Presbyterian Healthcare Services is a locally owned, not-for-profit healthcare system of eight hospitals, a statewide health plan and a growing multi-specialty medical group. Founded in New Mexico in 1908, it is the state's largest private employer with approximately 11,000 employees.
Presbyterian's story is really the story of the remarkable people who have chosen to work here. Starting with Reverend Cooper who began our journey in 1908, the hard work of thousands of physicians, employees, board members, and other volunteers brought Presbyterian from a tiny tuberculosis sanatorium to a statewide healthcare system, serving more than 700,000 New Mexicans.
We are part of New Mexico's history and committed to its future. That is why we will continue to work just as hard and care just as deeply to serve New Mexico for years to come.
* Bachelor Degree
Given the complexity of the responsibilities outlined above, the Director of ITGRC will employ a leadership approach that is engaging, imaginative, and collaborative, along with the ability to establish the\tappropriate balance between risk strategies and other priorities within the company. The role should possess expert level knowledge of comprehensive risk management approaches.
The Director should have well-developed change management skills, from strategy through to the ongoing operation and process improvement deliverable. Able to demonstrate the benefit of initiatives in the context of overall business risk mitigation and the company s operational objectives, including the ability to compare, contrast and prioritize among alternative
* Planning and coordinating organizational change
* Anticipating & Addressing Customer Needs
* Educating Employees, Customers & Transferring Knowledge
* Functioning as an Effective Contingent Member
* Diagnosing & Resolving Problems
* Acquiring & Applying Superior Skills to achieve Quality Outcomes
* Functioning as an Effective Team Member
*Experience with auditing, and risk management, as well as contract and vendor negotiation.
*Must have a solid understanding of information technology and information security.
* Strong IT Governance, Risk and Compliance experience with overseeing teams who run tools like Archer, Clearwell, etc.
*Strong verbal and written communication skills.
*Ability to articulate highly technical information into real world business impact at a senior management level and, conversely, ability to translate senior management business initiatives into
actionable technical designs.
*Must understand the unique requirements of security in a healthcare setting.
*Familiarity with current Cybersecurity management frameworks
*Content: Deep understanding of information security regulations, including Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program
(FedRAMP), Service Organization Control 2 (SOC 2), Federal Information Processing Standard (FIPS), National Institute of Standards and Technology (NIST), , Health Insurance Portability and
Accountability Act (HIPAA), Payment Card Industry (PCI), IS0 27001 and 27018, Sarbanes-Oxley (SOX), Cloud Security Alliance (CSA) and various other laws and regulations including
Leadership & Management
*Leadership: Ability to manage technical staff working on sensitive subject areas. High level of personal integrity, with the ability to professionally handle confidential matters and exudes the
appropriate level of judgment and maturity.
*Provides direct leadership to the information security team by setting, communicating and modeling high standards of performance and professionalism, developing and maintaining a high level of
work ethic and personal credibility with staff, and demonstrating consistent, sound judgment.
*Incorporates PHSs values into strategic and tactical priorities and emphasizes the relevance to the team.
*Inspires change and provides overall leadership to improve efficiency, business transformation and process simplification (proven success in leading and managing change).
* Demonstrated strong leadership and management skills and the ability to secure results through others.
*Motivated: High degree of initiative, dependability. Experience managing multiple, simultaneous, significant information security related initiatives and responses. Ability to work with little
*A Bachelor s degree in Information Security, Computer Science, Information Management Systems or related field is required, and an advanced degree is strongly preferred.
*At least 10 years of experience in a combination of risk management, information security and technology jobs, including a minimum of five years in a leadership role.
*Seven plus years of experience in a large (over 2,000 end users) Healthcare IT Enterprise required.
Professional certifications of Certified Information Privacy Professional (CIPP) and/or Certified Information Systems Security
Professional (CISSP) and/or Certified Information Security Manager (CISM) required.
The Director of IT Governance, Risk and Compliance (ITGRC) is responsible for establishing and maintaining an enterprise-wide IT Governance, Risk and compliance program. Including IT Audit and Forensics capabilities to ensure PHS assets are adequately protected. The Director of ITGRC will oversee a team of professionals that provide services to the organizations such as Audit management, Compliance Management, eDiscovery, Legal Hold as well as risk assessments, internal IT controls audits and cyber forensics. This role will work closely with the IT Security Architect in control definition, evaluation and corrective action. This role reports to the enterprise CISO and is part of the PHS Office of the CISO. The Director of ITGRC will remain up to date on GRC processes, solutions, be customer focused and provide an ever improving program to manage risk
*Responsible for planning, coordinating and implementing PHSs information governance, risk and compliance processes. Participate in the development and maintenance of policies, procedures, measures, and mechanisms to deliver GRC, and meet customer requirements.
*Identify and analyze problems; draw logical conclusions; identify alternative solutions; project consequences of proposed actions; develop effective course of action; and implement
*Understand and consider the impact of organizational, management, administrative and personnel aspects of information systems design; resolving related problems, and making appropriate
*Coordinate, plan, organize and direct the work of others in a diverse organization of multiple divisions having unique areas of responsibility and financed through differing budgetary funding
*Responsible for Information GRC (ITGRC) development and implementation including
*Identifying CMMI maturity goals for processes
*Oversee key technologies such as ClearWell, RSA Archer
*Develop and maintain IT Audit and Forensics processes
*Conducts risk assessments to properly analyze the risks to information assets
*Work with management to prioritize risks based on appropriate risk management methodology
*Manage ediscovery and legal holds
*Develop enterprise education and communication plan.
*Maintain deep knowledge of legal requirements and market standards of information risk management
*Conducts assessments and working closely with the Compliance team(s), IT, HR, and internal teams to address risks.
*Devise and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.
*Manage a team of highly-skilled compliance professionals with empathy, candor, positivity, and constructive feedback to produce a highly-motivated workforce.
*Recruit top-performing talent who fit the culture of the team and the company; engage them and align their individual career aspirations with the organization's goals to create a whole that is more
than the sum of its parts.
Benefits are effective day-one (for .45 FTE and above) and include:
Full medical, dental and vision insurance
Flexible spending accounts (FSAs)
Free wellness programs
Paid time off (PTO)
Retirement plans, including matching employer contributions
Continuing education and career development opportunities
Life insurance and short/long term disability programs
About New Mexico
New Mexico's unique blend of Spanish, Mexican and Native American influences contribute to a culturally rich lifestyle. Add in Albuquerque's International Balloon Fiesta, Los Alamos' nuclear scientists, Roswell's visitors from outer space, and Santa Fe's artists, and you get an eclectic mix of people, places and experiences that make this state great.
Cities in New Mexico are continually ranked among the nation's best places to work and live by Forbes magazine, Kiplinger's Personal Finance, and other corporate and government relocation managers like Worldwide ERC.
New Mexico offers endless recreational opportunities to explore, and enjoy an active lifestyle. Venture off the beaten path, challenge your body in the elements, or open yourself up to the expansive sky. From hiking, golfing and biking to skiing, snowboarding and boating, it's all available among our beautiful wonders of the west.
AA/EOE/VET/DISABLED. PHS is a drug-free and tobacco-free employer with smoke free campuses.