Director, Governance, Regulatory Compliance & Security Awareness

Tenet is seeking a Director, Governance, Regulatory Compliance & Security Awareness/Training. Below is a brief summary of what Tenet is seeking for this role.

OVERVIEW 

The Director, Governance, Regulatory Compliance & Security Awareness is a key leader responsible for all Policy & Procedure Governance, Regulatory Compliance and cybersecurity education, awareness, training, and change management communications for Tenet and its United Surgical Partners International (USPI), Conifer, and Tenet Physician Resources (TPR) business lines. This critical role is front and center to building, driving, and reinforcing a security-aware workforce and culture that is needed to minimize cyber risk related to the human factor. It plays a key part in ensuring that the Policies & Procedures align to the various regulatory compliance requirements to which the company must adhere. This is a dynamic, people-centric role that includes the creation of engaging security awareness content, phishing campaigns, and training that resonates with a variety of business operations and the front-line healthcare providers across the country. 

REPORTING STRUCTURE & WORK SETTING

This position may be performed on-site at Tenet headquarters in Dallas, Texas, at a remote location, or hybrid; however on-site or hybrid will be given preference. The position reports directly to the Senior Director of Enterprise Cybersecurity Enterprise Governance, Risk and Compliance (GRC). 

This hands-on role directs and manages the Policy & Procedure Governance, Regulatory Compliance and Cybersecurity Awareness and Training program, including a GRC analyst and a Senior Cybersecurity Analyst.

RESPONSIBILITIES

• Operating and improving processes to provide initial assessments, reassessments and ongoing monitoring of control coverage to ensure compliance with information protection policies and standards.
• Executing processes to document, report, and manage assessment findings, exceptions to standards, and identified risks in order to ensure that appropriate action plans are created and executed to remediate gaps, deficiencies, and risks.
• Coordinate and organize the remediation efforts holding owners accountable to the findings coming out of the program level assessments
• Researching existing IT general controls and processes, gathering related data and collecting responses in order to support the assessment of information risks.
• Leads all aspects of building the Cybersecurity Awareness and Training program including strategic program and project planning and execution; developing business cases for new resource and budget needs; and creating new approaches to operationalizing delivery. 
• Leads the development and delivery of educational security content (e.g., print/digital signage, newsletters, website, virtual/in-person training, etc.) across multiple platforms that is engaging, relevant, and ensures security best practices and adherence to policies to reduce cybersecurity risks.
• Drives awareness through the workforce that includes business facing, and front line employees.
• Develops annual, ad hoc, and role-based training plans, and e-learning for employees and contractors. 
• Manages the third-party security awareness and phishing platform, including simulated phishing exercises, and other email-based tools.
• Collaborates with corporate and market communications teams, corporate executives, compliance, privacy, legal and other subject matter experts to create content, deliver it throughout our markets, and execute on awareness campaigns.
• Tracks and reports key training and awareness metrics to measure program impact and effectiveness.
• Ensures the Security Awareness and Training program meets all industry regulations, standards, and compliance requirements (e.g., HIPAA, NIST, ISO, SOX, etc.) and company guidelines.

QUALIFICATIONS

Other combinations of education, experience, or training that may be considered in substitution for the minimum requirements: A relevant combination of education and work experience, as described above, may be substituted on a year for year basis.

Preferred education and/or experience: Experience working in cross-departmental teams, leading efforts through collaboration and influence, in large, complex organizations.

EDUCATION AND WORK EXPERIENCE

• 7 or more years in a management role with delivery and resource management responsibilities
• Bachelor’s Degree Preferred

SPECIALIZED KNOWLEDGE, SKILLS & ABILITIES:

Specialized training, certifications, or other special requirements:

• Strong knowledge of information risks and cybersecurity best practices related to phishing, social engineering, data protection, password management, and other cybersecurity threats to develop relevant training content and topics. 
• Experience with content creation, e-learning, and phishing tools used to develop and deliver training/awareness content and phishing simulations. 
• Demonstrated success in project/product management experience, business, and data analysis. 
• Ability to coordinate with project managers to assist with communications related to cyber project implementation and developing associated change management training.
• Excellent verbal and written communication skills. Must be comfortable with communicating with and presenting to executive-level audiences and the broader workforce.
• Experience coordinating with cross-functional teams and managing timely completion of program deliverables. 
• Experience establishing and maintaining effective relationships with clients, vendors, and team members.
• Responsive to business partners and demonstrates a commitment to providing quality service.
• <25% travel, as needed based on demand; a Motor Vehicle Report (MVR) will be conducted on the finalist

Preferred special requirements:

• Security Certifications including CISM, CISA, CISSP, CIA, CIPM, or other 

Tenet Healthcare/USPI complies with federal, state, and/or local laws regarding mandatory vaccination of its workforce.  If you are offered this position and must be vaccinated under any applicable law, you will be required to show proof of full vaccination or obtain an approval of a religious or medical exemption prior to your start date.  If you receive an exemption from the vaccination requirement, you will be required to submit to regular testing in accordance with the law.