Director, Governance, Risk & Compliance A&P

Remote, USA

For more than 20 years, PointClickCare has been the backbone of senior care. We’ve amassed the richest senior care dataset making our market density untouchable and our connections to the healthcare ecosystem exponentially more powerful than those of any other platform. 
With Collective Medical & Audacious Inquiry, we’ve become the most expansive, full-continuum care collaboration network, offering care teams immediate, point-of-care access to deep, real-time insights at every stage of a patient’s journey.
For more information on PointClickCare, please connect with us on Glassdoor and LinkedIn.
As the leader of the Governance, Risk and Compliance (“GRC”) function for Acute & Payer within the Security & Trust Department, the Director will provide expert advice and collaborate with technical staff and business owners to identify and assess controls to adequately safeguard PointClickCare data and information systems. This role is responsible for the execution of a comprehensive information security risk management program based upon a detailed understanding of risk management frameworks, multiple security domains, and the PointClickCare organization. This leader manages information security risk assessments, monitors regulatory compliance requirements, and develops processes, methods, and standards for identifying and managing risk. The Director of Compliance is an active member of Security & Trust leadership and assists in strategic planning efforts and assessment of company information security strategies, policies, procedures, and guiding practices. Working closely with all business units, and particularly with Product Management, Engineering, SaaS Operations, Corporate IT, and DevOps, the position will be directly accountable for driving the design and implementation of security risk methodology and capabilities across PointClickCare to achieve the overall mission of managing risk efficiently and effectively in conjunction with strategic objectives.The role will be involved in a wide range of initiatives across the compliance spectrum, ranging from implementation of regulatory driven obligations (e.g. HIPAA compliance, SSAE16 compliance, PIPEDA and compliance with other applicable regulations) to collaboratively leading process transformation initiatives, through to driving the implementation of an organization-wide program, assuring audit, corporate compliance, security compliance and ethical requirements are embedded in our way of working and overall culture.
Responsibilities:·        Leads the Security & Trust GRC function, which includes team and stakeholder management providing GRC services across the company.·        Oversees the execution of a centralized GRC program for Acute & Payer to address cyber risk and industry requirements.·        Leads the enterprise disaster recovery (DR), business impact assessment (BIA) and business continuity (BCP) function as a program providing shared service to the enterprise, conducting assessments, exercises, and contributing to strategy, documentation and  management  of the organizational of DR/BIA/BCP program.  This requires coordination across the entire organization and may involve third party contractors an internal staff in this process. ·        Contributes to the enterprise risk management process, coordinating with Security & Trust team members in pursuing automation and best practices to assure timely reduction of risk, balancing business risk versus impact and assuring development and follow up on risk reduction and corrective actions plans ·        Provides business liaison, assuring alignment with Acute & Payer leadership·        Provides leadership, influence, vision, roadmap, and direction on GRC to the organization to contribute to achieving departmental and organizational goals.·        Works with Security & Trust and other vested stakeholders and leaders within the company to develop cybersecurity strategy and provides inputs into the IT & Product strategy in alignment with business needs and requirements. ·        Manages career development for the Compliance team, including training and mentoring, conducting performance reviews and modeling behavior for team members.·        Supports governance models focused on risk mitigation and enhancement of security posture •·        Assures the GRC Program addresses the protection of sensitive data to meet applicable legal and regulatory requirements.·        Conducts risk assessments to ensure that information security risks are identified, assessed, and managed across all applicable business areas. ·        Coordinates with external auditors, identifies gaps and coordinates with internal subject matter experts to remediate all findings. ·        Oversees the Policy/Standard/Procedure program ensuring all IT and Security policies are tracked, reported, and approved with tracking of implementation and appropriate reporting to senior management, in accordance with information security industry best practices frameworks, including, but not limited to, NIST CSF, HITRUST. ·        Supervises policy exception requests to ensure that all exceptions are properly identified/reported, evaluated, and justified across all Information Security functions. ·        Key driver in the design of operational risk-related policies to determine appropriate requirements for policies, standards, technology tools and processes necessary for the effective execution of risk programs ·        Develops metrics and reporting of the Information Security Program through the collection and analysis of effectiveness measures across the organization. Articulates how security is contributing to the fulfillment of business goals and measures the value of the Information Security Program. ·        Contributes to Information Security Communications, Awareness and Training Programs by developing communications and awareness, and as needed, training program content to promote awareness of staff members’ roles and responsibilities. ·        Appropriately assesses risk when business decisions are made, demonstrating consideration for the company’s reputation and safeguarding PointClickCare, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.