Assistant Director - Cybersecurity Governance, Risk & Compliance (GRC)

One of the nation’s largest and most respected providers of hospital and healthcare services, Universal Health Services, Inc. (UHS) has built an impressive record of achievement and performance. During the year, UHS was again recognized as one of the World’s Most Admired Companies by Fortune; and listed in Forbes ranking of America’s Largest Public Companies. Operating acute care hospitals, behavioral health facilities, outpatient facilities and ambulatory care access points, an insurance offering, a physician network and various related services located all over the U.S. States, Washington, D.C., Puerto Rico and the United Kingdom. www.uhs.com

The Corporate Information Services Department is seeking a dynamic and talented Assistant Director – Governance, Risk, and Compliance (GRC).

The Assistant Director – Governance, Risk, and Compliance provides leadership to develop and operate a Governance, Risk, and Compliance (GRC) program promoting the security (confidentiality, integrity, and availability) of electronic information or system technologies, processes, and people used to support the business mission. Builds, develops, and manages a talented team of GRC resources in supporting the total ISMS program of the organization.

Key Responsibilities include:

• Provides leadership to develop and operate a GRC program, promoting the security of electronic information and system technologies. Builds, develops, and manages a team of Cybersecurity Analysts and GRC resources to support the organization's ISMS program.
• Develops, maintains, and disseminates policies, procedures, and specifications to protect the organization's information assets, collaborating with subject matter experts and various departments.
• Designs frameworks for and conducts internal risk assessments of people, processes, and technologies to ensure the security of the organization's electronic information. This includes assessing risks for business processes that create, access, store, or transmit company information.
• Evaluates the relevance and threat potential of publicly disclosed or internally discovered vulnerabilities to prioritize threat reduction.
• Monitors the effectiveness of cybersecurity controls and compliance with policies. Develops and disseminates meaningful metrics relevant to the GRC program.
• Collaborates with Internal Audit IT Auditors to test security controls for compliance with policies and regulations. Provides leadership to ensure the completion of assigned projects within agreed timelines and budgets.
• Coordinates with the broader ISMS program team, CISO, and Senior Management to build a culture that promotes information security throughout the organization.
• Oversees projects to achieve PCI-DSS compliance, manages SOC 2 Type 1 or 2 efforts for facilities, and provides leadership in developing audit remediation plans.
• Prepares and delivers presentations to Senior Management, Executives, or the Board of Directors as needed.

Position Requirements:

• Bachelor’s Degree required. Master’s Degree preferred.
• Minimum of 8 years information security GRC experience that includes 2-3 years management experience and/or 3 years of direct Information Security experience in a multi-facility environment. Healthcare industry experience preferred.
• Possess strong technical analytical skills for project management, process improvement related to workflow processes, training, and development of educational material.
• Able to communicate clearly and respectfully with Executives, and all other personnel.
• Learns quickly, takes constructive feedback on performance, stays focused on the job with attention to detail and produces desired outcomes.
• Proven knowledgeable and experience developing and implementing a cybersecurity risk management framework based on regulations such as HIPAA, or SOX and best practices as defined in NIST, ISO, PCI, and other common cybersecurity frameworks
• Ability to quickly assimilate information.Strong process and technology analysis skills.
• Ability to collaborate with individuals at all organizational levels, skills, and experiences to build relationships and achieve organizational goals.
• Ability to prioritize and balance multiple and sometimes competing projects, priorities, or objectives.
• Goals and details oriented.
• Demonstrated leadership attributes.
• Able to write and speak in a manner that clearly and concisely communicates sometimes complex concepts to individuals at all organizational levels.
• Strong negotiation skills to work with product and service providers or reach consensus with constituents.

License or Registration Requirements: CISSP or CISM required upon hire date.

Travel Requirements: Up to 10% travel.

This opportunity provides the following:

• Challenging and rewarding work environment
• Growth and development opportunities within UHS and its subsidiaries
• Competitive Compensation
• Excellent Medical, Dental, Vision and Prescription Drug Plan
• 401k plan with company match
• Generous Paid Time Off

*UHS is a registered trademark of UHS of Delaware, Inc., the management company for Universal Health Services, Inc. and a wholly-owned subsidiary of Universal Health Services, Inc. Universal Health Services, Inc. is a holding company and operates through its subsidiaries including its management company, UHS of Delaware, Inc. All healthcare and management operations are conducted by subsidiaries of Universal Health Services, Inc. To the extent any reference to "UHS or UHS facilities" on this website including any statements, articles or other publications contained herein relates to our healthcare or management operations it is referring to Universal Health Services' subsidiaries including UHS of Delaware. Further, the terms "we," "us," "our" or "the company" in such context similarly refer to the operations of Universal Health Services' subsidiaries including UHS of Delaware. Any employment referenced in this website is not with Universal Health Services, Inc. but solely with one of its subsidiaries including but not limited to UHS of Delaware, Inc.

UHS is not accepting unsolicited assistance from search firms for this employment opportunity. Please, no phone calls or emails. All resumes submitted by search firms to any employee at UHS via-email, the Internet or in any form and/or method without a valid written search agreement in place for this position will be deemed the sole property of UHS. No fee will be paid in the event the candidate is hired by UHS as a result of the referral or through other means.

EEO Statement
All UHS subsidiaries are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates. UHS subsidiaries are equal opportunity employers and as such, openly support and fully commit to recruitment, selection, placement, promotion and compensation of individuals without regard to race, color, religion, age, sex (including pregnancy, gender identity, and sexual orientation), genetic information, national origin, disability status, protected veteran status or any other characteristic protected by federal, state or local laws.
We believe that diversity and inclusion among our teammates is critical to our success.

Notice
At UHS and all our subsidiaries, our Human Resources departments and recruiters are here to help prospective candidates by matching skillset and experience with the best possible career path at UHS and our subsidiaries. We take pride in creating a highly efficient and best in class candidate experience. During the recruitment process, no recruiter or employee will request financial or personal information (Social Security Number, credit card or bank information, etc.) from you via email. The recruiters will not email you from a public webmail client like Hotmail, Gmail, Yahoo Mail, etc. If you are suspicious of a job posting or job-related email mentioning UHS or its subsidiaries, let us know by contacting us at: https://uhs.alertline.com or 1-800-852-3449.