Employment Services

We help you find the correct IT placement

Posted: 05/25/2023 Employment Type: Contract Job Category: Infrastructure Technologies Job Number: 16103

Job Description

Adaptive Solutions Group is a premier provider of information technology personnel. We provide a variety of technical professionals available for contract, contract to hire, or direct placement positions to companies in and around the Kansas City and St. Louis areas.

We are currently looking for a Director GRC to join our team.

Responsibilities

Solid understanding and experience in information security, IT governance, cybersecurity risk assessment, compliance, business requirements, customer service, and revenue operation.
Collaborate with the business and other teams to prioritize and manage security initiatives, drive project plans, create new processes, and mature existing workflows.
Oversee the Cyber Risk & Compliance (CRC) and Customer Security divisions within the Information Security department; risk assessments, process and control improvements, third-party risk management process, develop policies and procedures, deliver training and awareness, implement supporting system workflows, monitor adherence using pre-defined metrics based on corporate controls frameworks, and engage with clients to assist the organization to achieve its objectives with pre and post sales activities.
This position has direct supervisory role and will oversee the Cyber Risk & Compliance (CRC) and Customer Security divisions within the Information Security department.
Under the guidance of the organization’s CISO, the Director’s primary role will be to establish a world-class Cyber Risk & Compliance program that will contribute significantly to safeguarding the company and its brand.
Develop, consolidate, enhance, and operationalize enterprise-level security, risk and privacy policies, processes, and controls to mitigate risk and comply with applicable laws and regulations.
Partner with appropriate business teams including but not limited to security teams to develop and execute appropriate audit process(es) based on best practices and customers’ requests.
Partner with Sales to advance the organization’s RFP system regarding customers’ security requests.
Lead the effort to identify, track, monitor and report on privacy controls and all applicable Data Privacy requirements.
Serve as the escalation point to engage with clients to assist the organization to achieve its objectives with pre and post sales activities (e.g., explain our security program, support external audits, support bids RFP process, etc.).
Partner with the team to provide vision and guidelines with applicable regulations and cybersecurity frameworks (e.g., HIPAA, PCI DSS, NIST 800).
Develop and use Key Risk Indicators (KRIs) to drive program adherence and deliver on overall program performance.
Monitor compliance to Information Security policy and practices and develop processes to follow up on non-adherence (ex. Exception process).
Partner with primary stakeholders (business, operations, technology, risk, audit, compliance, legal) to align with strategic vision and goals.
Assist with internal and external audit process(es) for relevant compliance matters, including but not limited to SOC2, HIPAA, HITRUST, etc.
Collaborate to develop and implement appropriate policies, procedures, and reporting metrics to ensure the security controls and compliance requirements are met.
Oversee the designing, deploying, and maintaining organization’s GRC platform.
Help lead and define organization’s overall third-party risk management efforts.
Assisting in designing, testing, and executing the company’s security incident response and BC/DR plans.
Participate in internal and external security audits and risk analysis to identify weaknesses, assess the effectiveness of existing controls, and recommend remedial actions.
Stay current and up to date with the latest security news, threats, and applicable regulations.
Work individually and in a team environment.
Multitask and use time efficiently to meet project/task deadlines in a fast-paced environment.
Provide recommendations to stakeholders when appropriate.

Required Qualifications

University degree in Information Security, Computer Science, Computer Engineering, Information Technology (or equivalent of education and work experience).
Minimum of 5-7 years of experience in Information Security, IT Assurance, Privacy, GRC and/or IT Risk Management.
Strong understanding of data privacy regulations (i.e., HIPAA, CCPA, GDPR, etc.).
Proven technical experience in governance, risk management, and compliance within the cybersecurity realm.
Demonstrated technical skills in conducting gap analysis regarding baseline security standards.
Demonstrated experience and knowledge of relevant regulatory requirements, such as The U.S. Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standards (PCI DSS).
Strong understanding of Information Security control frameworks (i.e., NIST 800-53, COBIT, ISO 27001/2, etc.), SOC 1 and SOC 2, and applicable laws and regulations.
Experience completing and managing Third Party Information Security Assessments.
Experience in utilizing, managing, and maintaining a commercially available GRC platform.
Ability to develop and/or modify policies and procedures in compliance with relevant regulatory requirements and management objectives.
Understanding of IP networking, data centers, IT systems, applications, and databases.
High level of personal integrity and ability to professionally handle confidential matters.
Capable of acting calmly and managing incidents under high pressure and stress.
Capable of multitasking in a fast paced, multifaceted environment.
Ability to work well with customers, peers, and management.
Demonstrated organizational, facilitation, presentation, and project management skills with excellent written and verbal communication skills at all levels.
Proficient with Microsoft Office Suite and Office365 (i.e., Teams, SharePoint).

Preferred Qualifications

Bachelor’s degree in Information Security, Computer Science, Computer Engineering, Information Technology (or equivalent of education and work experience).
7+ years of experience in Information Security, IT Assurance, Privacy, GRC and/or IT Risk Management.
Previous experience in healthcare IT / SaaS vendor.
Previous working experience in healthcare environments.
Knowledge and experience in information security and privacy laws, general electronic health information access, release of information, and release control technologies.
CISM, CISA, CRISC, CGEIT certifications are a plus.

Adaptive Solutions Group offers a competitive compensation and benefits package that includes medical, dental, STD/LTD, life insurance coverage, 401k, paid vacation, and holidays.

Adaptive Solutions Group is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, and veteran or disability status.

Job Requirements

GRC, Director

Meet Your Recruiter

Abby Tryon

Apply Now:

Apply Later

Share This Job:

Apply Online Apply with LinkedIn Apply with Facebook Apply with X

Share This Job:

Related Jobs:

About Kansas City, MO

Ready to take the next step in your career? Explore exciting job opportunities in the vibrant city of Kansas City, Missouri, where endless growth possibilities await! Known for its thriving arts scene, including the Nelson-Atkins Museum of Art and the Kauffman Center for the Performing Arts, along with its iconic BBQ cuisine, such as Gates BBQ and Joe's Kansas City, this area offers a unique blend of culture and charm. Cheer on the Kansas City Chiefs or Kansas City Royals at Arrowhead Stadium or Kauffman Stadium, or enjoy outdoor activities at the beautiful Loose Park or along the scenic Missouri River. Discover why Kansas City, MO is the perfect place to advance your career and experience a rich and dynamic lifestyle.