Director, Governance, Risk & Compliance

Director Governance Risk & Compliance (GRC) Fresenius Management Services Inc. a Fresenius Medical Care NA company Lexington Massachusetts (Remote)

Will manage Information Security Governance Risk and Compliance programs across global business units as directed by the Sr. Director. Will interact with diverse cross-functional and global stakeholders to identify and remediate security risks to critical business processes and IT infrastructure by defining these risks potential business impact with responsibility for applying effective mitigation strategies and ensuring effective controls are in place. Specific duties will include:

• Manages the tactical execution of short and long-term IT governance and security related objectives through the coordination of IT infrastructure and systems activities with direct responsibility for results including costs methods and staffing.
• Oversees the coordination of Information Security activities with direct responsibility for results including workflows prioritization and team staffing/assignments.
• Provides technical guidance and leads various IT governance and security programs and projects as assigned.
• Leads process improvement documentation efforts related to IT security and compliance management.
• Exercises technical proficiency and knowledge of IT and cybersecurity industry practices and business principles working on issues of diverse scope where the analysis of a situation or data requires an evaluation of a variety of factors including an understanding of current business trends.
• Manages a program to protect govern and monitor cybersecurity governance across Fresenius Medical Care business units specific to the compliance requirements of each line of business.
• Directs an organization-wide Incident Management Program in collaboration with Legal IT and Compliance across all business units.
• Leads the implementation and enhancement of a Cybersecurity Governance Program which includes a security and control framework that consists of standards measures reporting practices and procedures that assure compliance with regulatory or contractual requirements (NIST ISO 27001/02 PCI CCPA and GDPR).
• Develops and maintains strong partnerships with Senior IT Legal Compliance HR Internal Audit and other relevant business units and third-party vendors to ensure an effective understanding awareness and adoption of their responsibilities related to cybersecurity compliance requirements.
• Participates and presents at meetings with internal and external stakeholders and representatives to establish cooperative effort for team projects.
• Identifies gaps and ensures appropriate remediation plans are developed to effectively mitigate IT security vulnerabilities exceptions and defects to reduce risk to confidentiality integrity or availability of information.
• Evaluates and ensures security technology intended to protect company systems and information is configured and operated according to established requirements and standards.
• Collaborates with incident response threat intelligence and vulnerability management teams to drive remediation of security vulnerabilities based on quantified risk.
• Assists in developing the implementation of the eGRC (Enterprise Governance Risk & Compliance) tool to support governance risk and compliance efforts across the organization.

Requirements:

Position requires a Bachelors degree (or an equivalent foreign degree) in Information Science Computer Science or a closely related field and 8 years of experience as an IT Program Manager. Must also have 5 years of experience (which can have been gained concurrently with the primary experience requirement above) working with the following:

• IT governance risk and controls including governance frameworks and information security and technology frameworks specifically NIST CSF NIST 800-53 CSACSM COBIT ITIL ISO 2700X HITRUST and Cloud Security Alliance (CSA) and Cybersecurity Governance models principles and frameworks;
• Identifying assessing and mitigating regulatory and compliance risk;
• Cloud infrastructure networking access controls and change management; and
• Project management using PMBOK and PMP processes requirements analysis project scheduling enterprise-wide implementations and common project management tools (HP PPM and ServiceNow).

Salary is $239179 - $263097 per year for a 40-hour work week.

This is a telecommuting position working from home. May reside anywhere in the United States. Position requires approximately 10% of domestic and international travel by air.