Information Security Governance, Risk, and Compliance Advisor
iMethods is an award winning Healthcare IT Staffing and Consulting firm. As a #1 BEST IN KLAS and Modern Healthcare Best Place to Work, our team is dedicated to exceeding expectations and ensuring alignment between customer needs and the resources we provide to meet those needs.
iMethods is seeking an Information Security Governance, Risk and Compliance Advisor for an opportunity with a large health system in the Jacksonville, FL market. This is a full time position with the health system. Ideal candidates will be looking to relocate to the area.
iMethods is conducting a search to identify an Information Security Governance, Risk, and Compliance Manager.
Reporting to the CTO/CISO, you will lead Governance, Risk and Compliance (GRC) work for Information Security.
The successful candidate will be a multifaceted information security governance, risk and compliance expert, advisor, and leader who can perform the fundamental roles of a GRC program lead, which include but are not limited to: continued growth, operation, and maintenance of the current Information Security Risk Assessment Process which is aligned to NIST 800-30 and ISO 27001; maintaining a control assurance function to advise on and monitor information security risks; establishing and managing applicable information security policies and relevant standards; overseeing applicable information security, contractual, and compliance requirements (i.e. HIPAA, NIST, PCI, and local privacy laws) through strategy development, controls definition, and assessment; advising, engaging and supporting the planning, development, execution and operations of the health system’s information security program.
As a pivotal member of the Information Security team, this individual will work closely with the CTO/CISO, the Manager, Information Security, as well as the information security technical team members, and various stakeholders across the health care system in order to discuss and enable a better understanding of information security issues as well as applicable solutions.
Manage the current Information Security Risk Assessment Process including ensuring the Process continues to be reflective of regulatory compliance, information security trends in the health care industry, and overall information security best practices.
Ensure compliance with HIPAA and applicable legal and regulatory requirements.
Work closely with the CTO/CISO to ensure key information security risks and issues that are identified in the Information Security Risk Assessment Process are addressed and resolved in a timely manner.
Assist the CTO/CISO in GRC and general information security issues as required, including interaction with the Information Security Operations team, Technology teams and health care system business units.
Manage and maintain the enterprise wide Information Security Awareness Program which includes annual computer based training for all team members and proactive communications on information security trends and threats.
Continue to develop, implement and coordinate efforts to manage information security risk and compliance of third party vendors and suppliers.
Oversee information security policies, procedures, and guidelines to ensure that they meet both internal and external requirements.
Partner with other business units across the health care system to discuss and address pertinent information security GRC issues.
Keep up with ongoing trends and changes within the GRC community, and make sure that the CTO/CISO is up to date with the latest relevant methods and practices.
Lead and support related governance activities including Organizing, scheduling, and facilitating the regular health system information security program governance meeting (“HIPAA Committee” meetings).
Bachelor’s degree in a relevant field.
10+ years’ experience in information technology; 5+ in a security governance, risk, and compliance management experience
Extensive knowledge of GRC and GRC best practices especially as they pertain to the health care industry.
Must have experience and understanding of HIPPA
Understanding and familiarity with information security frameworks including implementation (i.e., ISO, NIST, HITRUST, COBIT, etc.).
Ability to process and understand complex information relevant to information security initiatives.
Ability to multi-task between projects while communicating any necessary information to applicable parties.
Strong analytical thinking, written, and oral communication and presentation skills
Excellent interpersonal and relationship management skills. Must have the ability to influence others and work at all levels across the organizational structure
Ability to work with minimal supervision and be able to bridge the gap between technical knowledge and GRC initiatives across the health care system in order to influence desired outcomes.
Experience reviewing contracts and advising on GRC related terms, risks and issues.