The Director of Governance Risk and Compliance will be responsible for developing the strategy and vision for the risk and compliance team. This role is accountable for the key risk and compliance management areas, including but not limited to, security training and awareness, policy management, information security metrics, data protection, security risk management, third party management, software security and security architecture. This individual will be tasked with overseeing the data protection program, monitoring the effectiveness of the security risk management and third party management functions as well as overseeing the management of the security architecture function.
Essential Duties & Responsibilities
* Provides expertise and understanding of all aspects of the Information Security Risk and Compliance Management (ISRCM) landscape, working with senior leadership to mold and shape the ISRCM footprint.
* Supports compliance with HIPAA, PCI, SOX, etc.
* Liaise with Internal Audit, Corporate Compliance, Office of General Counsel and Risk Management to remediate new and outstanding issues, as well as track security-related issues.
* Oversees the development and delivery of all security training and awareness campaigns.
* Oversees the management of the security architecture function and the integration with risk assessment processes and activities across the organization.
* Defines an ISRCM strategy, with a roadmap of key deliverables and timelines, and delivers consistently.
* Leads large cybersecurity initiatives with a focus on risk management and compliance.
* Oversees the security policy, standards and policy exceptions management process and coordinates approval and updates with appropriate parties. Involves relevant parties for security risk and compliance issues that span legal, compliance and regulatory requirements.
* Monitors the effectiveness of the security risk management and third party management functions, including assessing the level and quality of service provided by professional services, including software security and security controls assessment services.
Knowledge, Skills & Qualifications
* Understanding and technical knowledge of key Information Security Risk and Compliance concepts, including but not limited to security training and awareness, policy management, metrics, and data protection.
* Understanding and technical knowledge of key Risk Management concepts, including but not limited to security risk management, third party management, software security, and security architecture.
* Strong technical understanding of enterprise computing solutions including cloud hosting, SaaS models and oversight responsibilities.
* Able to interact with Business leaders and IT, as well as being able to operate comfortably at all levels of the organization
* Demonstrate proactive business judgment and decision making skills; past results are indicative of consistently providing sound and effective business decisions
* Strong analytical approach to matching needs and solutions
* Strong customer service skills
* Excellent verbal and written communication skills
* Strong analytical and problem solving skills
* Excellent collaboration skills and able to work in a team environment
* Able to work quickly and effectively under pressure and to efficiently handle multiple priorities simultaneously
Education and Experience
* Bachelor's degree from an accredited college or university in Computer Science, Information Systems, or related equivalent IT field preferred
* Master's Degree in Business Administration (MBA) preferred
* CISSP certification preferred
* 8 to 10 years of experience working in large or federated enterprises
* 8 to 10 years of experience in regulatory environment
* Cross-functional experience working in multiple divisions that may not be similarly regulated
* Must be 18 years of age
* Must pass pre-employment drug screen and background check
* Typically requires travel less than 15% of the time
Physical Requirements and Work Environment
* This is largely a sedentary role
* This job operates in a professional office environment and routinely uses standard office equipment
* May need to lift and transport moderately heavy objects, such as computers or peripherals
We are an Equal Employment Opportunity Employer, Female/Minority/Veterans/Disabled/Sexual Orientation/Gender Identity.
About Icu Medical
ICU Medical is a medical device company that provides infusion therapy, oncology, and critical care products.