Director Cybersecurity, GRC
About The Position
Ann & Robert H. Lurie Children's Hospital of Chicago provides superior pediatric care in a setting that offers the latest benefits and innovations in medical technology, research and family-friendly design. As the largest pediatric provider in the region with a 140-year legacy of excellence, kids and their families are at the center of all we do. Ann & Robert H. Lurie Children's Hospital of Chicago is ranked in all 10 specialties by the U.S. News & World Report. General Summary: Directs the enterprise Governance, Risk and Compliance (GRC) program, setting strategic vision and ensuring alignment with NIST CSF, PCI DSS, HIPAA, and HITECH. Provides executive-level leadership in risk management, compliance, policy, and third-party oversight.
Requirements
- 7-10+ years' experience in cybersecurity GRC, with at least 3 years in senior leadership.
- Bachelor's degree required; Master's preferred in Information Security, Computer Science, or related field.
- Deep expertise in NIST CSF, PCI DSS, HIPAA/HITECH and related standards.
- Proven track record in building and leading GRC programs.
- Strong executive communication and stakeholder management skills.
- Relevant certifications (e.g., CISSP, CISM, CISA, CCSP) required.
Responsibilities
- Define and execute the organization's GRC strategy in alignment with business objectives and regulatory requirements.
- Lead the development, implementation, and oversight of enterprise-wide GRC programs.
- Provide expert guidance on risk-based controls, incident response readiness, and audit preparedness.
- Oversee security awareness, data protection, and vulnerability management programs.
- Direct third-party risk management, including contract security requirements and vendor reviews.
- Develop and report on GRC metrics for executive and board-level audiences.
- Serve as a key liaison for internal and external audits and regulatory inspections.
- Advise leadership on emerging threats, regulatory changes, and security program maturity.
- Ensure integration of GRC into business continuity and disaster recovery planning.
- Represent cybersecurity interests in enterprise initiatives, partnerships, and clinical/research programs.
- Perform other related duties as assigned.
Benefits
- For full time and part time employees who work 20 or more hours per week we offer a generous benefits package that includes:
- Medical, dental and vision insurance
- Employer paid group term life and disability
- Employer contribution toward Health Savings Account
- Flexible Spending Accounts
- Paid Time Off (PTO), Paid Holidays and Paid Parental Leave
- 403(b) with a 5% employer match
- Various voluntary benefits: Supplemental Life, AD&D and Disability
- Critical Illness, Accident and Hospital Indemnity coverage
- Tuition assistance
- Student loan servicing and support
- Adoption benefits
- Backup Childcare and Eldercare
- Employee Assistance Program, and other specialized behavioral health services and resources for employees and family members
- Discount on services at Lurie Children's facilities
- Discount purchasing program
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Director
Number of Employees
1,001-5,000 employees
