The #1 Site for Healthcare Jobs - search all Healthcare jobs.
M8y7j36wwkn9qw6d28w

DIRECTOR-ITGRC (IT GOVERNANCE, RISK AND COMPLIANCE)

Job Description

About Us

Presbyterian Healthcare Services is a locally owned, not-for-profit healthcare system of eight hospitals, a statewide health plan and a growing multi-specialty medical group. Founded in New Mexico in 1908, it is the state's largest private employer with approximately 11,000 employees.


Presbyterian's story is really the story of the remarkable people who have chosen to work here. Starting with Reverend Cooper who began our journey in 1908, the hard work of thousands of physicians, employees, board members, and other volunteers brought Presbyterian from a tiny tuberculosis sanatorium to a statewide healthcare system, serving more than 700,000 New Mexicans.


We are part of New Mexico's history and committed to its future. That is why we will continue to work just as hard and care just as deeply to serve New Mexico for years to come.

 

Job Description 

Education:
Essential:
* Bachelor Degree

Other information:
Given the complexity of the responsibilities outlined above, the Director of ITGRC will employ a leadership approach that is engaging, imaginative, and collaborative, along with the ability to establish the\tappropriate balance between risk strategies and other priorities within the company. The role should possess expert level knowledge of comprehensive risk management approaches.
The Director should have well-developed change management skills, from strategy through to the ongoing operation and process improvement deliverable. Able to demonstrate the benefit of initiatives in the context of overall business risk mitigation and the company s operational objectives, including the ability to compare, contrast and prioritize among alternative
approaches. 
Competencies
Nonessential:
* Planning and coordinating organizational change
* Anticipating & Addressing Customer Needs
* Educating Employees, Customers & Transferring Knowledge
* Functioning as an Effective Contingent Member
* Diagnosing & Resolving Problems
* Acquiring & Applying Superior Skills to achieve Quality Outcomes
* Functioning as an Effective Team Member
Skills
*Experience with auditing, and risk management, as well as contract and vendor negotiation.
*Must have a solid understanding of information technology and information security.
* Strong IT Governance, Risk and Compliance experience with overseeing teams who run tools like Archer, Clearwell, etc.
*Strong verbal and written communication skills.
*Ability to articulate highly technical information into real world business impact at a senior management level and, conversely, ability to translate senior management business initiatives into
actionable technical designs.
*Must understand the unique requirements of security in a healthcare setting.
*Familiarity with current Cybersecurity management frameworks
*Content: Deep understanding of information security regulations, including Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program
(FedRAMP), Service Organization Control 2 (SOC 2), Federal Information Processing Standard (FIPS), National Institute of Standards and Technology (NIST), , Health Insurance Portability and
Accountability Act (HIPAA), Payment Card Industry (PCI), IS0 27001 and 27018, Sarbanes-Oxley (SOX), Cloud Security Alliance (CSA) and various other laws and regulations including
Executive Orders.
Leadership & Management
*Leadership: Ability to manage technical staff working on sensitive subject areas. High level of personal integrity, with the ability to professionally handle confidential matters and exudes the
appropriate level of judgment and maturity.
*Provides direct leadership to the information security team by setting, communicating and modeling high standards of performance and professionalism, developing and maintaining a high level of
work ethic and personal credibility with staff, and demonstrating consistent, sound judgment.
*Incorporates PHSs values into strategic and tactical priorities and emphasizes the relevance to the team.
*Inspires change and provides overall leadership to improve efficiency, business transformation and process simplification (proven success in leading and managing change).
* Demonstrated strong leadership and management skills and the ability to secure results through others.
*Motivated: High degree of initiative, dependability. Experience managing multiple, simultaneous, significant information security related initiatives and responses. Ability to work with little
supervision.
Other Information
*A Bachelor s degree in Information Security, Computer Science, Information Management Systems or related field is required, and an advanced degree is strongly preferred.
*At least 10 years of experience in a combination of risk management, information security and technology jobs, including a minimum of five years in a leadership role.
*Seven plus years of experience in a large (over 2,000 end users) Healthcare IT Enterprise required.
Professional certifications of Certified Information Privacy Professional (CIPP) and/or Certified Information Systems Security
Professional (CISSP) and/or Certified Information Security Manager (CISM) required.