·       Keeps up with ongoing trends and changes within the GRC community and assures that the organization is up to date with the latest relevant methods and practices to ensure overall process efficiency and corporate/security compliance requirements are met from a regulatory, legislative or best practices standpoint.·        Promotes a risk-aware culture, ensures efficient and effective risk and compliance management practices by adhering to required standards and processes·        Provides subject matter expertise and advisory services to stakeholders, business units and external members on GRC functions·        With the support of Security & Trust and other security leaders across the organization, consults across the organization by identifying and quantifying IT risks, to prevent possible future technology problems. ·        Leads external audits and performs external audit activities (i.e., SOC 1 audit, SOC 2 audit, audit readiness assessments)·        Assists in the development and maintenance of required documentation, including corporate and security policies and procedures as per the Corporate Compliance and Security Compliance frameworks ·        Provides oversight of the Security Awareness Program, and provides training, awareness, guidance and support to teams on the importance of audit controls, corporate compliance, security compliance, operational process efficiency and loss prevention in support of PointClickCare’ s strategic imperatives. This includes reviewing and evaluating the adequacy of existing internal controls in applicable areas, as well as providing recommended solutions to identified internal control concerns.·        Collaborates with Security & Trust other leaders to formulate and implement Crisis Management Procedures and Security/Privacy Incident Response Procedures.·        Works closely with the HIPAA Privacy Officer and Security Officer on ad-hoc tasks, including but not limited to, responding to customer inquiries, incident management, data security and privacy, data breaches, regulatory monitoring, etc. ·        Develops and maintains the Corporate Compliance, Security Compliance and Ethics Program at PointClickCare·        Leads regulatory, corporate compliance, and security compliance projects, including, but not limited to, data governance (retention, destruction and classification), data privacy, and data security.·        Provides concise and timely updates to the SVP, Legal and General Counsel, VP, Information Security, the Privacy Officer, and others as needed
Skills required:·        Bachelor’s degree in commerce, Accounting or Information Technology·        Excellent communication skills·        Excellent project management skills·        5-7 years of combined business experience in areas such as audit, information security, compliance, and risk management·        Knowledge of strategic/corporate programs and frameworks, NIST, ISO, HITRUST, IRM, SOX/SOC1/SOC2 audits, etc.·        Certified Information Systems Auditor (CISA) background·        Proven experience managing compliance-related projects; ability to utilize resources to achieve project goals from beginning to end.·        Works confidently and reliably unsupervised·        Unquestionable integrity and ethics
It is the policy of PointClickCare to ensure equal employment opportunity without discrimination or harassment on the basis of race, religion, national origin, status, age, sex, sexual orientation, gender identity or expression, marital or domestic/civil partnership status, disability, veteran status, genetic information, or any other basis protected by law. PointClickCare welcomes and encourages applications from people with disabilities. Accommodations are available upon request for candidates taking part in all aspects of the selection process. Please contact recruitment@pointclickcare.com should you require any accommodations.
When you apply for a position, your information is processed and stored with Lever, in accordance with Lever’s Privacy Policy. We use this information to evaluate your candidacy for the posted position. We also store this information, and may use it in relation to future positions to which you apply, or which we believe may be relevant to you given your background. When we have no ongoing legitimate business need to process your information, we will either delete or anonymize it.  If you have any questions about how PointClickCare uses or processes your information, or if you would like to ask to access, correct, or delete your information, please contact PointClickCare’s human resources team: recruitment@pointclickcare.com 
PointClickCare is committed to Information Security. By applying to this position, if hired, you commit to following our information security policies and procedures and making every effort to secure confidential and/or sensitive information.

Tags: Audits Automation CISA Compliance DevOps Governance HIPAA HITRUST Incident response Monitoring NIST Privacy Risk management SaaS SOC 1 SOC 2 Strategy

Perks/benefits: Career development Health care Transparency

Regions: Remote/Anywhere North America
Country: United States
Job stats:  21  4  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.