Whatsapp
Posted : Friday, February 02, 2024 07:37 AM
Sentara Health is seeking a passionate cybersecurity leader to join our team as Director -GRC !
This is a Full-time & 100% Remote position
**Candidates must have a current residence in one of the following states: Alabama, Delaware, Florida, Georgia, Idaho, Indiana, Kansas, Louisiana, Maine Maryland, Minnesota, Nebraska, Nevada, North Carolina, New Hampshire, North Dakota, Ohio, Oklahoma, Pennsylvania, South Carolina, South Dakota, Tennessee, Texas, Utah, Virginia, Washington (state), West Virginia, Wisconsin, Wyoming !
The Director – head of GRC, will play a critical and strategic role developing, maintaining, enhancing, and executing the GRC program including identifying, assessing, and mitigating potential cyber security risks, establishing frameworks, controls library and ensuring compliance with the regulatory requirements and Sentara Health policies and standards.
This strategic thought leader will be responsible for overseeing and managing the governance, risk management, and compliance functions and leading the respective teams and ensuring alignment with industry regulations, company policies, and best practices.
Essential Responsibilities: As a leader who enjoys solving complex issues and collaborating with key internal and external stakeholders, you will be accountable for driving the successful implementation of an innovative and effective cyber security GRC program.
You will work closely with Security, Internal Audit, Enterprise Risk Management, external auditors, and all key stakeholders across the company to perform assessments and ensure timely execution of projects and programs while mitigating any security risks against applicable frameworks (e.
g.
, HITRUST, NIST CSF, SOX, SOC I/II, HIPAA).
Primary Responsibilities: Lead a team of cyber security, risk, governance & compliance professionals to establish and execute GRC program.
Support establish and maintain GRC frameworks for all Sentara Healthcare businesses, markets and regions addressing regulatory, industry and contractual obligations.
Develop and implement effective security policies, procedures, and frameworks to ensure the protection of Sentara's information assets.
Establish and implement a 3rd party risk management program to effectively identify, manage and mitigate the 3rd party risks throughout the third-party lifecycle.
Oversee remediation, corrective action plans, and ongoing monitoring to address findings resulting from audits, assessments, reviews, and self-identified issues.
Conduct comprehensive risk assessments of information systems, applications, 3rd parties and processes to identify potential vulnerabilities, threats, and impacts.
Analyze and prioritize risks based on their potential impact on the organization’s operations, data, and reputation.
Develop and implement cybersecurity training programs to educate employees on their obligations and promote a culture of compliance.
Conduct regular compliance audits and investigations to assess the effectiveness of controls and address any compliance gaps or violations.
Provide leadership, guidance, and mentorship, fostering a collaborative and high-performing work environment.
Set clear objectives and performance metrics for team members, conducting regular performance evaluations and providing constructive feedback.
Promote professional development and training opportunities to enhance the skills and capabilities of the GRC team.
Provide leadership, guidance, and mentorship to the teams, fostering a collaborative and high-performing work environment.
Excellent leadership, communication, and interpersonal skills, with the ability to influence and collaborate effectively across all levels of the organization.
Desired Characteristics: Experience leading and influencing cross-functional teams/projects.
Demonstrated customer focus – evaluates decisions through the eyes of the customer; builds strong customer relationships and creates processes with customer viewpoint.
Strong analytical skills – strong problem-solving skills, communicates in a clear and succinct manner and effectively evaluates information/data to make decisions; anticipates obstacles and develops plans to resolve.
Change oriented – actively generates process improvements; supports and drives change and confronts difficult circumstances in creative ways.
Self-motivated, self-directed, flexible, and able to work under pressure and in fast paced team environment.
Demonstrated ability to lead and motivate staff and to apply skills and techniques to solve dynamic problems.
Strong problem solving, prioritization, presentation, and facilitation skills with the ability to make recommendations to all levels of the organization.
Strong functional team player with experience working seamlessly across a matrix structure.
Excellent interpersonal, written/verbal communication and leadership skills with the ability to make recommendations to all levels of the organization.
Experience with project management and execution of multiple simultaneous and / or large projects.
Agile, LEAN or Six Sigma experience.
Requirements: Experience with various industry regulations and frameworks (PCI, HIPAA, Data Privacy Laws, ISO27001/2, NIST, HITRUST, etc.
