Cybersecurity Governance Manager

Job Functions, Duties, Responsibilities and Position Qualifications:

We're not just a workplace - we're a Great Place to Work certified employer!

Proudly certified as a Great Place to Work, we are dedicated to creating a supportive and inclusive environment. At Sonic Healthcare USA, we emphasize teamwork and innovation. Check out our job openings and advance your career with a company that values its team members!

JOB SUMMARY

The Cyber Governance & Risk Manager (GRC Manager) is a key member of the Cyber Security Team, responsible for establishing and managing a robust governance framework, overseeing risk management processes, conducting internal audits, and ensuring compliance with industry and healthcare-specific regulatory standards. This role also chairs the Information Security Management Committee and collaborates cross-functionally to implement ethical and secure practices throughout the organization.

The role includes:

• Providing advice and interpretation on the company's code of conduct, security compliance policies, relevant health industry regulations, and industry codes
• Recommending changes to corporate security compliance policies and practices to ensure consistency with laws, regulations, and industry standards
• Maintaining up-to-date knowledge of relevant healthcare and other related compliance rules, regulations, enforcement trends, and industry standards
• Providing strategic and tactical advice to stakeholders to ensure compliance and security.
• Proactively identifying, mitigating, and managing incidents and vulnerabilities.
• Ensuring ethical business conduct through the effective implementation of industry and company standards.

DUTIES AND RESPONSIBILITIES

• Lead the development and implementation of a GRC program aligned with ISO 27001, SOC 2, and NIST cybersecurity frameworks.
• Conduct internal audits and risk assessments across IT systems, clinical operations, and third-party vendors; maintain audit schedules and reports.
• Implement and maintain an Information Security Management System (ISMS) in accordance with ISO 27001 standards.
• Evaluate and strengthen internal controls protecting PHI, PII, and financial data in alignment with HIPAA, PCI DSS, and CLIA/CAP requirements.
• Maintain a risk register and document risk treatment plans, audit results, findings, and remediation actions.
• Provide strategic advice to stakeholders on compliance, governance, and information security best practices.
• Align policies and procedures with global standards, recommending updates in response to new laws, technologies, and risks.
• Act as a liaison with regulatory bodies and certification auditors; prepare audit documentation and coordinate responses.
• Develop training and awareness programs across the organization on security, compliance, and ethical conduct.
• Ensure effective incident detection, investigation, response, and prevention strategies.

WORK ENVIRONMENT AND PHYSICAL REQUIREMENTS

• Office and clinical laboratory environments; occasional weekend or off-hours work may be required.
• May require lifting equipment (30-50 pounds), standing or walking for extended periods, and travel between sites.
• Use of standard and specialized cybersecurity tools and IT systems.

MINIMUM QUALIFICATIONS

• Minimum 5 years of applied experience in cybersecurity governance, audits, risk, remediation, or compliance.
• Minimum of 2 years managing a GRC Program/Team
• Experience conducting and leading internal audits.
• In-depth knowledge of ISO 27001, SOC 2, and NIST frameworks.
• Familiarity with HIPAA, CLIA, CAP, and healthcare industry regulations.
• Strong understanding of GRC tools and methodologies.
• Ability to travel occasionally and work flexible hours during high-impact events or audits.

KNOWLEDGE, SKILLS, AND ABILITIES

• Strong analytical and problem-solving skills.
• Exceptional written and verbal communication skills with the ability to explain technical topics to non-technical audiences.
• Proficiency with risk management, GRC platforms, security control frameworks, and incident response.
• Ability to develop security strategy, manage audits, and report on compliance to executives and committees.
• High ethical standards and a proactive, service-oriented approach to stakeholder engagement.
• Ability to work independently, handle sensitive information, and maintain confidentiality under pressure.

Scheduled Weekly Hours:
40

Work Shift:

Job Category:
Information Technology

Company:
Sonic Healthcare USA, Inc

Sonic Healthcare USA is an equal opportunity employer that celebrates diversity and is committed to an inclusive workplace for all employees. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, age, national origin, disability, genetics, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.