Director Cybersecurity | Governance, Risk and Compliance

Location:

Avera Downtown Building-Sioux Falls

Worker Type:

Regular

Work Shift:

Day/Evening/Weekend/Holiday Shift (United States of America)

Position Highlights

You Belong at Avera

Be part of a multidisciplinary team built with compassion and the goal of Moving Health Forward for you and our patients. Work where you matter.

A Brief Overview

The director of governance risk management and compliance (GRC) provides leadership and direction for Averas GRC requirements. The director is responsible for establishing and maintaining the companys overall IT and security GRC program as well as for developing and managing an enterprise-wide information GRC program. The role includes implementation and maintenance of policies as well as a comprehensive controls framework with third-party risk management. The director ensures Averas technical systems and information assets are protected. Responsible for identifying evaluating and reporting on information security risks that are important for the business to be aware of and act on accordingly. The director works in tandem with cybersecurity leadership to elevate Averas security posture. The director of GRC must be able to influence and lead the GRC security strategy of Avera within new and existing information system capabilities. The position requires a diverse background to understand a variety of systems including new technologies and legacy systems considered business-critical.

What you will do

• GRC Team Leadership & Strategy: (a) Lead the Governance Risk and Compliance (GRC) team in advancing a security maturation program. (b) Direct the team to document communicate and enforce security improvements that balance risk with operational efficiency. (c) Provide leadership in managing third-party vendor and partner oversight emphasizing privacy security and compliance. (d)Act as a key escalation point for risk identification and mitigation planning.
• Security Oversight & Risk Management: (a) Ensure rigorous oversight of security systems and configurations to reduce enterprise risk. (b) Guide the team in confirming safeguards against risks from external entities. (c) Maintain strategies for managing audits compliance checks and external assessments.
• Business Integration & Operational Alignment: (a) Collaborate with business units during solution onboarding to ensure security controls are in place. (b)Oversee vendor risk assessments and enforce consistent process adherence across departments. (c)Inspire adoption of cybersecurity controls to reduce the organizational attack surface.
• Compliance & Audit Engagement: (a) Liaise with internal and external auditors to implement and maintain compliance with privacy and security laws. (b) Align team efforts with audit and risk management leadership for ongoing assessments and strategic planning.
• Metrics Reporting & Program Evaluation: (a) Influence and validate metrics used to assess the success of the security program. (b) Regularly report program performance to security and business leadership. (c) Promote alignment with enterprise risk management principles in documentation and system configuration.
• Incident Response & Documentation: (a) Assign team members to monitor and document incident response activities. (b) Ensure thorough tracking of security incidents resolutions and lessons learned.
• Security Awareness & Communication: (a) Maintain up-to-date knowledge of regulatory privacy and security best practices. (b) Effectively communicate GRC controls and security practices across business units including third-party integrations and financial systems.
• Responsibilities include interviewing hiring developing training and retaining employees; planning assigning and leading work; appraising performance; rewarding and coaching employees; addressing complaints and resolving problems.

Essential Qualifications

The individual must be able to work the hours specified. To perform this job successfully an individual must be able to perform each essential job function satisfactorily including having visual acuity adequate to perform position duties and the ability to communicate effectively with others hear understand and distinguish speech and other sounds. These requirements and those listed above are representative of the knowledge skills and abilities required to perform the essential job functions. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions as long as the accommodations do not cause undue hardship to the employer.

Required Education License/Certification or Work Experience:

• Bachelors in computer science cybersecurity or similar.
• At least 10 years cybersecurity or information technology experience.
• Demonstrated leadership experience and understanding of various regulatory requirements and laws.
• Proven understanding of business focus and processes and ability to inject cybersecurity into the business through teamwork and influence

Preferred Education License/Certification or Work Experience:

• Masters in computer science cybersecurity or similar.
• Certified Information Systems Security Professional (CISSP) - International Information System Security Certification Consortium (ISC2)
• Certified Information Security Manager (CISM) - ISACA
• Certified Information Systems Auditor (CISA) - ISACA
• Certified Cloud Security Professional (CCSP) - International Information System Security Certification Consortium (ISC2)
• At least 5 years leadership experience.
• Understanding of service design delivery concepts and control frameworks.

Expectations and Standards

• Commitment to the daily application of Averas mission vision core values and social principles to serve patients their families and our community.
• Promote Averas values of compassion hospitality and stewardship.
• Uphold Averas standards of Communication Attitude Responsiveness and Engagement (CARE) with enthusiasm and sincerity.
• Maintain confidentiality.
• Work effectively in a team environment coordinating work flow with other team members and ensuring a productive and efficient environment.
• Comply with safety principles laws regulations and standards associated with but not limited to CMS The Joint Commission DHHS and OSHA if applicable.

Benefits You Need & Then Some

Avera is proud to offer a wide range of benefits to qualifying part-time and full-time employees. We support you with opportunities to help live balanced healthy lives. Benefits are designed to meet needs of today and into the future.

• PTO available day 1 for eligible hires.

• Up to 5% employer matching contribution for retirement

• Career development guided by hands-on training and mentorship

Avera is an Equal Opportunity Employer - Qualified applicants will receive consideration for employment without regard to race color religion sex national origin disability Veteran Status or other categories protected by law. If you are an individual with a disability and would like to request an accommodation for help with your online application please call 1- or send an email to .