Director of Governance, Risk, and Compliance - Burlington, United States - Cedar Gate Technologies Inc
Description
Job Location:
Hybrid Remote in our office in Burlington, MA, or Fully Remote in the USA
Position Summary
Reasons you will want this position:
- We are a rapidly growing company with limitless career growth and advancement for top performers
- Our culture appreciates and rewards creative ideas, especially those that achieve better outcomes for everyone
- This is viewed as a key position for our continued success by our executives and senior leadership.
As the Director of Technology Governance, Risk, and Compliance (GRC), you will be a key leader within the Cybersecurity Department.
You will be responsible for successfully developing and guiding technology risk management and assessments, third-party risk assessments, and compliance monitoring, as well as developing policies, standards, and controls to ensure a strong control environment is in place for managing risk at Cedar Gate Technologies.
Roles & Responsibilities
Governance & Compliance:
- Oversee a unified control framework (UCF), including monitoring controls to ensure alignment with various leading practice control frameworks, such as NIST CSF, CIS, COBIT, etc.
- Overall responsibility for overseeing and establishing information security policies, procedures, and controls to manage risk and ensure compliance with internal and regulatory requirements.
- Oversees the design and implementation of technology controls in collaboration with other members of technology teams, ensuring adherence to requirements and that control design is embedded into solutions and procedures.
- Facilitate and support assessments of enterprise systems, processes, and controls to verify that controls are designed appropriately and operate effectively.
- Oversee the definition of remediation plans, compensating and mitigating control activities, and retesting; ensure any recommendations received from internal audit, external audit, regulators, or other external parties are addressed and incorporated into those plans.
- Ensure timely remediation of ineffective controls and that remediation plans address the risks and are appropriate, detailed, and current.
- Ensure compliance with industry regulations, particularly HIPAA. Coordinate and facilitate internal and external audits, ensuring timely resolution of findings and recommendations (HiTrust, SOC 1, SOC 2).
Risk Management:
- Overall responsibility for the technology risk management program, including risk reporting, risk registry, and executive metrics.
- Provide leadership, guidance, and oversight to develop an enterprisewide Technology Risk Management program to assess, identify, report, manage, and prioritize organizational risks.
- Provide leadership, guidance, and oversight to risk mitigation strategies to minimize organizational risks.
- Oversees thirdparty and supply technology risk management practices and alignment with crossfunctional teams such as Enterprise Risk Management (ERM), Legal, and Operational teams.
Leadership and Stakeholder Alignment:
- Provide general leadership, oversight, and development of technology governance, risk, and compliance practices.
- Collaborate with key stakeholders to establish Technology GRC team priorities, goals, and objectives supporting business strategies.
- Monitor and evaluate GRC practices and develop metrics and KPIs to identify areas for improvement and optimization.
- Report regularly to IT Leadership, the business, and other Sr. Management on the effectiveness of GRC, including key risks and compliance with policy and controls, escalating issues as appropriate.
- Conduct lessons learned with audit teams to ensure optimal coordination of improvement opportunities.
- Responsible for shortterm and longrange planning, including Key Risk Indicators (KRI's) financial planning, forecasts, and related variances.
- Coordinate with Cedar Gate legal counsel and stay updated on HIMSS, CMS, and OIG policies and recommendations
- Review and participate in security questionnaires and RFIs before distribution for the correctness and to identify potential gaps in Cedar Gate policies and procedures
- Ensure the organization has and maintains appropriate system use and disclosure/confidentiality statements.
- Manage security incidents and events involving both protected health information (PHI) and nonPHI data.
- Ensure that the company's disaster recovery, business continuity, risk management, and access control needs are addressed.
- Oversee periodic monitoring and reviewing of audit records to ensure that activity i
More jobs from Cedar Gate Technologies Inc
-
Managed Care Specialist
Houston, United States - 3 weeks ago
-
Senior Project Manager
Burlington, United States - 1 week ago
-
Client Performance Director
Houston, United States - 3 weeks ago
-
Managed Care Specialist
Houston, United States - 1 week ago
-
Director of Governance, Risk, and Compliance
Burlington, United States - 2 weeks ago
-
BI Reporting Analyst
Houston, United States - 1 week ago