Director - InfoSec Governance, Risk and Compliance - Hybrid

About The Position

Requirements

• Bachelor’s degree required; Master’s degree preferred in relevant field.
• 10+ years of progressively responsible experience in information security, IT and InfoSec risk, governance, compliance, metrics, business continuity, and training.
• 5+ years direct management experience leading InfoSec and/or IT GRC Teams
• Experience managing third‑party risk, business continuity programs, and security training initiatives
• Demonstrated experience managing enterprise information security risk, NIST‑aligned programs, SOC 2, and SOX ITGC environments
• Proven success implementing metrics‑driven GRC programs at scale
• Experience with GRC tooling, continuous control monitoring, M&A security due diligence, and AI governance programs
• Demonstrated experience with HIPAA Security Rule implementation and HITRUST CSF alignment.
• Business acumen with an ability to explain to business leaders security initiatives, programming and impact
• Exceptional written, verbal, and public speaking skills
• Willing to travel up to 10% of the time for business purposes (within state and out of state).

Nice To Haves

• Professional certifications such as CISSP, CISM, CRISC, CISA, HCISPP, or HITRUST CCSFP
• Experience presenting to executive leadership

Responsibilities

• Lead the enterprise information security and IT risk management program, including identification, assessment, classification, and measurement of risks impacting healthcare operations and ePHI.
• Lead the enterprise information security governance program, including development and maintenance of policies, standards, procedures, and control narratives
• Lead a scalable third‑party risk management program covering security and privacy assessments, risk tiering, remediation tracking, and continuous monitoring
• Lead enterprise‑wide security education and awareness programs for employees, contractors, and vendors
• Develop executive‑level metrics and dashboards translating technical risk into business‑relevant insights
• Present security risk, compliance posture, and investment needs to leadership
• Provide governance oversight for incident response and lead enterprise tabletop exercises
• Expand Data Governance program in alignment with privacy and compliance
• Support the AI Governance Committee with effective implementation of governance controls around enterprise AI use
• Maintain and govern the InfoSec and IT risk register, including risk ownership, treatment plans, exception handling, and align with Enterprise Risk Management.
• Develop and maintain key risk and performance metrics (KRIs/KPIs), dashboards, and trend analyses demonstrating risk posture and maturity improvements
• Lead control maturity and compliance programs aligned to NIST‑CSF, SOC 2, SOX IT General Controls (ITGC), and other applicable regulatory or assurance frameworks
• Coordinate external audits and assessments, serving as the primary liaison for auditors and assessors
• Identify and research potential performance improvement opportunities in leveraging security benchmarks and best practices.
• Lead, mentor, and develop a high‑performing GRC team.

Benefits

• Medical, Dental, & Vision Insurance
• Paid Time off
• Bonding Time Off
• 401K Retirement Savings Plan with Company Match
• HSA Company Match
• Flexible Spending Accounts
• Tuition Reimbursement
• myFlexPay
• Family Support
• Mental Health Services
• Company Paid Life Insurance
• Award/Recognition Programs