Summary:
The Director of IT Governance, Risk and Compliance (ITGRC) is responsible for establishing and maintaining an enterprise-wide IT Governance, Risk and compliance program. Including IT Audit and Forensics capabilities to ensure PHS assets are adequately protected. The Director of ITGRC will oversee a team of professionals that provide services to the organizations such as Audit management, Compliance Management, eDiscovery, Legal Hold as well as risk assessments, internal IT controls audits and cyber forensics. This role will work closely with the IT Security Architect in control definition, evaluation and corrective action. This role reports to the enterprise CISO and is part of the PHS Office of the CISO. The Director of ITGRC will remain up to date on GRC processes, solutions, be customer focused and provide an ever improving program to manage risk


Responsibilities:
*Responsible for planning, coordinating and implementing PHSs information governance, risk and compliance processes. Participate in the development and maintenance of policies, procedures, measures, and mechanisms to deliver GRC, and meet customer requirements.
*Identify and analyze problems; draw logical conclusions; identify alternative solutions; project consequences of proposed actions; develop effective course of action; and implement
recommendations
*Understand and consider the impact of organizational, management, administrative and personnel aspects of information systems design; resolving related problems, and making appropriate
recommendations
*Coordinate, plan, organize and direct the work of others in a diverse organization of multiple divisions having unique areas of responsibility and financed through differing budgetary funding
methodologies
*Responsible for Information GRC (ITGRC) development and implementation including
*Identifying CMMI maturity goals for processes
*Oversee key technologies such as ClearWell, RSA Archer
*Develop and maintain IT Audit and Forensics processes
*Conducts risk assessments to properly analyze the risks to information assets
*Work with management to prioritize risks based on appropriate risk management methodology
*Manage ediscovery and legal holds
*Develop enterprise education and communication plan.
*Maintain deep knowledge of legal requirements and market standards of information risk management
*Conducts assessments and working closely with the Compliance team(s), IT, HR, and internal teams to address risks.
*Devise and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.
*Manage a team of highly-skilled compliance professionals with empathy, candor, positivity, and constructive feedback to produce a highly-motivated workforce.
*Recruit top-performing talent who fit the culture of the team and the company; engage them and align their individual career aspirations with the organization's goals to create a whole that is more
than the sum of its parts.


Benefits

Benefits are effective day-one (for .45 FTE and above) and include:

  • Competitive salaries

  • Full medical, dental and vision insurance

  • Flexible spending accounts (FSAs)

  • Free wellness programs

  • Paid time off (PTO)

  • Retirement plans, including matching employer contributions

  • Continuing education and career development opportunities

  • Life insurance and short/long term disability programs


About New Mexico

New Mexico's unique blend of Spanish, Mexican and Native American influences contribute to a culturally rich lifestyle. Add in Albuquerque's International Balloon Fiesta, Los Alamos' nuclear scientists, Roswell's visitors from outer space, and Santa Fe's artists, and you get an eclectic mix of people, places and experiences that make this state great.


Cities in New Mexico are continually ranked among the nation's best places to work and live by Forbes magazine, Kiplinger's Personal Finance, and other corporate and government relocation managers like Worldwide ERC.


New Mexico offers endless recreational opportunities to explore, and enjoy an active lifestyle. Venture off the beaten path, challenge your body in the elements, or open yourself up to the expansive sky. From hiking, golfing and biking to skiing, snowboarding and boating, it's all available among our beautiful wonders of the west.

 

AA/EOE/VET/DISABLED. PHS is a drug-free and tobacco-free employer with smoke free campuses.


