What are the responsibilities and job description for the Assistant Director - Cybersecurity Governance, Risk & Compliance (GRC) position at Universal Health Services, Inc. - Corporate Office?
Job Description
Responsibilities
One of the nation’s largest and most respected providers of hospital and healthcare services, Universal Health Services, Inc. (UHS) has built an impressive record of achievement and performance. During the year, UHS was again recognized as one of the World’s Most Admired Companies by Fortune; and listed in Forbes ranking of America’s Largest Public Companies. Operating acute care hospitals, behavioral health facilities, outpatient facilities and ambulatory care access points, an insurance offering, a physician network and various related services located all over the U.S. States, Washington, D.C., Puerto Rico and the United Kingdom. www.uhs.com
The Corporate Information Services Department is seeking a dynamic and talented Assistant Director – Governance, Risk, and Compliance (GRC).
The Assistant Director – Governance, Risk, and Compliance provides leadership to develop and operate a Governance, Risk, and Compliance (GRC) program promoting the security (confidentiality, integrity, and availability) of electronic information or system technologies, processes, and people used to support the business mission. Builds, develops, and manages a talented team of GRC resources in supporting the total ISMS program of the organization.
Key Responsibilities include :
- Provides leadership to develop and operate a GRC program, promoting the security of electronic information and system technologies. Builds, develops, and manages a team of Cybersecurity Analysts and GRC resources to support the organization's ISMS program.
- Develops, maintains, and disseminates policies, procedures, and specifications to protect the organization's information assets, collaborating with subject matter experts and various departments.
- Designs frameworks for and conducts internal risk assessments of people, processes, and technologies to ensure the security of the organization's electronic information. This includes assessing risks for business processes that create, access, store, or transmit company information.
- Evaluates the relevance and threat potential of publicly disclosed or internally discovered vulnerabilities to prioritize threat reduction.
- Monitors the effectiveness of cybersecurity controls and compliance with policies. Develops and disseminates meaningful metrics relevant to the GRC program.
- Collaborates with Internal Audit IT Auditors to test security controls for compliance with policies and regulations. Provides leadership to ensure the completion of assigned projects within agreed timelines and budgets.
- Coordinates with the broader ISMS program team, CISO, and Senior Management to build a culture that promotes information security throughout the organization.
- Oversees projects to achieve PCI-DSS compliance, manages SOC 2 Type 1 or 2 efforts for facilities, and provides leadership in developing audit remediation plans.
- Prepares and delivers presentations to Senior Management, Executives, or the Board of Directors as needed.
Qualifications
Position Requirements :
License or Registration Requirements : CISSP or CISM required upon hire date.
Travel Requirements : Up to 10% travel.
This opportunity provides the following :
UHS is not accepting unsolicited assistance from search firms for this employment opportunity. Please, no phone calls or emails. All resumes submitted by search firms to any employee at UHS via-email, the Internet or in any form and / or method without a valid written search agreement in place for this position will be deemed the sole property of UHS. No fee will be paid in the event the candidate is hired by UHS as a result of the referral or through other means.
EEO Statement
All UHS subsidiaries are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates. UHS subsidiaries are equal opportunity employers and as such, openly support and fully commit to recruitment, selection, placement, promotion and compensation of individuals without regard to race, color, religion, age, sex (including pregnancy, gender identity, and sexual orientation), genetic information, national origin, disability status, protected veteran status or any other characteristic protected by federal, state or local laws.
We believe that diversity and inclusion among our teammates is critical to our success.