) Experience with GRC tools such as Service Now, Archer, etc.
Experience working in a highly regulated environment.
Experience in information security and governance with increasing responsibilities.
Strong background in security controls, auditing, network and system security.
Ability to express complex technical concepts in business terms.
Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.
Evaluate effectiveness of the internal security control framework and recommend adjustments as business needs change.
Regularly interact with all levels of management to present and discuss control effectiveness.
Review and coordinate changes to cyber security policies, procedures, and standards.
The Director – head of GRC, will play a critical and strategic role developing, maintaining, enhancing, and executing the GRC program including identifying, assessing, and mitigating potential cyber security risks, establishing frameworks, controls library and ensuring compliance with the regulatory requirements and Sentara Health policies and standards.
This strategic thought leader will be responsible for overseeing and managing the governance, risk management, and compliance functions and leading the respective teams and ensuring alignment with industry regulations, company policies, and best practices.
Essential Responsibilities: As a leader who enjoys solving complex issues and collaborating with key internal and external stakeholders, you will be accountable for driving the successful implementation of an innovative and effective cyber security GRC program.
You will work closely with Security, Internal Audit, Enterprise Risk Management, external auditors, and all key stakeholders across the company to perform assessments and ensure timely execution of projects and programs while mitigating any security risks against applicable frameworks (e.
g.
, HITRUST, NIST CSF, SOX, SOC I/II, HIPAA).
Primary Responsibilities: Lead a team of cyber security, risk, governance & compliance professionals to establish and execute GRC program.
Support establish and maintain GRC frameworks for all Sentara Healthcare businesses, markets and regions addressing regulatory, industry and contractual obligations.
Develop and implement effective security policies, procedures, and frameworks to ensure the protection of Sentara's information assets.
Establish and implement a 3rd party risk management program to effectively identify, manage and mitigate the 3rd party risks throughout the third-party lifecycle.
Oversee remediation, corrective action plans, and ongoing monitoring to address findings resulting from audits, assessments, reviews, and self-identified issues.
Conduct comprehensive risk assessments of information systems, applications, 3rd parties and processes to identify potential vulnerabilities, threats, and impacts.
Analyze and prioritize risks based on their potential impact on the organization’s operations, data, and reputation.
Develop and implement cybersecurity training programs to educate employees on their obligations and promote a culture of compliance.
Conduct regular compliance audits and investigations to assess the effectiveness of controls and address any compliance gaps or violations.
Provide leadership, guidance, and mentorship, fostering a collaborative and high-performing work environment.
Set clear objectives and performance metrics for team members, conducting regular performance evaluations and providing constructive feedback.
Promote professional development and training opportunities to enhance the skills and capabilities of the GRC team.
Provide leadership, guidance, and mentorship to the teams, fostering a collaborative and high-performing work environment.
Excellent leadership, communication, and interpersonal skills, with the ability to influence and collaborate effectively across all levels of the organization.
Desired Characteristics: Experience leading and influencing cross-functional teams/projects.
Demonstrated customer focus – evaluates decisions through the eyes of the customer; builds strong customer relationships and creates processes with customer viewpoint.
Strong analytical skills – strong problem-solving skills, communicates in a clear and succinct manner and effectively evaluates information/data to make decisions; anticipates obstacles and develops plans to resolve.
Change oriented – actively generates process improvements; supports and drives change and confronts difficult circumstances in creative ways.
Self-motivated, self-directed, flexible, and able to work under pressure and in fast paced team environment.
Demonstrated ability to lead and motivate staff and to apply skills and techniques to solve dynamic problems.
Strong problem solving, prioritization, presentation, and facilitation skills with the ability to make recommendations to all levels of the organization.
Strong functional team player with experience working seamlessly across a matrix structure.
Excellent interpersonal, written/verbal communication and leadership skills with the ability to make recommendations to all levels of the organization.
Experience with project management and execution of multiple simultaneous and / or large projects.
Agile, LEAN or Six Sigma experience.
Requirements: Experience with various industry regulations and frameworks (PCI, HIPAA, Data Privacy Laws, ISO27001/2, NIST, HITRUST, etc.
) Experience with GRC tools such as Service Now, Archer, etc.
Experience working in a highly regulated environment.
