Key skills
Risk ManagementCommunication
About this role
Role Overview
- Lead IT governance, including policy development, lifecycle management, and governance committee oversight
- Maintain an auditable policy library with structured review and approval processes
- Align security policies with HIPAA, HITRUST, SOC 2, and other regulatory frameworks
- Translate audit findings into actionable controls and remediation plans
- Own the IT security awareness and training program, including role-based training and phishing simulations
- Oversee vendor and third-party risk management, including due diligence, risk assessments, and ongoing monitoring
- Manage the IT risk register and drive risk mitigation strategies with executive reporting
- Support audit readiness through control testing, reporting, and coordination of internal/external audits
- Promote adoption of enterprise security standards across identity, access, and data protection
Requirements
- 8+ years in information security, IT governance, or risk management
- 3+ years leading governance or compliance programs in healthcare or regulated industries
- Experience with HITRUST, SOC 2 Type II, and HIPAA
- Proven experience building policy, awareness, and vendor risk programs
- Strong risk management, stakeholder communication, and executive reporting skills
- CISA, CISSP, CRISC, or CISM preferred
Benefits
- Comprehensive medical, dental, vision, and life insurance coverage
- 401(k) retirement plan with employer match
- Health Savings Account (HSA) & Flexible Spending Accounts (FSAs)
- Paid time off (PTO) and disability leave
- Employee Assistance Program (EAP)