Director of Governance, Risk, and Compliance - Burlington, United States - Cedar Gate Technologies Inc

Cedar Gate Technologies Inc
Cedar Gate Technologies Inc
Verified Company
Burlington, United States

1 week ago

Mark Lane

Posted by:

Mark Lane

beBee recruiter
Description

Job Location:

Hybrid Remote in our office in Burlington, MA, or Fully Remote in the USA


Position Summary

Reasons you will want this position:

  • We are a rapidly growing company with limitless career growth and advancement for top performers
  • Our culture appreciates and rewards creative ideas, especially those that achieve better outcomes for everyone
  • This is viewed as a key position for our continued success by our executives and senior leadership.
Summary


As the Director of Technology Governance, Risk, and Compliance (GRC), you will be a key leader within the Cybersecurity Department.

You will be responsible for ensuring effective governance, managing risks, and maintaining control frameworks to support the organization's objectives. In this Director position, you will oversee compliance with internal controls, industry-leading practices, and regulatory requirements, which includes HIPAA. Additionally, you will communicate with our internal and external auditors as the point of contact for technology GRC inquiries.


You will be responsible for successfully developing and guiding technology risk management and assessments, third-party risk assessments, and compliance monitoring, as well as developing policies, standards, and controls to ensure a strong control environment is in place for managing risk at Cedar Gate Technologies.


Roles & Responsibilities

Governance & Compliance:

  • Oversee a unified control framework (UCF), including monitoring controls to ensure alignment with various leading practice control frameworks, such as NIST CSF, CIS, COBIT, etc.
  • Overall responsibility for overseeing and establishing information security policies, procedures, and controls to manage risk and ensure compliance with internal and regulatory requirements.
  • Oversees the design and implementation of technology controls in collaboration with other members of technology teams, ensuring adherence to requirements and that control design is embedded into solutions and procedures.
  • Facilitate and support assessments of enterprise systems, processes, and controls to verify that controls are designed appropriately and operate effectively.
  • Oversee the definition of remediation plans, compensating and mitigating control activities, and retesting; ensure any recommendations received from internal audit, external audit, regulators, or other external parties are addressed and incorporated into those plans.
  • Ensure timely remediation of ineffective controls and that remediation plans address the risks and are appropriate, detailed, and current.
  • Ensure compliance with industry regulations, particularly HIPAA. Coordinate and facilitate internal and external audits, ensuring timely resolution of findings and recommendations (HiTrust, SOC 1, SOC 2).

Risk Management:

  • Overall responsibility for the technology risk management program, including risk reporting, risk registry, and executive metrics.
  • Provide leadership, guidance, and oversight to develop an enterprisewide Technology Risk Management program to assess, identify, report, manage, and prioritize organizational risks.
  • Provide leadership, guidance, and oversight to risk mitigation strategies to minimize organizational risks.
  • Oversees thirdparty and supply technology risk management practices and alignment with crossfunctional teams such as Enterprise Risk Management (ERM), Legal, and Operational teams.

Leadership and Stakeholder Alignment:

  • Provide general leadership, oversight, and development of technology governance, risk, and compliance practices.
  • Collaborate with key stakeholders to establish Technology GRC team priorities, goals, and objectives supporting business strategies.
  • Monitor and evaluate GRC practices and develop metrics and KPIs to identify areas for improvement and optimization.
  • Report regularly to IT Leadership, the business, and other Sr. Management on the effectiveness of GRC, including key risks and compliance with policy and controls, escalating issues as appropriate.
  • Conduct lessons learned with audit teams to ensure optimal coordination of improvement opportunities.
  • Responsible for shortterm and longrange planning, including Key Risk Indicators (KRI's) financial planning, forecasts, and related variances.
  • Coordinate with Cedar Gate legal counsel and stay updated on HIMSS, CMS, and OIG policies and recommendations
  • Review and participate in security questionnaires and RFIs before distribution for the correctness and to identify potential gaps in Cedar Gate policies and procedures
  • Ensure the organization has and maintains appropriate system use and disclosure/confidentiality statements.
  • Manage security incidents and events involving both protected health information (PHI) and nonPHI data.
  • Ensure that the company's disaster recovery, business continuity, risk management, and access control needs are addressed.
  • Oversee periodic monitoring and reviewing of audit records to ensure that activity i
More jobs from Cedar Gate Technologies Inc
See all jobs of Cedar Gate Technologies Inc