Senior Director, Information Security - Governance, Risk and Compliance (GRC)

• Job Description

Directs, plans, organizes, and evaluates the staff and activities of the Information Security function. Protects the organizations digital assets from unauthorized access. Secures systems which protect both online and on-premise infrastructures, responds to alerts, mitigates risks before breaches occur and supports efforts to contain, triage and recover from cyber incidents when they occur.

Job Responsibility

• Develop and Implement Cybersecurity Framework: Establish and maintain a cybersecurity framework based on industry best practices and regulatory requirements (e.g., NIST CSF, ISO 27001).

• Risk Management: Conduct regular risk assessments, identify vulnerabilities, and develop mitigation strategies, including prioritization of remediation activities. Oversee the implementation and monitoring of security controls to reduce risk.

• Compliance Management: Ensure compliance with relevant laws, regulations, and industry standards (including HIPAA). Manage assessments and address any identified gaps.

• Policy and Procedure Development: Create and maintain cybersecurity policies, procedures, and standards. Communicate these policies and procedures to all relevant stakeholders.

• Security Awareness Training: Develop and deliver security awareness training programs to educate employees about cybersecurity risks and best practices.

• Vendor Management: Assess and manage the cybersecurity risks associated with third-party vendors.

• Metrics and Reporting: Develop and track key performance indicators (KPIs) to measure the effectiveness of the cybersecurity program. Report on cybersecurity risks and compliance status to senior management.

• Budget Management: Develop and manage the budget for the cybersecurity GRC program.

• Team Management: Lead and mentor a team of cybersecurity professionals.

• Develops and articulates a short and long-term strategic vision for areas of responsibility.

• Selects, develops, manages, and evaluates direct reports and oversees the development, selection, and evaluation of indirect reports.

• Ensures performance appraisals are completed in a timely fashion.

• Performs related duties as required. All responsibilities noted here are considered essential functions of the job under the Americans with Disabilities Act. Duties not mentioned here, but considered related are not essential functions.

Job Qualification

?Bachelor's degree in Computer Science, Cyber Security or related field, required.
?8-12 years of relevant experience and 7+ years of leadership / management experience, required.

Highly Preferred Skills

• Deep understanding of cybersecurity principles, best practices, and frameworks (e.g., NIST CSF, ISO 27001, COBIT).
• Strong knowledge of relevant laws and regulations (e.g., HIPAA, PCI DSS, SOX, GDPR).
• Experience with risk assessment methodologies and vulnerability management.
• Excellent communication, interpersonal, and presentation skills.
• Strong leadership and team management skills.
• Ability to work effectively with cross-functional teams

*Additional Salary Detail
The salary range and/or hourly rate listed is a good faith determination of potential base compensation that may be offered to a successful applicant for this position at the time of this job advertisement and may be modified in the future. When determining a team member's base salary and/or rate, several factors may be considered as applicable (e.g., location, specialty, service line, years of relevant experience, education, credentials, negotiated contracts, budget and internal equity).