NW123


#CB



Job Requirements

 

Job Snapshot

Location US-NM-Albuquerque
Employment Type Full-Time
Pay Type Year
Pay Rate N/A
Store Type Health Care
Apply

Company Overview

Presbyterian Healthcare Services

Presbyterian Healthcare Services exists to improve the health of the patients, members and communities we serve. We are a locally owned and operated not-for-profit healthcare system known nationally for our extensive experience in integrating healthcare financing and delivery. Learn More

Contact Information

US-NM-Albuquerque
Snapshot
Presbyterian Healthcare Services
Company:
US-NM-Albuquerque
Location:
Full-Time
Employment Type:
Year
Pay Type:
N/A
Pay Rate:
Health Care
Store Type:

Job Description

About Us

Presbyterian Healthcare Services is a locally owned, not-for-profit healthcare system of eight hospitals, a statewide health plan and a growing multi-specialty medical group. Founded in New Mexico in 1908, it is the state's largest private employer with approximately 11,000 employees.


Presbyterian's story is really the story of the remarkable people who have chosen to work here. Starting with Reverend Cooper who began our journey in 1908, the hard work of thousands of physicians, employees, board members, and other volunteers brought Presbyterian from a tiny tuberculosis sanatorium to a statewide healthcare system, serving more than 700,000 New Mexicans.


We are part of New Mexico's history and committed to its future. That is why we will continue to work just as hard and care just as deeply to serve New Mexico for years to come.

 

Job Description 

Education:
Essential:
* Bachelor Degree

Other information:
Given the complexity of the responsibilities outlined above, the Director of ITGRC will employ a leadership approach that is engaging, imaginative, and collaborative, along with the ability to establish the\tappropriate balance between risk strategies and other priorities within the company. The role should possess expert level knowledge of comprehensive risk management approaches.
The Director should have well-developed change management skills, from strategy through to the ongoing operation and process improvement deliverable. Able to demonstrate the benefit of initiatives in the context of overall business risk mitigation and the company s operational objectives, including the ability to compare, contrast and prioritize among alternative
approaches. 
Competencies
Nonessential:
* Planning and coordinating organizational change
* Anticipating & Addressing Customer Needs
* Educating Employees, Customers & Transferring Knowledge
* Functioning as an Effective Contingent Member
* Diagnosing & Resolving Problems
* Acquiring & Applying Superior Skills to achieve Quality Outcomes
* Functioning as an Effective Team Member
Skills
*Experience with auditing, and risk management, as well as contract and vendor negotiation.
*Must have a solid understanding of information technology and information security.
* Strong IT Governance, Risk and Compliance experience with overseeing teams who run tools like Archer, Clearwell, etc.
*Strong verbal and written communication skills.
*Ability to articulate highly technical information into real world business impact at a senior management level and, conversely, ability to translate senior management business initiatives into
actionable technical designs.
*Must understand the unique requirements of security in a healthcare setting.
*Familiarity with current Cybersecurity management frameworks
*Content: Deep understanding of information security regulations, including Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program
(FedRAMP), Service Organization Control 2 (SOC 2), Federal Information Processing Standard (FIPS), National Institute of Standards and Technology (NIST), , Health Insurance Portability and
Accountability Act (HIPAA), Payment Card Industry (PCI), IS0 27001 and 27018, Sarbanes-Oxley (SOX), Cloud Security Alliance (CSA) and various other laws and regulations including
Executive Orders.
Leadership & Management
*Leadership: Ability to manage technical staff working on sensitive subject areas. High level of personal integrity, with the ability to professionally handle confidential matters and exudes the
appropriate level of judgment and maturity.
*Provides direct leadership to the information security team by setting, communicating and modeling high standards of performance and professionalism, developing and maintaining a high level of
work ethic and personal credibility with staff, and demonstrating consistent, sound judgment.
*Incorporates PHSs values into strategic and tactical priorities and emphasizes the relevance to the team.
*Inspires change and provides overall leadership to improve efficiency, business transformation and process simplification (proven success in leading and managing change).
* Demonstrated strong leadership and management skills and the ability to secure results through others.
*Motivated: High degree of initiative, dependability. Experience managing multiple, simultaneous, significant information security related initiatives and responses. Ability to work with little
supervision.
Other Information
*A Bachelor s degree in Information Security, Computer Science, Information Management Systems or related field is required, and an advanced degree is strongly preferred.
*At least 10 years of experience in a combination of risk management, information security and technology jobs, including a minimum of five years in a leadership role.
*Seven plus years of experience in a large (over 2,000 end users) Healthcare IT Enterprise required.
Professional certifications of Certified Information Privacy Professional (CIPP) and/or Certified Information Systems Security
Professional (CISSP) and/or Certified Information Security Manager (CISM) required.


