Manager Governance, Risk and Compliance
Apply NowCompany: Cone Health
Location: Greensboro, NC 27406
Description:
Overview
The Manager Governance, Risk & Compliance (GRC) will provide leadership, executive support, strategic and tactical guidance to help shape the cyber governance, risk and compliance program. The Manager will be responsible for identifying, evaluating and reporting on information security risks, in addition to influencing and implementing tools and practices to enhance processes related to third-party risk management, and compliance. The position requires a diverse background to understand a variety of systems, including new technologies and healthcare legacy systems considered business critical.
Responsibilities
Develop, enhance, operationalize enterprise-level security, risk and privacy policies, processes and controls to mitigate risk and comply with applicable laws and regulations.
Performing activities to monitor and assess the security, risk and privacy controls on an ongoing basis. Work closely with the operational departments (Legal, Compliance, Clinical, IT Operations) to Develop, monitor policies and standards in compliance with applicable privacy policy & regulations.
Implement measures and a governance framework to manage data use in compliance with laws and regulations, including developing templates for data collection, assisting with data mapping, and vendor management reviews.
Identify, track, monitor and report on information security controls and all applicable data privacy requirements.
Collaborate with key stakeholders to review projects, business critical systems and related data to ensure compliance with data privacy laws, and if necessary, perform and advise on cybersecurity impact assessments.
Performs other duties as assigned.
Qualifications
EDUCATION:Required: Bachelor's Degree
EXPERIENCE:Required: 7 years
LICENSURE/CERTIFICATION/REGISTRY/LISTING:Required: Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM) certification
The Manager Governance, Risk & Compliance (GRC) will provide leadership, executive support, strategic and tactical guidance to help shape the cyber governance, risk and compliance program. The Manager will be responsible for identifying, evaluating and reporting on information security risks, in addition to influencing and implementing tools and practices to enhance processes related to third-party risk management, and compliance. The position requires a diverse background to understand a variety of systems, including new technologies and healthcare legacy systems considered business critical.
Responsibilities
Develop, enhance, operationalize enterprise-level security, risk and privacy policies, processes and controls to mitigate risk and comply with applicable laws and regulations.
Performing activities to monitor and assess the security, risk and privacy controls on an ongoing basis. Work closely with the operational departments (Legal, Compliance, Clinical, IT Operations) to Develop, monitor policies and standards in compliance with applicable privacy policy & regulations.
Implement measures and a governance framework to manage data use in compliance with laws and regulations, including developing templates for data collection, assisting with data mapping, and vendor management reviews.
Identify, track, monitor and report on information security controls and all applicable data privacy requirements.
Collaborate with key stakeholders to review projects, business critical systems and related data to ensure compliance with data privacy laws, and if necessary, perform and advise on cybersecurity impact assessments.
Performs other duties as assigned.
Qualifications
EDUCATION:Required: Bachelor's Degree
EXPERIENCE:Required: 7 years
LICENSURE/CERTIFICATION/REGISTRY/LISTING:Required: Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM) certification