Director It Governance, Risk, Compliance

Montefiore is ranked among the top hospitals nationally and regionally by U.S. News & World Report. For more than 100 years we have been innovating new treatments, new procedures, and new approaches to patient care, producing stellar outcomes, and raising the bar for medical centers in the region and around the world.

Our award-winning IT organization seeks a Director for IT Governance, Risk, and Compliance. The individual in this new role is responsible for leading the strategic development and implementation of our organization's GRC program. This role will also involve monitoring and reporting on compliance with relevant regulatory requirements and internal policies and procedures, while managing risks.

While this team works remotely some of the time, you must be prepared to work in our office as required. Montefiore requires employees to reside in NY, NJ, CT, or PA, and to be vaccinated including for COVID and flu.

Daily Tasks include:

• Evaluate the organization's previous handling of risks and compare potential risks with criteria set out by the organization such as costs and legal requirements.
• Liaise with different departments to ensure that GRC policies are followed.
• Oversee the development and implementation of the organization's GRC framework.
• Conduct risk assessments to understand risk level, significances, and scope.
• Regularly evaluate the efficiency of controls and improve them continuously.
• Regularly monitor and report on the status of compliance efforts and changes in laws and regulations that affect the organization's compliance.
• Implement appropriate training programs for compliance and risk management.
• Lead incident response activities and investigations into regulatory and compliance issues.
• Develop and oversee control systems to prevent violations of legal rules and internal policies.
• Provide reports and key risk indicator updates to the CISO and executive management team.

Key responsibilities include:

• Identify potential areas of compliance vulnerability and risk; develop/implement corrective action plans for resolution of problematic issues.
• Develop a comprehensive compliance training and awareness program.
• Communicate with stakeholders about the importance of the organization's GRC strategy and initiatives.
• Oversee internal and external audits.
• Provide strategic direction to the IT department in the development of policies, procedures, and controls to ensure information accuracy, security, and legal and regulatory compliance.
• Report back to business functions on current risk and compliance performance; participate in management and board meetings.
• Direct and manage risk assessments and incident response activities.
• Oversee and manage the development and implementation of GRC standards and processes.

Qualifications include:

• Strong knowledge of governance, risk, and compliance concepts and applicable laws and regulations.
• Proven experience in a compliance and risk management leadership role, preferably within the healthcare sector.
• Bachelor's degree in Computer Science, Information Technology, Business Administration, or a related field, or equivalent experience. A Master's degree is preferred.
• Familiarity with industry practices and professional standards such as HIPAA, ISO 27001, NIST, and COBIT.
• Excellent leadership and team management skills.
• Certifications such as CRISC, CISA, CGEIT, CISSP, or CISM are highly desirable.
• Strong communication skills with the ability to present complex security concepts to a wide variety of audiences.

Montefiore employees are required to reside in NY. NJ, CT, or PA, and to be immunized for COVID and flu.

Z