Imagine a workplace that encourages you to interpret, innovate and inspire. Our employees do just that by helping healthcare payers manage the cost of care, improve competitiveness, and inspire positive change. You can be part of an established company with a 40-year legacy that helps our customers thrive by interpreting our client's needs and tailoring innovative healthcare cost management solutions.

Our commitment to diversity, inclusion and belonging are part of the fabric of our company. We strive to create a workplace that fosters mutual respect and collaboration, where every talent individual can participate and perform their best work. We are MultiPlan and we are where bright people come to shine!

JOB SUMMARY: The Director of Information Security - Governance, Risk management and Compliance (GRC) provides leadership and direction for the company's GRC requirements. Is responsible for establishing and managing the company's overall information security GRC program, including ownership of information security policies, the facilitation and oversight of audits and security controls monitoring, as well as risk management, including for third parties. Works in tandem with other information security leadership to elevate the company's security posture. To be successful, the director of GRC must be able to influence and lead the GRC information security strategy of the business within new and existing business initiatives.

JOB ROLES AND RESPONSIBILITIES:

The Director of GRC will have a team and need to work with peers and relevant key stakeholders to achieve the following objectives:

1. Build, lead, and mentor a high-performing team of information security professionals, fostering a culture of collaboration, innovation, knowledge-sharing, and continuous learning.
2. Maintain in-depth knowledge of and stay abreast of changes to information security requirements, including applicable audit frameworks and controls, regulatory and client obligations, data privacy rules, threats and vulnerabilities, and industry best practices.
3. Foster a culture of curiosity, continuous improvement, adaptability and teamwork, accountability, and service excellence within the team.
4. Work closely with relevant stakeholders to develop an information security GRC strategy aligned with company culture, risk appetite, and business objectives.
5. Define, maintain, and update information security policies, standards, guidelines, and SOPs.
6. Establish and execute a strategy to efficiently and effectively manage security-related audits, compliance checks and assessment processes for internal and external auditors, including but not limited to HITRUST, SOC 2, HIPAA, NYDFS, SEC, and other applicable industry standards.
7. Work with stakeholders to design and implement controls that balance risk and efficiency, while addressing necessary requirements.
8. Deliver efficient and effective responses to client security audits and questionnaires.
9. Select, develop, and evaluate staff to ensure the efficient operation of the department.
10. Oversee and monitor efforts to ensure the company's technical systems and information assets are resilient to cyber threats and compliant with applicable requirements.
11. Facilitate risk management activities, ensuring that information security risks are identified, assessed, assigned to owners for treatment and reporting on risk management status and activities.
12. Provide effective oversight and risk management of third parties, vendors, and business partners.
13. Establish clear metrics to track the effectiveness of GRC and information security programs.
14. Prepare and deliver executive-level reports and presentations on GRC activities and outcomes.
15. Select, manage, and operate relevant tools and technology, such as a GRC platform.
16. Contribute to the development and execution of the overall cybersecurity strategy.
17. Demonstrate company values of Accountability, Continuous Improvement, Teamwork, and Service Excellence (ACTS).
18. Collaborate, coordinate, and communicate across disciplines and departments.
19. Ensure compliance with HIPAA regulations and requirements.
20. Demonstrate Company's Core Competencies and values held within.
21. Please note due to the exposure of PHI sensitive data - this role is considered to be a High Risk Role.
22. The position responsibilities outlined above are in no way to be construed as all encompassing. Other duties, responsibilities, and qualifications may be required and/or assigned as

JOB SCOPE: This job works under minimal direction, leads, and motivates staff, and uses independent judgment to identify issues, trends & problems, and recommend action plans, evaluate results, and present to management in a timely manner. Work is varied and complex, requiring the incumbent to use a broad range of knowledge gained through extensive experience. The incumbent works with internal and external sources to complete objectives, keeping the needs of external and internal customers as a priority when making decisions and taking action. This position has direct oversight which involves hiring, discipline, performance management, coaching and mentoring.