Director, IT Risk & Compliance

The Director IT Risk & Compliance is responsible for leading and managing the companys information security and technology risk management program. The Director will lead efforts to maintain compliance with relevant regulations standards and frameworks This role will play a critical part in identifying assessing and mitigating risks across the organizations IT infrastructure applications and data. The successful candidate will possess a strong understanding of industry best practices regulatory requirements (e.g. SOX HIPAA GDPR) and emerging threats.

ESSENTIAL DUTIES AND RESPONSIBILITIES:
Our employees are tasked with delivering excellent business results through the efforts of their teams.  These results are achieved by:

• Manage and mentor a team of risk analysts and security professionals.
• Develop and maintain a comprehensive Enterprise IS/IT Risk Management framework including risk assessments threat modeling and vulnerability management.
• Conduct regular risk assessments across the organization including business impact analyses (BIA) and threat and vulnerability assessments (TVAs).
• Oversee the implementation of risk mitigation controls and monitor their effectiveness.
• Develop and maintain key risk indicators and key performance indicators (KPIs) to track and measure risk levels.
• Advise senior management on risk-related decisions and provide recommendations for improving the companys overall security posture.
• Stay abreast of emerging threats and vulnerabilities and advise on appropriate countermeasures.
• Collaborate with internal and external stakeholders including IT legal compliance and business units.
• Ensure compliance with relevant industry regulations and standards.
• Participate in incident response activities and post-mortem analysis.
• Develop and deliver presentations and reports to senior management and the Board of Directors.
• Ensure compliance with applicable laws regulations and industry standards.
• Develop and maintain IT policies procedures and standards.
• Conduct internal and external audits to assess compliance.
• Manage relationships with external auditors and regulatory bodies.
• Stay abreast of changes in regulatory requirements and industry best practices.
• Demonstrate a commitment to diversity equity and inclusion through continuous development modeling inclusive behaviors and proactively managing bias.
• All other duties as assigned.

Consistent with the Americans with Disabilities Act (ADA) and applicable state and local laws it is the policy of EVERSANA to provide reasonable accommodation when requested by an employee with a disability unless such accommodation would cause an undue hardship for EVERSANA. If reasonable accommodation is needed to perform the essential functions of your job position please contact Human Resources.

PEOPLE LEADER:

People leaders must possess both the skills to effectively accomplish these tasks and the emotional intelligence to do so in alignment with our cultural values.  In addition to the critical management and leadership tasks listed above this role also includes the following unique responsibilities:

• Responsible for and oversee their respective department.
• Interview select and supervise the activities of the department staff; communicate interpret and discuss with team the company policies and procedures.
• Determine job objectives work methods and performance standards; review performance relative to departmental objectives discussion appraisal with each employee and performance; authorize and communicate salary changes promotions transfers discipline and discharge and administer all other personnel actions.

EXPECTATIONS OF THE JOB:

• Travel (10-20%)
• Hours (40-45 hours per week Monday through Friday)

The above list reflects the general details necessary to describe the expectations of the position and shall not be construed as the only expectations that may be assigned for the position.

An individual in this position must be able to successfully perform the expectations listed above.

Qualifications :

MINIMUM KNOWLEDGE SKILLS AND ABILITIES:

The requirements listed below are representative of the experience education knowledge skill and/or abilities required.

• Bachelors degree in Computer Science Information Systems or a related field.
• 10 years of experience in information security and risk management roles with at least 5 years in a leadership position.
• Proven experience in developing and implementing enterprise-wide risk management frameworks.
• Strong understanding of industry best practices regulatory requirements (e.g. SOX HIPAA GDPR) and emerging threats.
• Experience with risk assessment methodologies including threat modeling vulnerability scanning and penetration testing.
• Excellent analytical and problem-solving skills.
• Strong leadership and mentoring skills.

PREFERRED QUALIFICATIONS:

• Strong communication and presentation skills with the ability to effectively communicate complex technical information to both technical and non-technical audiences.  
• Ability to work independently and as part of a team.
• Experience with GRC tools and technologies a plus.
• Relevant industry certifications (e.g. CISSP CISM CRISC) preferred.

PHYSICAL/MENTAL DEMANDS AND WORKING ENVIRONMENT:

The physical and mental requirements along with the work environment characteristics described here are representative of those an individual encounters while performing the essential functions of this position.

Office: While performing the essential functions of this job the employee is frequently required to reach grasp stand and/or sit for long periods of time (up to 90% of the shift) walk talk and hear; occasionally required to lift and/or move up to 25 pounds. The noise level in the work environment is usually moderately quiet with frequent interruptions and multiple demands.

Additional Information :

OUR CULTURAL BELIEFS:

Patient Minded I act with the patients best interest in mind.

Client Delight I own every client experience and its impact on results.

Take Action I am empowered and empower others to act now.

Grow Talent I own my development and invest in the development of others. 

Win Together I passionately connect with anyone anywhere anytime to achieve results.

Communication Matters I speak up to create transparent thoughtful and timely dialogue.

Embrace Diversity I create an environment of awareness and respect.

Always Innovate I am bold and creative in everything I do.

Our team is aware of recent fraudulent job offers in the market misrepresenting EVERSANA. Recruitment fraud is a sophisticated scam commonly perpetrated through online services using fake websites unsolicited e-mails or even text messages claiming to be a legitimate company. Some of these scams request personal information and even payment for training or job application fees. Please know EVERSANA would never require personal information nor payment of any kind during the employment process. We respect the personal rights of all candidates looking to explore careers at EVERSANA.

From EVERSANAs inception Diversity Equity & Inclusion have always been key to our success. We are an Equal Opportunity Employer and our employees are people with different strengths experiences and backgrounds who share a passion for improving the lives of patients and leading innovation within the healthcare industry. Diversity not only includes race and gender identity but also age disability status veteran status sexual orientation religion and many other parts of ones identity. All of our employees points of view are key to our success and inclusion is everyones responsibility.

Consistent with the Americans with Disabilities Act (ADA) and applicable state and local laws it is the policy of EVERSANA to provide reasonable accommodation when requested by a qualified applicant or candidate with a disability unless such accommodation would cause an undue hardship for EVERSANA. The policy regarding requests for reasonable accommodations applies to all aspects of the hiring process. If reasonable accommodation is needed to participate in the interview and hiring process please contact us at .

Follow us on LinkedIn Twitter