Director GRC & Security Architecture
Share
Job Location:
Newark, DE - USA
Monthly Salary:
Not Disclosed
Posted on:
2 days ago
Vacancies:
1 Vacancy
Job Summary
Pay Grade: 33S
Context of Job:
The Director of GRC and Security Architecture is a senior leadership role responsible for governing the organizations information security risk compliance and architectural security posture. This role provides enterprise-wide leadership across governance risk management regulatory compliance (including HIPAA) and security architecture to ensure security controls are designed implemented and operating effectively in support of business academic and clinical objectives.
Serving as the designated HIPAA Security Officer this role partners closely with Legal Privacy Compliance IT Cloud Application and Security Operations teams to ensure regulatory readiness risk-informed decision-making and secure-by-design technology architecture across on-premises cloud and SaaS environments.
This position reports to the Chief Information Security Officer of the University.
Serving as the designated HIPAA Security Officer this role partners closely with Legal Privacy Compliance IT Cloud Application and Security Operations teams to ensure regulatory readiness risk-informed decision-making and secure-by-design technology architecture across on-premises cloud and SaaS environments.
This position reports to the Chief Information Security Officer of the University.
Major Responsibilities:
Governance Risk & Compliance (GRC)
- Lead the enterprise Information Security Governance Risk and Compliance (GRC) program.
- Establish and maintain security policies standards procedures and control frameworks aligned with NIST HITRUST ISO 27001 and other applicable frameworks.
- Oversee enterprise risk assessments third-party risk management and control effectiveness evaluations.
- Translate regulatory legal and contractual requirements into actionable security controls and architectural standards.
- Ensure ongoing compliance with applicable regulations and standards including HIPAA PCI DSS FERPA SOC 2 and FIPS-140 as applicable
HIPAA Security Officer Responsibilities
- Serve as the organizations designated HIPAA Security Officer.
- Oversee administrative technical and physical safeguards required under the HIPAA Security Rule.
- Partner with Privacy Legal Compliance and Health IT leadership on risk analyses remediation plans and regulatory inquiries.
- Support audits investigations and compliance reviews related to protected health information (PHI).
- Ensure appropriate security awareness and HIPAA training programs are developed and delivered across the organization.
Security Architecture & Secure Design - Own and lead the security architecture function defining enterprise security architecture principles reference architectures and design standards.
- Review and approve security architecture for new systems applications cloud services and major technology initiatives.
- Ensure security is embedded early in system lifecycle activities through secure-by-design and defense-in-depth principles.
- Partner with infrastructure cloud application and DevOps teams to integrate security requirements into platforms and solutions.
- Guide architectural decisions related to identity network segmentation encryption key management logging and data protection.
Strategic Planning & Program Leadership
- Contribute to and lead multi-year security strategy and roadmap development in alignment with organizational objectives.
- Actively participate in enterprise security and risk governance forums advising executive leadership on risk posture and architectural trade-offs.
- Balance risk reduction with operational efficiency usability and institutional mission requirements.
- Serve as a trusted advisor to schools departments and business units on risk and architectural security decisions.
Oversight of Security Technologies & Controls
- Provide governance and oversight for security technologies supporting risk management compliance and architectural controls.
- Ensure alignment between security architecture standards and operational security tooling.
- Evaluate new security technologies and frameworks to address evolving regulatory and threat landscapes.
Metrics Reporting & Communication
- Develop and report meaningful risk and compliance metrics to senior leadership and governance committees.
- Communicate complex security and compliance topics clearly to technical and non-technical stakeholders.
- Provide executive-level reporting on risk trends compliance posture and architectural maturity.
Leadership & Talent Development
- Lead and develop GRC and security architecture professionals.
- Establish clear role definitions performance expectations and professional development pathways.
- Foster a culture of accountability continuous improvement and collaboration across security and IT teams.
Budget Vendor & Resource Management
- Manage budgets associated with GRC compliance and security architecture programs.
- Oversee vendor relationships related to risk management compliance tooling and architectural services.
- Ensure responsible financial stewardship and alignment with strategic priorities.
Qualifications:
- Bachelors degree in Information Security Computer Science Information Systems or a related field (Masters preferred).
- Seven years of progressive experience in information security risk management or IT including leadership roles.
- Demonstrated experience leading GRC programs regulatory compliance efforts and enterprise risk management.
- Strong knowledge of HIPAA Security Rule PCI DSS and related regulatory frameworks.
- Proven experience defining and governing security architecture across enterprise and cloud environments.
- Excellent written and verbal communication skills including executive-level presentations.
- Experience supporting healthcare higher education or regulated enterprise environments preferred.
- Hands-on experience with NIST HITRUST CSF ISO 27001 SOC 2 and third-party risk frameworks preferred.
- Professional certifications such as CISSP CISM CRISC or equivalent preferred.
- Experience partnering closely with SOC IR Privacy and Legal teams preferred.
- Demonstrated success leading organizational change and maturing security governance programs preferred.
Required Experience:
Director
Key Skills
- Crisis Management
- Splunk
- Google Cloud Platform
- Cybersecurity
- Identity & Access Management
- Management Experience
- PCI
- NIST Standards
- Emergency Management
- Security
- Information Security
- Encryption
About Company
The University of Delaware is a diverse institution of higher learning, fostering excellence in research. UD has eight colleges, providing outstanding undergraduate, graduate and professional education, serving the local, regional, national and international communities.
