Director of Cybersecurity GRC

Primary City/State:

Phoenix, Arizona

Department Name:

IT Info Tech Admin-Corp

Work Shift:

Day

Job Category:

Information Technology

Primary Location Salary Range:

$64.41/hr - $107.35/hr, based on education & experience

In accordance with State Pay Transparency Rules.

Innovation and highly trained staff. The Information Technology professionals at Banner Health are utilizing cutting edge technology to change health care for the better. If you're ready to change lives, we want to hear from you.

The Governance, Risk, and Compliance (GRC) team is responsible for IT and Cybersecurity risk management, including risk exception management, risk frameworks, risk tolerance management, policies, and standards lifecycle management, IT audit support, issue, and risk follow-up, risk register management, validation assessments, HIPAA assessments, among other risk-related responsibilities. The GRC team also provides risk information and metrics for Board reporting. The team is integral in making sure IT risk is accounted for and remediated across the organization.

Banner Health is looking for a Director of Cybersecurity Governance, Risk, and Compliance (GRC) to be a strong leader over our GRC team. The incumbent would focus on leading Cybersecurity risk management efforts to include maintaining and adhering to our security framework benchmark, maintaining a comprehensive risk register, assigning risk ratings, performing risk assessments, and also performing internal validation assessments where the most significant risk is identified; IT policies and standards lifecycle management to include NIST framework adherence and compliance assessments; IT audit and assessment support efforts to include HIPAA Security and Privacy assessments, Service Now GRC module development and optimization, PCI-DSS support, Promoting Interoperability, and IT management action plans and observations tracking; establishing and maintaining a Cybersecurity data governance function; among other core GRC functions where we continue to focus on the most significant IT and Cybersecurity risk in the organization.

This is a full-time, salaried position; the typical schedule is a 40+ hour work week. After-hours/weekend work is not typically expected or required. The primary work location is remote. Travel may be required periodically to our Corporate location in Phoenix, AZ as necessary. The incumbent can be onsite and/or remote. An ideal candidate would possess a Bachelor's degree in Computer Science, Information Systems, Engineering, Business Administration, or equivalent, in a related field with at least ten years of related experience, including at least five years of clear leadership and supervisory experience. A certification such as a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Systems Security Certified Practitioner (SSCP), Certified in Risk and Information Systems Control (CRISC), HealthCare Information Security & Privacy Practitioner (HCISSP) or other relevant certification.

Banner Health IT was awarded Inside Pro and Computerworld's 100 Best Places to work in IT for 2020, 2021, 2022, and 2023!

Your pay and benefits are important components of your journey at Banner Health. This opportunity includes the option to participate in a variety of health, financial, and security benefits. In addition, this position may be eligible for our Management Incentive Program as part of your Total Rewards package.

Within Banner Health Corporate, you will have the opportunity to apply your unique experience and expertise in support of a nationally-recognized healthcare leader. We offer stimulating and rewarding careers in a wide array of disciplines. Whether your background is in Human Resources, Finance, Information Technology, Legal, Managed Care Programs or Public Relations, you'll find many options for contributing to our award-winning patient care.

POSITION SUMMARY

This position is responsible for helping to establish and maintain operational Cybersecurity GRC core functions supporting IT and Cybersecurity overall. This includes day to day management of the GRC team being the liaison between Senior Management and the team; helping to develop and drive GRC projects, strategic initiatives, budget and goals; as well as establishing strong cross-functional relationships and partnerships with Banner IT, Cybersecurity, Business Health and other groups throughout the organization.

CORE FUNCTIONS

1. Develops, maintains, and enforces a Cybersecurity framework (e.g. NIST) the IT and Cybersecurity teams should follow and adhere in a consistent manner.

2. Develops, maintains, and enforces an IT and Cybersecurity risk tolerance / appetite; works with applicable teams to develop, maintain, and enforce this to be in alignment with Enterprise Risk Management (ERM) tolerance levels and expectations.

3. Works with applicable oversight committees and IT, Privacy, Legal, HR, Compliance, Treasury, (PCI-DSS), Insurance, and other necessary groups / stakeholders to develop, maintain and sustain enterprise Cybersecurity policies and standards that govern IT and Cybersecurity functions and requirements. This includes the lifecycle of policies and standards from development to retirement.

4. Develops, maintains, and enforces data governance for IT and Cybersecurity. This may require close coordination and alignment with other teams in the organization, forming committees to help govern, and other applicable initiatives to create an effective data governance function.

5. Develops, operationalizes, and manages Cybersecurity risk assessments and validation assessments performed by the GRC team.

6. Reviews legal, regulatory, contractual Cybersecurity compliance requirements; develops strategy for addressing requirements and provides periodic statement on Cybersecurity compliance status.

Identifies, tracks, monitors, helps drive resolution and/or escalates IT and Cybersecurity audit, non-audit, compliance, and other issues, observations or similar that need to be remediated.

7. Helps develop GRC metrics, Key Performance Indicators (KPI), Key Risk Indicators (KRI) and similar to report to the Chief Information Officer (CIO) and the Chief Information Security Officer (CISO).

8. Builds and retains the GRC team with appropriate experience and expertise. Demonstrates and embeds the behaviors and competencies that create a risk management mindset in the organization.

Performs all functions according to established policies, procedures, regulatory and accreditation requirements, as well as applicable professional standards. Provides all customers of Banner Health with an excellent service experience by consistently demonstrating our core and leader behaviors each and every day.

MINIMUM QUALIFICATIONS

Bachelor's Degree in Computer Science, Information Systems, Engineering, Business Administration or a related field.

Must demonstrate a proficiency level typically attained with ten or more years experience in IT and Cybersecurity experience in positions of increasing responsibility including seven or more years of GRC and five years of leadership experience. This includes demonstrated organizational and leadership skills with the ability to lead, build, and develop a team of senior IT and Cybersecurity professionals through formal and informal reporting relationships. Also, successful candidate must demonstrate exceptional communication skills with the ability to build relationship and influence others to get results, and presenting to any level audience in an effective, professional manner.

Successful candidate will have strong understanding of Cybersecurity risk management, risk metrics, risk frameworks (e.g. NIST SP 800-53, NIST CSF, COBIT, ITIL, ISO, CSA, other), and ability to effectively communicate cyber risk functions to executives.

PREFERRED QUALIFICATIONS

Advanced Degree in Computer Science, Information Systems, Engineering, Business Administration, or a related field.

Industry certifications: CISSP, CISA, CISM, CRISC, EAP, or other similar recognized certifications relevant to this position.

Additional related education and/or experience preferred.

EOE/Female/Minority/Disability/Veterans

Our organization supports a drug-free work environment.

Privacy Policy