Director of Cybersecurity Governance, Risk & Compliance

superlanet • United State
Relocation
Apply
AI Summary

Lead cybersecurity governance, risk management, and compliance programs for a healthcare organization in Texas. Develop and execute GRC strategy, manage third-party risk, and oversee incident response and business continuity. Requires 8+ years in healthcare cybersecurity, 5+ years leadership, and CISSP certification.

Key Highlights
8+ years healthcare cybersecurity experience
5+ years progressive leadership in GRC
CISSP certification required
Reside in Texas
Report to Deputy CISO
Key Responsibilities
Develop and execute enterprise cybersecurity GRC strategy aligned with organizational objectives and regulatory requirements
Lead annual HIPAA Security Risk Analyses and remediation planning efforts
Own cybersecurity incident response governance and escalation processes
Lead vendor security assessment and onboarding programs
Develop and maintain business continuity and disaster recovery strategies
Technical Skills Required
HIPAA Security Risk Analysis NIST Cybersecurity Framework Cybersecurity Policy Development Third-Party Risk Management Incident Response Governance
Benefits & Perks
Relocation assistance available
Flexibility to work onsite when needed
Nice to Have
HCISPP certification
CISM certification
Experience with Epic, Workday, Oracle ERP
Research security and CUI compliance
Cloud security governance

Job Description


Superlanet is spearheading an executive search for a Director of Cybersecurity Governance, Risk & Compliance (GRC) for our healthcare client in Texas.

This strategic leadership position reports directly to the Deputy Chief Information Security Officer and is responsible for building, maturing, and leading the organization's cybersecurity governance, risk management, compliance, third-party risk, incident response, and business continuity programs.


This position requires candidates to reside in Texas. Relocation assistance may be available for highly qualified candidates. While the organization supports flexibility, this leader must be available to work closely with executive leadership and respond onsite when business needs require.

Operating within a federated cybersecurity governance model, this leader will collaborate closely with enterprise security teams while maintaining ownership of healthcare-specific cybersecurity policies, risk management practices, and compliance programs supporting clinical, research, and business operations.


The ideal candidate is a cybersecurity leader with deep experience in governance, risk management, compliance, HIPAA security, and healthcare cybersecurity program development. This individual will serve as a trusted advisor to executive leadership and partner closely with IT, Compliance, Privacy, Legal, Clinical Operations, Research, and Enterprise Risk stakeholders.


Key Responsibilities

Governance, Risk & Compliance Leadership

  • Develop and execute the enterprise cybersecurity GRC strategy aligned with organizational objectives, regulatory requirements, and future hospital operations.
  • Build, lead, and mentor a team of cybersecurity governance and compliance professionals.
  • Establish cybersecurity metrics, KPIs, and executive reporting frameworks.
  • Deliver executive-level reporting on cybersecurity risk, compliance posture, and program maturity.
  • Partner with Internal Audit, Compliance, Privacy, Legal, and Enterprise Risk teams to align governance activities across the organization.
  • Evaluate cybersecurity insurance and risk transfer strategies as part of the organization's residual risk management program.


Risk Management

  • Lead annual HIPAA Security Risk Analyses and remediation planning efforts.
  • Maintain enterprise cybersecurity risk registers and track mitigation activities.
  • Conduct risk assessments for clinical systems, enterprise applications, cloud platforms, and infrastructure environments.
  • Perform business impact analyses to evaluate cybersecurity risks affecting clinical and business operations.
  • Conduct cyber risk trend analysis and reporting to identify emerging threats and prioritize remediation efforts.
  • Evaluate the effectiveness and cost-benefit of security controls and investments.


Governance & Compliance

  • Author and maintain cybersecurity policies, standards, and procedures.
  • Ensure compliance with HIPAA, NIST, and other applicable regulatory and security frameworks.
  • Develop healthcare-specific cybersecurity standards supporting clinical, research, and biomedical environments.
  • Support audits, regulatory inquiries, and compliance reviews.
  • Develop and oversee cybersecurity awareness, education, and behavior-change programs.


Third-Party Risk Management

  • Lead vendor security assessment and onboarding programs.
  • Evaluate security controls, SOC reports, penetration testing results, and vendor risk documentation.
  • Review technology contracts and Business Associate Agreements (BAAs) for security and compliance requirements.
  • Develop vendor risk management processes, risk-tiering methodologies, and remediation plans.


Incident Response & Business Continuity

  • Own cybersecurity incident response governance and escalation processes.
  • Develop and maintain business continuity and disaster recovery strategies.
  • Coordinate tabletop exercises and organizational preparedness activities.
  • Establish communication protocols, recovery procedures, and response playbooks for cybersecurity incidents.


Research & Security Governance

  • Support cybersecurity governance for research environments handling PHI, CUI, and other regulated data.
  • Establish cloud security, application security, and secure development governance standards.
  • Support vulnerability management, security testing, and threat-modeling activities.
  • Partner with research and technology stakeholders to ensure secure adoption of emerging technologies.


Required Qualifications

  • Bachelor's degree required; Master's degree in Information Technology, Cybersecurity, Health Informatics, or a related field preferred. Equivalent experience will be considered.
  • 8+ years of cybersecurity experience within healthcare, financial services, defense, research, higher education, or other highly regulated industries.
  • 5+ years of progressive leadership experience in cybersecurity governance, risk management, compliance, or information security leadership roles.
  • Healthcare provider, academic medical center, healthcare technology, or healthcare research experience.
  • Demonstrated experience conducting or leading HIPAA Security Risk Analyses.
  • Experience developing cybersecurity policies, governance frameworks, risk management programs, and executive reporting processes.
  • Strong knowledge of cybersecurity frameworks including HIPAA, NIST Cybersecurity Framework (CSF), NIST 800-171, and healthcare security best practices.
  • Experience presenting cybersecurity risks and compliance findings to executive leadership.
  • Ability to influence cross-functional stakeholders and drive enterprise-wide cybersecurity initiatives.


Required Certifications

  • CISSP (Certified Information Systems Security Professional)


Preferred Qualifications

  • Experience with research security, Controlled Unclassified Information (CUI), CMMC, or NIST 800-171 compliance programs.
  • Experience managing third-party cybersecurity risk programs in highly regulated environments.
  • Experience developing security awareness and behavior-based cybersecurity education programs.
  • Experience supporting Epic, Workday, Oracle ERP, or other large-scale healthcare technology ecosystems.
  • Familiarity with cloud security governance, application security governance, and business continuity planning.


Preferred Certifications

  • HCISPP (Healthcare Information Security and Privacy Practitioner)
  • CISM (Certified Information Security Manager)
  • CRISC (Certified in Risk and Information Systems Control)
  • CISA (Certified Information Systems Auditor)
  • Healthcare-specific Governance, Risk & Compliance (GRC) certifications



Similar Jobs

Explore other opportunities that match your interests

Senior Cybersecurity Systems Engineer

Cyber Security
•
6h ago

Premium Job

Sign up is free! Login or Sign up to view full details.

•••••• •••••• ••••••
Job Type ••••••
Experience Level ••••••

Northrop Grumman

United State

Cyber Security Engineer

Cyber Security
•
16h ago
Visa Sponsorship Relocation Remote
Job Type Full-time
Experience Level Mid-Senior level

Precision Technologies

United State

Integrated Security Systems Architect

Cyber Security
•
1d ago
Visa Sponsorship Relocation Remote
Job Type Full-time
Experience Level Mid-Senior level

Professional.me

United State

Subscribe our newsletter

New Things Will Always Update Regularly