Senior Director, Compliance and Operations

ID
2024-1627
Category
Information Security
Position Type
Regular Full-Time
Min
USD $150,000.00/Yr.
Max
USD $170,000.00/Yr.

Overview

The Senior Director, Compliance & Operations is an individual with solid understanding and experience in information security, IT governance, data privacy, cybersecurity risk assessment, compliance, business requirements, customer service, and revenue operation. The role is a key contributor in the development of Information Security’s innovation and transformation strategy, managing cross-functional efforts within the security department, and is accountable for successfully establishing the security team’s PMO. This person will collaborate with the business and other teams to prioritize and manage security initiatives, drive project plans, create new processes, and mature existing workflows. This role will oversee the Cyber Risk & Compliance (CRC), Customer Security, and Operations (PMO) divisions within the Information Security department.

Duties & Responsibilities

  • Under the guidance of organization’s CISO, the leader’s primary role will be to lead and further establish a world-class Cyber Risk & Compliance program that will contribute significantly to safeguarding the company and its brand.
  • Establishes, leads, mentors, and expands the security department’s PMO team, fostering a culture of high performance, continuous learning, and strategic project execution.
  • Cultivates strong relationships with key stakeholders, facilitating collaboration and alignment on project goals and strategies.
  • Develops, consolidates, enhances, and operationalizes enterprise-level security, risk and privacy policies, processes and controls to mitigate risk and comply with applicable laws and regulations.
  • Partners with appropriate business teams including but not limited to security teams to develop and execute appropriate audit process(es) based on best practices and customers’ requests. Partners with Sales to advance the organization’s RFP system regarding customers’ security requests.
  • Crafts and upholds project management methodologies, standards, and tools across Information Security, ensuring consistency and excellence in project delivery.
  • Leads the effort to identify, track, monitor and report on privacy controls and all applicable Data Privacy requirements.
  • Serves as the escalation point to engage with clients to assist the organization to achieve its objectives with pre and post sales activities (e.g., explain our security program, support external audits, support bids RFP process, etc.).
  • Partners with the team to provide vision and guidelines with applicable regulations and cybersecurity frameworks (e.g., HIPAA, PCI DSS, NIST 800).
  • Develops and uses Key Risk Indicators (KRIs) to drive program adherence and deliver on overall program performance.
  • Monitors compliance to Information Security policy and practices and develop processes to follow up on non-adherence (ex. Exception process).
  • Partners with primary stakeholders (business, operations, technology, risk, audit, compliance, legal) to align with strategic vision and goals.
  • Assists with internal and external audit process(es) for relevant compliance matters, including but not limited to SOC2, HIPAA, HITRUST, etc.
  • Oversees the designing, deploying, and maintaining organization’s GRC platform.
  • Helps lead and define organization’s overall third-party risk management efforts.
  • Assisting in designing, testing, and executing the company’s security incident response and BC/DR plans.
  • Facilitates post-project evaluations, integrating lessons learned into future project planning and PMO practices.
  • Manages day-to-day operational aspects of Information Security.
  • Solves conflicts and issues in a timely manner, escalating to manager as appropriate.
  • Ensures project documents are complete, current, and stored appropriately.
  • Effectively communicates relevant project information to leadership, including but not limited to sponsors.
  • Stays current and up to date with latest security news, threats, and applicable regulations.
  • Works individually and in a team environment. Multitasks and use time efficiently to meet project/task deadlines in a fast-paced environment.
  • Provides recommendations to stakeholders when appropriate.
  • Other duties as assigned.

Skills Required

  • University degree in Information Security, Computer Science, Computer Engineering, Information Technology (or equivalent of education and work experience)
  • Minimum of 5-7 years of experience in Information Security, IT Assurance, Privacy, GRC and/or IT Risk Management
  • Minimum of 5-7 years of experience in Program Management, Project Management, and Operations
  • Minimum of 3-5 years of people management and leadership experience
  • At least one of the following certifications: CISM, CISA, CRISC, CGEIT (or similar)
  • Strong understanding of data privacy regulations (i.e., HIPAA, CCPA, GDPR, etc.)
  • Proven technical experience in governance, risk management, and compliance within the cybersecurity realm
  • Demonstrated technical skills in conducting gap analysis regarding baseline security standards
  • Demonstrated experience and knowledge of relevant regulatory requirements, such as The U.S. Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standards (PCI DSS)
  • Strong understanding of Information Security control frameworks (i.e., NIST 800-53, COBIT, ISO 27001/2, etc.), SOC 1 and SOC 2, and applicable laws and regulations
  • Experience completing and managing Third Party Information Security Assessments
  • Experience in utilizing, managing, and maintaining a commercially available GRC platform
  • Ability to develop and/or modify policies and procedures in compliance with relevant regulatory requirements and management objectives
  • Understanding of IP networking, data centers, IT systems, applications, and databases
  • High level of personal integrity and ability to professionally handle confidential matters
  • Capable of acting calmly and managing incidents under high pressure and stress
  • Capable of multitasking in a fast paced, multifaceted environment
  • Ability to work well with customers, peers, and management
  • Demonstrated organizational, facilitation, presentation, and project management skills with excellent written and verbal communication skills at all levels
  • Proficient with Microsoft Office Suite and Office365 (i.e., Teams, SharePoint)
  • Previous experience in healthcare IT / SaaS vendor is preferred 
  • Previous working experience in healthcare environments is preferred
  • Knowledge and experience in information security and privacy laws, general electronic health information access, release of information, and release control technologies is preferred 
  • PMP or similar certifications are a plus

 

 

Min

USD $150,000.00/Yr.

Max

USD $170,000.00/Yr.

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed