Director, Governance, Risk & Compliance

About the position Director, Governance, Risk & Compliance (GRC), Fresenius Management Services, Inc., a Fresenius Medical Care NA company, Lexington, Massachusetts (Remote) Will manage Information Security Governance, Risk, and Compliance programs across global business units as directed by the Sr. Director. Will interact with diverse, cross-functional, and global stakeholders to identify and remediate security risks to critical business processes and IT infrastructure by defining these risks' potential business impact with responsibility for applying effective mitigation strategies and ensuring effective controls are in place. Specific duties will include: Manages the tactical execution of short and long-term IT governance and security related objectives through the coordination of IT infrastructure and systems activities with direct responsibility for results, including costs, methods, and staffing. Oversees the coordination of Information Security activities with direct responsibility for results, including workflows, prioritization, and team staffing/assignments. Provides technical guidance and leads various IT governance and security programs and projects as assigned. Leads process improvement documentation efforts related to IT security and compliance management. Exercises technical proficiency and knowledge of IT and cybersecurity industry practices and business principles, working on issues of diverse scope where the analysis of a situation or data requires an evaluation of a variety of factors, including an understanding of current business trends. Manages a program to protect, govern, and monitor cybersecurity governance across Fresenius Medical Care business units specific to the compliance requirements of each line of business. Directs an organization-wide Incident Management Program in collaboration with Legal, IT, and Compliance across all business units. Leads the implementation and enhancement of a Cybersecurity Governance Program which includes a security and control framework that consists of standards, measures, reporting, practices, and procedures that assure compliance with regulatory or contractual requirements (NIST, ISO 27001/02, PCI, CCPA, and GDPR). Develops and maintains strong partnerships with Senior IT, Legal, Compliance, HR, Internal Audit, and other relevant business units and third-party vendors to ensure an effective understanding, awareness, and adoption of their responsibilities related to cybersecurity compliance requirements. Participates and presents at meetings with internal and external stakeholders and representatives, to establish cooperative effort for team projects. Identifies gaps and ensures appropriate remediation plans are developed to effectively mitigate IT security vulnerabilities, exceptions, and defects to reduce risk to confidentiality, integrity, or availability of information. Evaluates and ensures security technology intended to protect company systems and information is configured and operated according to established requirements and standards. Collaborates with incident response, threat intelligence, and vulnerability management teams to drive remediation of security vulnerabilities based on quantified risk. Assists in developing the implementation of the eGRC (Enterprise Governance, Risk & Compliance) tool to support governance, risk, and compliance efforts across the organization.

Responsibilities

• Manages the tactical execution of short and long-term IT governance and security related objectives through the coordination of IT infrastructure and systems activities with direct responsibility for results, including costs, methods, and staffing.
• Oversees the coordination of Information Security activities with direct responsibility for results, including workflows, prioritization, and team staffing/assignments.
• Provides technical guidance and leads various IT governance and security programs and projects as assigned.
• Leads process improvement documentation efforts related to IT security and compliance management.
• Exercises technical proficiency and knowledge of IT and cybersecurity industry practices and business principles, working on issues of diverse scope where the analysis of a situation or data requires an evaluation of a variety of factors, including an understanding of current business trends.
• Manages a program to protect, govern, and monitor cybersecurity governance across Fresenius Medical Care business units specific to the compliance requirements of each line of business.
• Directs an organization-wide Incident Management Program in collaboration with Legal, IT, and Compliance across all business units.
• Leads the implementation and enhancement of a Cybersecurity Governance Program which includes a security and control framework that consists of standards, measures, reporting, practices, and procedures that assure compliance with regulatory or contractual requirements (NIST, ISO 27001/02, PCI, CCPA, and GDPR).
• Develops and maintains strong partnerships with Senior IT, Legal, Compliance, HR, Internal Audit, and other relevant business units and third-party vendors to ensure an effective understanding, awareness, and adoption of their responsibilities related to cybersecurity compliance requirements.
• Participates and presents at meetings with internal and external stakeholders and representatives, to establish cooperative effort for team projects.
• Identifies gaps and ensures appropriate remediation plans are developed to effectively mitigate IT security vulnerabilities, exceptions, and defects to reduce risk to confidentiality, integrity, or availability of information.
• Evaluates and ensures security technology intended to protect company systems and information is configured and operated according to established requirements and standards.
• Collaborates with incident response, threat intelligence, and vulnerability management teams to drive remediation of security vulnerabilities based on quantified risk.
• Assists in developing the implementation of the eGRC (Enterprise Governance, Risk & Compliance) tool to support governance, risk, and compliance efforts across the organization.

Requirements

• Position requires a Bachelor's degree (or an equivalent foreign degree) in Information Science, Computer Science or a closely related field and 8 years of experience as an IT Program Manager.
• Must also have 5 years of experience (which can have been gained concurrently with the primary experience requirement above), working with the following:
• IT governance, risk, and controls, including governance frameworks and information security and technology frameworks specifically NIST CSF, NIST 800-53, CSACSM, COBIT, ITIL, ISO 2700X, HITRUST and Cloud Security Alliance (CSA) and Cybersecurity Governance models, principles and frameworks;
• Identifying, assessing, and mitigating, regulatory and compliance risk;
• Cloud infrastructure, networking, access controls, and change management; and
• Project management using PMBOK and PMP processes, requirements analysis, project scheduling, enterprise-wide implementations and common project management tools (HP PPM and ServiceNow).

Apply tot his job Apply To this Job