Director Cybersecurity | Governance, Risk and Compliance

About The Position

Requirements

• The individual must be able to work the hours specified.
• To perform this job successfully, an individual must be able to perform each essential job function satisfactorily including having visual acuity adequate to perform position duties and the ability to communicate effectively with others, hear, understand and distinguish speech and other sounds.
• These requirements and those listed above are representative of the knowledge, skills, and abilities required to perform the essential job functions.
• Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions, as long as the accommodations do not cause undue hardship to the employer.
• Bachelor's in computer science, cybersecurity or similar.
• At least 10 years cybersecurity or information technology experience.
• Demonstrated leadership experience and understanding of various regulatory requirements and laws.
• Proven understanding of business focus and processes, and ability to inject cybersecurity into the business through teamwork and influence

Nice To Haves

• Master's in computer science, cybersecurity or similar.
• Certified Information Systems Security Professional (CISSP) - International Information System Security Certification Consortium (ISC2)
• Certified Information Security Manager (CISM) - ISACA
• Certified Information Systems Auditor (CISA) - ISACA
• Certified Cloud Security Professional (CCSP) - International Information System Security Certification Consortium (ISC2)
• At least 5 years leadership experience.
• Understanding of service design, delivery concepts and control frameworks.

Responsibilities

• GRC Team Leadership & Strategy: (a) Lead the Governance, Risk, and Compliance (GRC) team in advancing a security maturation program. (b) Direct the team to document, communicate, and enforce security improvements that balance risk with operational efficiency. (c) Provide leadership in managing third-party, vendor, and partner oversight, emphasizing privacy, security, and compliance. (d)Act as a key escalation point for risk identification and mitigation planning.
• Security Oversight & Risk Management: (a) Ensure rigorous oversight of security systems and configurations to reduce enterprise risk. (b) Guide the team in confirming safeguards against risks from external entities. (c) Maintain strategies for managing audits, compliance checks, and external assessments.
• Business Integration & Operational Alignment: (a) Collaborate with business units during solution onboarding to ensure security controls are in place. (b)Oversee vendor risk assessments and enforce consistent process adherence across departments. (c)Inspire adoption of cybersecurity controls to reduce the organizational attack surface.
• Compliance & Audit Engagement: (a) Liaise with internal and external auditors to implement and maintain compliance with privacy and security laws. (b) Align team efforts with audit and risk management leadership for ongoing assessments and strategic planning.
• Metrics, Reporting & Program Evaluation: (a) Influence and validate metrics used to assess the success of the security program. (b) Regularly report program performance to security and business leadership. (c) Promote alignment with enterprise risk management principles in documentation and system configuration.
• Incident Response & Documentation: (a) Assign team members to monitor and document incident response activities. (b) Ensure thorough tracking of security incidents, resolutions, and lessons learned.
• Security Awareness & Communication: (a) Maintain up-to-date knowledge of regulatory, privacy, and security best practices. (b) Effectively communicate GRC controls and security practices across business units, including third-party integrations and financial systems.
• Responsibilities include interviewing, hiring, developing, training, and retaining employees; planning, assigning, and leading work; appraising performance; rewarding and coaching employees; addressing complaints and resolving problems.

Benefits

• PTO available day 1 for eligible hires.
• Up to 5% employer matching contribution for retirement
• Career development guided by hands-on training and mentorship
• Avera is an Equal Opportunity Employer - Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, Veteran Status, or other categories protected by law.
• If you are an individual with a disability and would like to request an accommodation for help with your online application, please call 1-605-504-4444 or send an email to [email protected] .