Director, Information Security and Privacy Governance, Risk and Compliance (GRC)

Company: University of Chicago Medical Center
Location: Chicago
Posted on: October 24, 2024

Job Description:

Job Description
Join a world-class academic healthcare system, UChicago Medicine, as the Director, Information Security and Privacy Governance, Risk and Compliance (GRC) responsible for supporting and assisting the Chief Information Security and Privacy Officer (CISPO) in managing and coordinating the information security and privacy initiatives for UChicago Medicine.
The Director will provide leadership, executive support, strategic and operational guidance, including identifying, evaluating, and reporting on information security and privacy governance, compliance, and risk posture. This role will need to collaborate closely with the CISPO and other senior leaders. The Director will develop and implement cybersecurity and privacy governance and compliance initiatives, including policies and procedures to safeguard patients, data, and the organization's information assets.
Who you are:

• 
  
• Bachelor's degree in Information Security, Information Systems, Information Technology, or a related field; Master's degree favored.
  
• At least 8 years of relevant experience in Information Security and Privacy risk is essential; At least 2 years in a leadership role is preferred.
  
• Demonstrated proficiency with the HIPAA Privacy and Security Rules, and other federal, state, and internationally relevant regulations.
  
• Knowledge and experience with security, privacy, and AI frameworks such as NIST CSF, NIST SP 800-53, NIST Privacy, NIST AI, HICP, PCI, and similar.
  
• Experience in performing vulnerability assessments, security audits, and privacy impact assessments.
  
• Knowledge of Privacy and Security by Design principles.
  
• Academic medical center and/or health care consulting experience strongly preferred.
  
  What you'll gain as the Director:
  
  • 
    
  • High visibility as a trusted advisor to the CISPO, helping to ensure the effective and efficient strategic and risk operations.
    
  • Opportunity to take a hands-on approach to ensure that privacy and security risk assessments, training and awareness, third-party risk management, and other governance, risk, and compliance functions are developed and performed consistently.
    
  • Positioned to collaborate with internal and external auditors to assess the maturity and risks of the information security and privacy programs.
    
    What you'll do as the Director:
    
    • 
      
    • Lead the processes, personnel, and committees involved in the Governance, Risk and Compliance functions of Information Security and Privacy.
      
    • Ensure compliance with applicable laws, regulations, best practice frameworks, and contractual requirements.
      
    • Develop, mentor, and manage a staff of governance, risk, and compliance professionals.
      
    • Maintain an active risk register, manage the corrective action process, and manage the exception process.
      
    • Partner with audit groups and regulators in assessing internal controls and remediation of identified risks.
      
    • Assist in the development of the GRC program roadmap and develop business metrics to measure the effectiveness of the GRC program.
      
    • Review alignment with applicable cybersecurity and privacy frameworks and regulations, identify gaps, and assist with remediation plans.
      
    • Oversee and participate in the creation and revision of organizational policies, procedures, standards, and best practices to comply with all regulatory requirements.
      
    • Coordinate assessments of internal and third-party systems for privacy and security risks.
      
    • Lead the third-party contract review process for business associates and vendor relationships.
      
    • Assist in due diligence and post-integration activities related to information security and privacy for mergers and acquisitions.
      
    • Perform duties as assigned related to program oversight and efforts.
      
      Leadership at UChicago Medicine:
      E4 Leadership (Equity, Engage, Evolve, Excel) is a patient-centered management system that empowers teams to improve daily through structured problem-solving.
      As part of the senior executive team, this position will be instrumental in reinforcing and sustaining UCM's E4 Leadership Culture.
      Must comply with UCMC's COVID-19 Vaccination requirement as a condition of employment. Medical and religious exemptions will be considered consistent with applicable law. A pre-employment physical, drug screening, and background check are also required for all employees prior to hire.
      #J-18808-Ljbffr

Keywords: University of Chicago Medical Center, South Bend , Director, Information Security and Privacy Governance, Risk and Compliance (GRC), Accounting, Auditing , Chicago, Indiana