Director, Information Security and Privacy Governance, Risk and Compliance (GRC)

Join a world-class academic healthcare system, UChicago Medicine, as the Director, Information Security and Privacy Governance, Risk and Compliance (GRC) responsible for supporting and assisting the Chief Information Security and Privacy Officer (CISPO) in managing and coordinating the information security and privacy initiatives for UChicago Medicine.

The Director, Information Security and Privacy Governance, Risk and Compliance will provide leadership, executive support, strategic and operational guidance, including identifying, evaluating, and reporting on information security and privacy governance, compliance, and risk posture. This role will need to collaborate closely with the CISPO and other senior leaders. The Director will develop and implement cybersecurity and privacy governance and compliance initiatives, including policies and procedures to safeguard patients, data and the organization's information assets.

Who you are:

A thoughtful and transformational leader striving to improve the enterprise system’s security with:

• Bachelor's degree in Information Security, Information Systems, Information Technology, or a related field; Master’s degree favored.
• At least 8 years of relevant experience in Information Security and Privacy risk is essential; At least 2 years in a leadership role is preferred.
• Demonstrated proficiency with the HIPAA Privacy and Security Rules, and other federal, state, and internationally relevant regulations.
• Knowledge and experience with security, privacy, and AI frameworks such as NIST CSF, NIST SP 800-53, NIST Privacy, NIST AI, HICP, PCI, and similar.
• Experience in performing vulnerability assessments, security audits, and privacy impact assessments.
• Knowledge of Privacy and Security by Design principles.
• Academic medical center and/or health care consulting experience strongly preferred. 

What you’ll gain as the Director, Information Security and Privacy Governance, Risk and Compliance:

• High visibility as a trusted advisor to the CISPO, helping to ensure the effective and efficient strategic and risk operations
• Opportunity to take a hands-on approach to ensure that privacy and security risk assessments, privacy and security training and awareness, third party risk management, and other governance, risk, and compliance functions are developed and performed in a consistent and thorough manner aligned with health industry best practices and recognized privacy and security frameworks.
• Positioned to collaborate and work with internal and external auditors to assess the maturity and risks of the information security and privacy programs.

What you’ll do as the Director, Information Security and Privacy Governance, Risk and Compliance: 

• Lead the processes, personnel, and committees involved in the Governance, Risk and Compliance functions of Information Security and Privacy.
• Ensure that the organization is compliant with applicable laws, regulations, best practice frameworks and contractual requirements.
• Develop, mentor, and manage a staff of governance, risk, and compliance professionals.
• Maintain an active risk register, fully manage the corrective active process, and manage the exception process.
• Partner with all audit groups and regulators (including state and federal agencies) with the assessment of internal controls and remediation of identified risks and compliance investigations.
• Assist in the development of the GRC program roadmap and develop business metrics to measure the effectiveness of the GRC program, with a plan to increase the maturity of the program over time.
• Review alignment with applicable cybersecurity and privacy frameworks and regulations, identifies gaps, and assists with development of remediation plans.
• Oversee and participate in creation of new and revision of existing organizational policies, procedures, standards, best practices to comply with all regulatory requirements.
• Coordinate assessments of internal and third-party systems, assessing the environments for privacy and security risks.
• Lead the third-party contract review process for business associates and vendor relationships.
• Assist in the due diligence and post integration activities related to information security and privacy for all mergers and acquisitions, joint ventures, and similar types of activities.
• Perform duties as assigned related to program oversight and efforts. 

Leadership at UChicago Medicine:

E4 Leadership (Equity, Engage, Evolve, Excel) is a patient centered management system that empowers teams to improve on a daily basis. This is done through daily readiness huddles, real time process monitoring, performance review huddles and structured problem solving.

E4L Leadership is an evolving system where leaders work together to cultivate a culture of equity and continuous improvement that enables

• Each person to realize their full potential for contribution
• The organization to achieve high performance outcomes
• System-wide integration, coordination and seamless execution
• Clear focus on exceptional, equitable patient care and experiences.

As part of the senior executive team, this position will be instrumental in reinforcing and sustaining UCM’s E4 Leadership Culture.

Must comply with UCMC’s COVID-19 Vaccination requirement as a condition of employment. If you have already received the vaccination, you must provide proof as part of the pre-employment process. This is in addition to your compliance with the Flu Vaccination requirement as well. Medical and religious exemptions will be considered consistent with applicable law. Lastly, a pre-employment physical, drug screening, and background check are also required for all employees prior to hire.

Why Join Us

We’ve been at the forefront of medicine since 1899. We provide superior healthcare with compassion, always mindful that each patient is a person, an individual. To accomplish this, we need employees with passion, talent and commitment… with patients and with each other. We’re in this together: working to advance medical innovation, serve the health needs of the community, and move our collective knowledge forward. If you’d like to add enriching human life to your profile, UChicago Medicine is for you. Here at the forefront, we’re doing work that really matters. Join us. Bring your passion.

UChicago Medicine is growing; discover how you can be a part of this pursuit of excellence at: UChicago Medicine Career Opportunities.

UChicago Medicine is an equal opportunity employer.  We evaluate qualified applicants without regard to race, color, ethnicity, ancestry, sex, sexual orientation, gender identity, marital status, civil union status, parental status, religion, national origin, age, disability, veteran status and other legally protected characteristics.

Must comply with UChicago Medicine’s COVID-19 Vaccination requirement as a condition of employment. If you have already received the vaccination, you must provide proof as part of the pre-employment process. This is in addition to your compliance with the Flu Vaccination requirement as well. Medical and religious exemptions will be considered consistent with applicable law. Lastly, a pre-employment physical, drug screening, and background check are also required for all employees prior to hire.