Director Cybersecurity Governance, Risk and Compliance

Job Details

Director Cybersecurity Governance, Risk and Compliance

Job Description

Job Summary

Lead Jefferson’s cyber governance, risk, and compliance (GRC) activities including cyber risk management, third-party risk management, policy and standard management, compliance, and cyber training and awareness.

Essential Functions

• Interacts with co-workers, visitors, and other staff consistent with the values of Jefferson.
• Develop, maintain, and operationalize the overall cyber GRC program strategy 
• Lead the GRC team in managing risk associated with emerging technologies (eg. AI, cloud computing, etc...)

• Make strategic decisions on continuous improvement of the cyber GRC program including technology stack rationalization, process improvements, etc.

• Oversee the talent management including professional development and mentoring

• Review the program operational and performance metrics and make continuous improvement decisions

• Lead the development, enhancement, and operationalization cyber security policies, processes and controls to mitigate risk and comply with applicable laws and regulations

• Lead the development, maintenance, and enhancements of the integrated control library

• Own the cyber risk register and oversee the cyber risk management processes including risk identification, risk analysis, risk treatment, and risk tracking

• Lead the cyber third-party risk management process

• Establish and maintain relationships with stakeholders across the organization, including senior leadership, business units, and other key stakeholders to promote information security best practices and awareness

• Lead the assessment and audit activities against HIPAA security requirements and PCI DSS

• Responsible for leading strategic initiatives for governance, risk and compliance in distributed on-premises and cloud infrastructure

• Oversee the cyber training program including onboarding and annual cybersecurity training, and awareness campaigns

• Review or track the success of the cyber training and awareness campaign including its impact on the culture

Competencies (Knowledge, Skills, and Abilities Required):

Facilitate development opportunities, mentors colleagues, and provides feedback to enhance individual and departmental growth 

Build a reliable and trustworthy department by setting clear expectations, rewarding dependable behavior, being transparent, admitting mistakes, and promoting consistent actions and communication

Drive departmental change by aligning with organizational strategy, partnering with senior leadership, involving employees, and addressing concerns openly

Promote disciplined decision-making, manages departmental resources, coordinates multiple teams, and empowers managers to lead effectively

Proven experience of cyber risk management, third-party risk management, cyber training and awareness, and health care specific compliance requirements such as HIPAA, PCI, HITRUST, etc.

Strong understanding and experience in enabling GRC solutions and common control framework for data regulations

Excellent project management skills

Proven broad cloud experience

Experience in crafting, implementing, and overseeing extensive IT risk management strategies, governance practices, and audit procedures

Ability to mentor teams

Minimum Education and Experience Requirements:

Bachelor’s degree in the IT/Technology 

AND

Experience:

10+ years of experience in information security with a focus on Governance, Risk & Compliance

Work Shift

Workday Day (United States of America)

Worker Sub Type

Regular

Primary Location Address

833 Chestnut Street, Philadelphia, Pennsylvania, United States of America

Nationally ranked, Jefferson, which is principally located in the greater Philadelphia region, Lehigh Valley and Northeastern Pennsylvania and southern New Jersey, is reimagining health care and higher education to create unparalleled value. Jefferson is more than 65,000 people strong, dedicated to providing the highest-quality, compassionate clinical care for patients; making our communities healthier and stronger; preparing tomorrow's professional leaders for 21st-century careers; and creating new knowledge through basic/programmatic, clinical and applied research. Thomas Jefferson University, home of Sidney Kimmel Medical College, Jefferson College of Nursing, and the Kanbar College of Design, Engineering and Commerce, dates back to 1824 and today comprises 10 colleges and three schools offering 200+ undergraduate and graduate programs to more than 8,300 students. Jefferson Health, nationally ranked as one of the top 15 not-for-profit health care systems in the country and the largest provider in the Philadelphia and Lehigh Valley areas, serves patients through millions of encounters each year at 32 hospitals campuses and more than 700 outpatient and urgent care locations throughout the region. Jefferson Health Plans is a not-for-profit managed health care organization providing a broad range of health coverage options in Pennsylvania and New Jersey for more than 35 years.    

Jefferson is committed to providing equal educa­tional and employment opportunities for all persons without regard to age, race, color, religion, creed, sexual orientation, gender, gender identity, marital status, pregnancy, national origin, ancestry, citizenship, military status, veteran status, handicap or disability or any other protected group or status.