Experience in information security and governance with increasing responsibilities.
Strong background in security controls, auditing, network and system security.
Ability to express complex technical concepts in business terms.
Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.
Evaluate effectiveness of the internal security control framework and recommend adjustments as business needs change.
Regularly interact with all levels of management to present and discuss control effectiveness.
Review and coordinate changes to cyber security policies, procedures, and standards.
Bachelor's Level Degree Leadership 5 years
This strategic thought leader will be responsible for overseeing and managing the governance, risk management, and compliance functions and leading the respective teams and ensuring alignment with industry regulations, company policies, and best practices.
Essential Responsibilities: As a leader who enjoys solving complex issues and collaborating with key internal and external stakeholders, you will be accountable for driving the successful implementation of an innovative and effective cyber security GRC program.
You will work closely with Security, Internal Audit, Enterprise Risk Management, external auditors, and all key stakeholders across the company to perform assessments and ensure timely execution of projects and programs while mitigating any security risks against applicable frameworks (e.
g.
, HITRUST, NIST CSF, SOX, SOC I/II, HIPAA).
Primary Responsibilities: Lead a team of cyber security, risk, governance & compliance professionals to establish and execute GRC program.
Support establish and maintain GRC frameworks for all Sentara Healthcare businesses, markets and regions addressing regulatory, industry and contractual obligations.
Develop and implement effective security policies, procedures, and frameworks to ensure the protection of Sentara's information assets.
Establish and implement a 3rd party risk management program to effectively identify, manage and mitigate the 3rd party risks throughout the third-party lifecycle.
Oversee remediation, corrective action plans, and ongoing monitoring to address findings resulting from audits, assessments, reviews, and self-identified issues.
Conduct comprehensive risk assessments of information systems, applications, 3rd parties and processes to identify potential vulnerabilities, threats, and impacts.
Analyze and prioritize risks based on their potential impact on the organization’s operations, data, and reputation.
Develop and implement cybersecurity training programs to educate employees on their obligations and promote a culture of compliance.
Conduct regular compliance audits and investigations to assess the effectiveness of controls and address any compliance gaps or violations.
Provide leadership, guidance, and mentorship, fostering a collaborative and high-performing work environment.
Set clear objectives and performance metrics for team members, conducting regular performance evaluations and providing constructive feedback.
Promote professional development and training opportunities to enhance the skills and capabilities of the GRC team.
Provide leadership, guidance, and mentorship to the teams, fostering a collaborative and high-performing work environment.
Excellent leadership, communication, and interpersonal skills, with the ability to influence and collaborate effectively across all levels of the organization.
Desired Characteristics: Experience leading and influencing cross-functional teams/projects.
Demonstrated customer focus – evaluates decisions through the eyes of the customer; builds strong customer relationships and creates processes with customer viewpoint.
Strong analytical skills – strong problem-solving skills, communicates in a clear and succinct manner and effectively evaluates information/data to make decisions; anticipates obstacles and develops plans to resolve.
Change oriented – actively generates process improvements; supports and drives change and confronts difficult circumstances in creative ways.
Self-motivated, self-directed, flexible, and able to work under pressure and in fast paced team environment.
Demonstrated ability to lead and motivate staff and to apply skills and techniques to solve dynamic problems.
Strong problem solving, prioritization, presentation, and facilitation skills with the ability to make recommendations to all levels of the organization.
Strong functional team player with experience working seamlessly across a matrix structure.
Excellent interpersonal, written/verbal communication and leadership skills with the ability to make recommendations to all levels of the organization.
Experience with project management and execution of multiple simultaneous and / or large projects.
Agile, LEAN or Six Sigma experience.
Requirements: Experience with various industry regulations and frameworks (PCI, HIPAA, Data Privacy Laws, ISO27001/2, NIST, HITRUST, etc.
) Experience with GRC tools such as Service Now, Archer, etc.
Experience working in a highly regulated environment.
Experience in information security and governance with increasing responsibilities.
Strong background in security controls, auditing, network and system security.
Ability to express complex technical concepts in business terms.
Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.
Evaluate effectiveness of the internal security control framework and recommend adjustments as business needs change.
Regularly interact with all levels of management to present and discuss control effectiveness.
Review and coordinate changes to cyber security policies, procedures, and standards.
