Lead cybersecurity governance, risk management, and compliance programs for a healthcare organization in Texas. Develop and execute GRC strategy, manage third-party risk, and oversee incident response and business continuity. Requires 8+ years in healthcare cybersecurity, 5+ years leadership, and CISSP certification.
Key Highlights
Key Responsibilities
Technical Skills Required
Benefits & Perks
Nice to Have
Job Description
Superlanet is spearheading an executive search for a Director of Cybersecurity Governance, Risk & Compliance (GRC) for our healthcare client in Texas.
This strategic leadership position reports directly to the Deputy Chief Information Security Officer and is responsible for building, maturing, and leading the organization's cybersecurity governance, risk management, compliance, third-party risk, incident response, and business continuity programs.
This position requires candidates to reside in Texas. Relocation assistance may be available for highly qualified candidates. While the organization supports flexibility, this leader must be available to work closely with executive leadership and respond onsite when business needs require.
Operating within a federated cybersecurity governance model, this leader will collaborate closely with enterprise security teams while maintaining ownership of healthcare-specific cybersecurity policies, risk management practices, and compliance programs supporting clinical, research, and business operations.
The ideal candidate is a cybersecurity leader with deep experience in governance, risk management, compliance, HIPAA security, and healthcare cybersecurity program development. This individual will serve as a trusted advisor to executive leadership and partner closely with IT, Compliance, Privacy, Legal, Clinical Operations, Research, and Enterprise Risk stakeholders.
Key Responsibilities
Governance, Risk & Compliance Leadership
- Develop and execute the enterprise cybersecurity GRC strategy aligned with organizational objectives, regulatory requirements, and future hospital operations.
- Build, lead, and mentor a team of cybersecurity governance and compliance professionals.
- Establish cybersecurity metrics, KPIs, and executive reporting frameworks.
- Deliver executive-level reporting on cybersecurity risk, compliance posture, and program maturity.
- Partner with Internal Audit, Compliance, Privacy, Legal, and Enterprise Risk teams to align governance activities across the organization.
- Evaluate cybersecurity insurance and risk transfer strategies as part of the organization's residual risk management program.
Risk Management
- Lead annual HIPAA Security Risk Analyses and remediation planning efforts.
- Maintain enterprise cybersecurity risk registers and track mitigation activities.
- Conduct risk assessments for clinical systems, enterprise applications, cloud platforms, and infrastructure environments.
- Perform business impact analyses to evaluate cybersecurity risks affecting clinical and business operations.
- Conduct cyber risk trend analysis and reporting to identify emerging threats and prioritize remediation efforts.
- Evaluate the effectiveness and cost-benefit of security controls and investments.
Looking to advance your Cyber Security career with relocation support? Explore Cyber Security Jobs with Relocation Packages that include comprehensive packages to help you move and settle in your new role.
Governance & Compliance
- Author and maintain cybersecurity policies, standards, and procedures.
- Ensure compliance with HIPAA, NIST, and other applicable regulatory and security frameworks.
- Develop healthcare-specific cybersecurity standards supporting clinical, research, and biomedical environments.
- Support audits, regulatory inquiries, and compliance reviews.
- Develop and oversee cybersecurity awareness, education, and behavior-change programs.
Third-Party Risk Management
- Lead vendor security assessment and onboarding programs.
- Evaluate security controls, SOC reports, penetration testing results, and vendor risk documentation.
- Review technology contracts and Business Associate Agreements (BAAs) for security and compliance requirements.
- Develop vendor risk management processes, risk-tiering methodologies, and remediation plans.
Incident Response & Business Continuity
Discover our full range of relocation jobs with comprehensive support packages to help you relocate and settle in your new location.
- Own cybersecurity incident response governance and escalation processes.
- Develop and maintain business continuity and disaster recovery strategies.
- Coordinate tabletop exercises and organizational preparedness activities.
- Establish communication protocols, recovery procedures, and response playbooks for cybersecurity incidents.
Research & Security Governance
- Support cybersecurity governance for research environments handling PHI, CUI, and other regulated data.
- Establish cloud security, application security, and secure development governance standards.
- Support vulnerability management, security testing, and threat-modeling activities.
- Partner with research and technology stakeholders to ensure secure adoption of emerging technologies.
Required Qualifications
- Bachelor's degree required; Master's degree in Information Technology, Cybersecurity, Health Informatics, or a related field preferred. Equivalent experience will be considered.
- 8+ years of cybersecurity experience within healthcare, financial services, defense, research, higher education, or other highly regulated industries.
- 5+ years of progressive leadership experience in cybersecurity governance, risk management, compliance, or information security leadership roles.
- Healthcare provider, academic medical center, healthcare technology, or healthcare research experience.
- Demonstrated experience conducting or leading HIPAA Security Risk Analyses.
- Experience developing cybersecurity policies, governance frameworks, risk management programs, and executive reporting processes.
- Strong knowledge of cybersecurity frameworks including HIPAA, NIST Cybersecurity Framework (CSF), NIST 800-171, and healthcare security best practices.
- Experience presenting cybersecurity risks and compliance findings to executive leadership.
- Ability to influence cross-functional stakeholders and drive enterprise-wide cybersecurity initiatives.
Interested in relocating to United State? Check out our comprehensive Relocation Jobs in United State page with detailed relocation packages and benefits.
Required Certifications
- CISSP (Certified Information Systems Security Professional)
Preferred Qualifications
- Experience with research security, Controlled Unclassified Information (CUI), CMMC, or NIST 800-171 compliance programs.
- Experience managing third-party cybersecurity risk programs in highly regulated environments.
- Experience developing security awareness and behavior-based cybersecurity education programs.
- Experience supporting Epic, Workday, Oracle ERP, or other large-scale healthcare technology ecosystems.
- Familiarity with cloud security governance, application security governance, and business continuity planning.
Preferred Certifications
- HCISPP (Healthcare Information Security and Privacy Practitioner)
- CISM (Certified Information Security Manager)
- CRISC (Certified in Risk and Information Systems Control)
- CISA (Certified Information Systems Auditor)
- Healthcare-specific Governance, Risk & Compliance (GRC) certifications
Similar Jobs
Explore other opportunities that match your interests
Senior Cybersecurity Systems Engineer
Northrop Grumman
Precision Technologies