Director Governance, Risk & Compliance (GRC)

About The Position

Requirements

• Bachelor's degree in a relevant field such as Healthcare Administration, Information Security, Law, Business Administration, or a related field.
• Minimum of 5-10 years of experience in healthcare privacy, risk management, or compliance roles, with a focus on information security, privacy, and regulatory compliance.
• CISSP, CISM, or equivalent certifications preferred.
• In-depth knowledge of healthcare regulations and frameworks (e.g., HIPAA, NIST).
• Experience conducting audits, risk assessments, and regulatory reporting in a healthcare environment.

Nice To Haves

• Proven experience leading complex consulting engagements, including CIO/CISO engagements-driving all phases of the client engagement lifecycle.
• Strong leadership and program management skills; able to interface with client leadership teams and provide direction to internal, client, and vendor teams.
• Strong communication skills, including the ability to lead executive-level deliverable presentations and briefings.
• Develop high-quality deliverables, such as reports, presentations, policies, procedures, and architectural diagrams.

Responsibilities

• Developing and maintaining the organization's GRC framework, including policies, standards, and procedures for risk management, compliance, and information security.
• Providing guidance and leadership to ensure that business objectives are met within the established governance framework.
• Leading the identification, assessment, and mitigation of enterprise-wide risks, including operational, financial, reputational, legal, cybersecurity, and patient safety risks.
• Developing and implementing risk assessment methodologies, mitigation strategies, and action plans.
• Maintaining and reporting on the organization's risk register, tracking remediation activities, and providing insights to leadership.
• Conducting vendor risk assessments and ensuring third-party compliance with security and privacy standards.
• Ensuring compliance with all applicable healthcare laws, regulations, and industry standards.
• Developing and delivering compliance training programs to staff and leadership to promote awareness and adherence to ethical standards.
• Overseeing internal and external audits, coordinating responses, and managing remediation efforts.
• Staying current on evolving regulatory environments, security threats, and compliance best practices, and updating policies and procedures accordingly.
• Collaborating with quality and safety teams to integrate GRC into patient care delivery, focusing on preventing avoidable harm and improving patient outcomes.
• Supporting the development and implementation of patient safety initiatives.