The Director – head of GRC, will play a critical and strategic role developing, maintaining, enhancing, and executing the GRC program including identifying, assessing, and mitigating potential cyber security risks, establishing frameworks, controls library and ensuring compliance with the regulatory requirements and Sentara Health policies and standards.
This strategic thought leader will be responsible for overseeing and managing the governance, risk management, and compliance functions and leading the respective teams and ensuring alignment with industry regulations, company policies, and best practices.
Essential Responsibilities: As a leader who enjoys solving complex issues and collaborating with key internal and external stakeholders, you will be accountable for driving the successful implementation of an innovative and effective cyber security GRC program.
You will work closely with Security, Internal Audit, Enterprise Risk Management, external auditors, and all key stakeholders across the company to perform assessments and ensure timely execution of projects and programs while mitigating any security risks against applicable frameworks (e.
g.
, HITRUST, NIST CSF, SOX, SOC I/II, HIPAA).
Primary Responsibilities: Lead a team of cyber security, risk, governance & compliance professionals to establish and execute GRC program.
Support establish and maintain GRC frameworks for all Sentara Healthcare businesses, markets and regions addressing regulatory, industry and contractual obligations.
Develop and implement effective security policies, procedures, and frameworks to ensure the protection of Sentara's information assets.
Establish and implement a 3rd party risk management program to effectively identify, manage and mitigate the 3rd party risks throughout the third-party lifecycle.
Oversee remediation, corrective action plans, and ongoing monitoring to address findings resulting from audits, assessments, reviews, and self-identified issues.
Conduct comprehensive risk assessments of information systems, applications, 3rd parties and processes to identify potential vulnerabilities, threats, and impacts.
Analyze and prioritize risks based on their potential impact on the organization’s operations, data, and reputation.
Develop and implement cybersecurity training programs to educate employees on their obligations and promote a culture of compliance.
Conduct regular compliance audits and investigations to assess the effectiveness of controls and address any compliance gaps or violations.
Provide leadership, guidance, and mentorship, fostering a collaborative and high-performing work environment.
Set clear objectives and performance metrics for team members, conducting regular performance evaluations and providing constructive feedback.
Promote professional development and training opportunities to enhance the skills and capabilities of the GRC team.
Provide leadership, guidance, and mentorship to the teams, fostering a collaborative and high-performing work environment.
Excellent leadership, communication, and interpersonal skills, with the ability to influence and collaborate effectively across all levels of the organization.
Desired Characteristics: Experience leading and influencing cross-functional teams/projects.
Demonstrated customer focus – evaluates decisions through the eyes of the customer; builds strong customer relationships and creates processes with customer viewpoint.
Strong analytical skills – strong problem-solving skills, communicates in a clear and succinct manner and effectively evaluates information/data to make decisions; anticipates obstacles and develops plans to resolve.
Change oriented – actively generates process improvements; supports and drives change and confronts difficult circumstances in creative ways.
Self-motivated, self-directed, flexible, and able to work under pressure and in fast paced team environment.
Demonstrated ability to lead and motivate staff and to apply skills and techniques to solve dynamic problems.
Strong problem solving, prioritization, presentation, and facilitation skills with the ability to make recommendations to all levels of the organization.
Strong functional team player with experience working seamlessly across a matrix structure.
Excellent interpersonal, written/verbal communication and leadership skills with the ability to make recommendations to all levels of the organization.
Experience with project management and execution of multiple simultaneous and / or large projects.
Agile, LEAN or Six Sigma experience.
Requirements: Experience with various industry regulations and frameworks (PCI, HIPAA, Data Privacy Laws, ISO27001/2, NIST, HITRUST, etc.
) Experience with GRC tools such as Service Now, Archer, etc.
Experience working in a highly regulated environment.
Experience in information security and governance with increasing responsibilities.
Strong background in security controls, auditing, network and system security.
Ability to express complex technical concepts in business terms.
Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.
Evaluate effectiveness of the internal security control framework and recommend adjustments as business needs change.
Regularly interact with all levels of management to present and discuss control effectiveness.
Review and coordinate changes to cyber security policies, procedures, and standards.
Bachelor's Level Degree Leadership 5 years
• Phone : NA
• Location : 5460 Wesleyan Dr, Virginia Beach, VA
• Post ID: 9149959735
