and resource management.
• Ability to manage multiple priorities in a fast-paced environment while maintaining attention to detail and accuracy.
• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.

Education and Experience Requirements:

• Bachelor's degree in Information Technology, Computer Science, Business Administration, or related field. Advanced degree or professional certification (e.g., CISA, CISSP, CRISC) preferred.
• Proven experience (8+ years) in IT compliance management, preferably in a public company or regulated industry environment. Experience at Big4 public accounting firm highly desired.
• 3 years of direct team lead or management experience leading and directing work with both internal and external partners in a highly collaborative environment.

Physical Demands and Work Environment:

• Work environment will be stressful at times, as overall office activities and work levels fluctuate.
• Must be able to bend, stoop, stretch, stand, and sit for extended periods of time.
• Subject to long periods of sitting and exposure to computer screen.
• Ability to perform repetitive motions of wrists, hands, and/or fingers due to extensive computer use.
• Metal ability to lead others and change processes in a fast-paced work environment.
• Must be able to lift 30 pounds as needed.
• Excellent ability to communicate both verbally and in writing.
• May be exposed to angry or irate customers. 
• Must be able to travel as needed.
• Ability to effectively communicate both verbally and written with internal and external customers with the ability to demonstrate empathy, compassion, courtesy, and respect for privacy.
• Physical and mental ability to analyze data, problem solving and critical thinking.