Director IT Governance, Risk, and Compliance

Job Purpose

The Director of IT Governance Risk and Compliance (ITGRC) is responsible for establishing and maintaining an enterprisewide IT Governance Risk and compliance program. Reporting to CTO this position will be responsible for defining strategy for establishing and maintaining SOX HITRUST and other required compliance IT policy and procedures change management risk assessments internal IT control governance access reviews SDLC process Health Plan audits and Business Continuity and Disaster Recovery (BCDR) testing.

This position will work closely with Information Security team for security reviews and audits that align with internal and external auditing entities as well as any security investigations and incidents. They will Collaborate and liaison with business areas to provide appropriate policy and procedures for business operations and compliance with respect to technology related workflows. Identify risk within P3 business and IT processes including creating and tracking remediation plans.

Essential Functions and Responsibilities

• Define Strategy for establishing and maintaining SOX HITRUST and other required compliance
• Liaison with business to ensure continuity between business requirements and IT compliance requirements.
• Manages and provides leadership to IT GRC team
• Updates and creates IT Policies and Procedures.
• IT Risk management and annual risk assessments.
• IT Audit Controls for SOX HITRUST and other auditing entities.
• Facilitate Health Plan IT audits.
• Change Management Process Ownership.
• SDLC Process Ownership.
• Business Continuity/Disaster Recovery Planning and Testing.
• Leads team in conducting Quarterly (QARs) and Monthly (MARs) access reviews
• Works with the Information Security officer and security team to address security issues audit requests and information gathering for incidents and investigations as it relates to clinical based systems
• Works with security and implementation departments to ensure systems are compliant with all organizational standards and audits.
• Provides training to end users as needed.
• Provides onsite guidance and instructions to other IS teams.
• Provides key metrics and reporting for IT GRC area
• Maintains confidentiality regarding information being processed stored or accessed by the system.

Education and Experience

Required

• Bachelors or advanced degree in healthcare computer science or business or equivalent work experience
• Minimum of 10 years of IT leadership experience
• Minimum of 5 years SOX experience
• Minimum of 5 years of IT compliance and/or cybersecurity leadership experience
• Minimum of 3 years of healthcare IT experience
• Minimum of 3 years of leading audits risk assessments and remediation planning
• Strong verbal and written communication skills are required

Desired

• Experience and knowledge of Healthcare Compliance Requirements (HIPAA HITRUST etc.)
• Experience training small groups of end users
• Experience managing SDLC process

Knowledge Skills and Abilities

• Knowledge of Sarbanes Oxley audit controls and how to effectively implement and remediate
• Knowledge of Risk Management frameworks and remediation
• Knowledge of healthcare workflows
• Excellent presentation and interpersonal skills
• Strong analytical and problemsolving skills
• Ability to effectively collaborate with P3 Leadership P3 family physicians and vendors
• Ability to provide product documentation and training
• Ability to identify and troubleshoot potential issues and participate in their resolution with highest customer satisfaction
• Ability to work a flexible schedule to meet the needs of the group growth and expansion
• Ability to communicate technical issues to nontechnical end users
• Knowledge of core Microsoft business applications word excel outlook etc.
• Work independently as well as in a group setting
• Ability to multitask

Required Experience:

Director