Director, Cybersecurity Compliance

About The Position

Requirements

• Bachelor’s degree in Information Security, Information Technology, Healthcare Administration, or related field
• 10+ years of experience in IT security, risk, or compliance, with significant experience in healthcare
• 5+ years in a leadership role within a healthcare or regulated environment
• Deep knowledge of healthcare regulations (HIPAA/HITECH) and security frameworks (NIST, HITRUST, ISO)
• Strong understanding of risk management methodologies and audit practices
• Experience with GRC platforms and compliance tooling
• Ability to independently assess control effectiveness and identify gaps
• Strong understanding of PHI handling, privacy requirements, and breach response obligations
• Ability to translate regulatory requirements into practical governance structures

Nice To Haves

• Master’s degree
• CISSP, CISM, CISA, or CRISC certification/licensure
• HCISPP (Healthcare Information Security and Privacy Practitioner) certification/licensure
• HITRUST CCSFP certification/licensure

Responsibilities

• Defining regulatory requirements
• Establishing risk management frameworks
• Independently assessing the effectiveness of cybersecurity controls
• Ensuring alignment with healthcare regulations, patient privacy obligations, and industry standards
• Serving as the independent oversight function for cybersecurity
• Ensuring controls meet regulatory, audit, and risk expectations without bias from operational ownership
• Partnering with cybersecurity operations, clinical leadership, legal, and compliance to embed security and compliance into workflows
• Maintaining safe and uninterrupted patient care