Summary:
The Director of IT Governance, Risk and Compliance (ITGRC) is responsible for establishing and maintaining an enterprise-wide IT Governance, Risk and compliance program. Including IT Audit and Forensics capabilities to ensure PHS assets are adequately protected. The Director of ITGRC will oversee a team of professionals that provide services to the organizations such as Audit management, Compliance Management, eDiscovery, Legal Hold as well as risk assessments, internal IT controls audits and cyber forensics. This role will work closely with the IT Security Architect in control definition, evaluation and corrective action. This role reports to the enterprise CISO and is part of the PHS Office of the CISO. The Director of ITGRC will remain up to date on GRC processes, solutions, be customer focused and provide an ever improving program to manage risk


Responsibilities:
*Responsible for planning, coordinating and implementing PHSs information governance, risk and compliance processes. Participate in the development and maintenance of policies, procedures, measures, and mechanisms to deliver GRC, and meet customer requirements.
*Identify and analyze problems; draw logical conclusions; identify alternative solutions; project consequences of proposed actions; develop effective course of action; and implement
recommendations
*Understand and consider the impact of organizational, management, administrative and personnel aspects of information systems design; resolving related problems, and making appropriate
recommendations
*Coordinate, plan, organize and direct the work of others in a diverse organization of multiple divisions having unique areas of responsibility and financed through differing budgetary funding
methodologies
*Responsible for Information GRC (ITGRC) development and implementation including
*Identifying CMMI maturity goals for processes
*Oversee key technologies such as ClearWell, RSA Archer
*Develop and maintain IT Audit and Forensics processes
*Conducts risk assessments to properly analyze the risks to information assets
*Work with management to prioritize risks based on appropriate risk management methodology
*Manage ediscovery and legal holds
*Develop enterprise education and communication plan.
*Maintain deep knowledge of legal requirements and market standards of information risk management
*Conducts assessments and working closely with the Compliance team(s), IT, HR, and internal teams to address risks.
*Devise and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.
*Manage a team of highly-skilled compliance professionals with empathy, candor, positivity, and constructive feedback to produce a highly-motivated workforce.
*Recruit top-performing talent who fit the culture of the team and the company; engage them and align their individual career aspirations with the organization's goals to create a whole that is more
than the sum of its parts.


Benefits

Benefits are effective day-one (for .45 FTE and above) and include:

  • Competitive salaries

  • Full medical, dental and vision insurance

  • Flexible spending accounts (FSAs)

  • Free wellness programs

  • Paid time off (PTO)

  • Retirement plans, including matching employer contributions

  • Continuing education and career development opportunities

  • Life insurance and short/long term disability programs


About New Mexico

New Mexico's unique blend of Spanish, Mexican and Native American influences contribute to a culturally rich lifestyle. Add in Albuquerque's International Balloon Fiesta, Los Alamos' nuclear scientists, Roswell's visitors from outer space, and Santa Fe's artists, and you get an eclectic mix of people, places and experiences that make this state great.


Cities in New Mexico are continually ranked among the nation's best places to work and live by Forbes magazine, Kiplinger's Personal Finance, and other corporate and government relocation managers like Worldwide ERC.


New Mexico offers endless recreational opportunities to explore, and enjoy an active lifestyle. Venture off the beaten path, challenge your body in the elements, or open yourself up to the expansive sky. From hiking, golfing and biking to skiing, snowboarding and boating, it's all available among our beautiful wonders of the west.

 

AA/EOE/VET/DISABLED. PHS is a drug-free and tobacco-free employer with smoke free campuses.


NW123


#CB



Job Requirements

 
MiracleWorkers Advice

For your privacy and protection, when applying to a job online: Never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction.Learn More

By applying to a job using miracleworkers.com you are agreeing to comply with and be subject to the workinretail.com Terms and Conditions for use of our website. To use our website, you must agree with theTerms & Conditionsand both meet and comply with their provisions.
DIRECTOR-ITGRC (IT GOVERNANCE, RISK AND COMPLIANCE) Apply now