This role is hybrid 2 days onsite and 3 days remote
SUMMARY OF OVERALL PURPOSE
In this position the Executive Director, Information Security Governance, Risk and Compliance will be responsible for the holistic GRC program which includes; Information Security program management, policies, standards, associates control frameworks, security awareness and training, risk management which includes risk quantification, interfacing with internal and external audit, and regulators. Being an enterprise position, the selected candidate will manage information security risks across the organization. This role includes management of technology risk, vendor risk management, IT governance, and IT compliance. This role is expected to effectively partner with internal and external groups in reporting out risk at multiple levels including executive leadership.
KEY ACCOUNTABILITIES
Percentage of Time
30%
Lead team and develop talent
20%
Building out and executing a risk management program and strategy
20%
Building and maintaining information security policies, procedures and processes
20%
Developing, building and maintaining a common controls framework
10%
Relationship management across the enterprise
TOTAL = 100%
SUPERVISORY RESPONSIBILITIES
6
EDUCATION AND EXPERIENCE
MINIMUM REQUIREMENTS
Bachelors’ degree required.
7+ years of information security experience required
One or more of the following certifications is required: CISSP, CRISC, CHP, CHSE, GSEC, CISM/CISA, ITIL and/or other related Information Security certification.
Experience leading a Governance, Risk, and Compliance function is required
Proven track record of leading and managing highly functional GRC team
Strong presentation, verbal and written communication skills with the ability to articulate complex ideas in easy to understand business terms to all levels of management including senior leaders required
Knowledge of and experience with privacy and security law issues, particularly HIPAA, required
Knowledge of information risk management governance, policies, & libraries, analytics & reporting, and issue management required.
Strong collaboration skills
Strong business acumen
Understanding of respective industry best practices (e.g., NIST, HIPAA, HITRUST, ISO, COBIT, OWASP, ITIL, etc.).
Excellent collaboration skills including ability to lead cross functional teams and build consensus.
Required Skills Required Experience
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law. We are a VEVRAA Federal Contractor.